Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 34a9e870 by security tracker role at 2021-09-23T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,7 @@ +CVE-2021-41572 + RESERVED +CVE-2021-41571 + RESERVED CVE-2021-41570 RESERVED CVE-2021-41569 @@ -22,8 +26,8 @@ CVE-2021-41561 RESERVED CVE-2021-3825 RESERVED -CVE-2021-3824 - RESERVED +CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...) + TODO: check CVE-2021-3823 RESERVED CVE-2021-3822 @@ -302,8 +306,8 @@ CVE-2021-41430 RESERVED CVE-2021-41429 RESERVED -CVE-2021-41428 - RESERVED +CVE-2021-41428 (Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= ...) + TODO: check CVE-2021-41427 RESERVED CVE-2021-41426 @@ -397,8 +401,8 @@ CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to e NOT-FOR-US: Netgear CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...) NOT-FOR-US: Plastic SCM -CVE-2021-41381 - RESERVED +CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal. ...) + TODO: check CVE-2021-3816 RESERVED CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of ...) @@ -6153,8 +6157,8 @@ CVE-2021-38879 RESERVED CVE-2021-38878 RESERVED -CVE-2021-38877 - RESERVED +CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...) + TODO: check CVE-2021-38876 RESERVED CVE-2021-38875 @@ -6167,8 +6171,8 @@ CVE-2021-38872 RESERVED CVE-2021-38871 RESERVED -CVE-2021-38870 - RESERVED +CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...) + TODO: check CVE-2021-38869 RESERVED CVE-2021-38868 @@ -6179,10 +6183,10 @@ CVE-2021-38866 RESERVED CVE-2021-38865 RESERVED -CVE-2021-38864 - RESERVED -CVE-2021-38863 - RESERVED +CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...) + TODO: check +CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) + TODO: check CVE-2021-38862 RESERVED CVE-2021-38861 @@ -10783,10 +10787,10 @@ CVE-2021-36875 RESERVED CVE-2021-36874 RESERVED -CVE-2021-36873 - RESERVED -CVE-2021-36872 - RESERVED +CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) + TODO: check +CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) + TODO: check CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: Wordpress plugin CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) @@ -10883,8 +10887,8 @@ CVE-2021-36825 RESERVED CVE-2021-36824 RESERVED -CVE-2021-36823 - RESERVED +CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordP ...) + TODO: check CVE-2021-36822 RESERVED CVE-2021-36821 @@ -19836,8 +19840,8 @@ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67) CVE-2021-33036 RESERVED -CVE-2021-33035 - RESERVED +CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...) + TODO: check CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 @@ -19915,8 +19919,8 @@ CVE-2021-33001 RESERVED CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...) NOT-FOR-US: WebAccess HMI Designer -CVE-2021-32999 - RESERVED +CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...) + TODO: check CVE-2021-32998 RESERVED CVE-2021-32997 @@ -19939,8 +19943,8 @@ CVE-2021-32989 RESERVED CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) NOT-FOR-US: FATEK Automation WinProladder -CVE-2021-32987 - RESERVED +CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...) + TODO: check CVE-2021-32986 RESERVED CVE-2021-32985 @@ -19955,8 +19959,8 @@ CVE-2021-32981 RESERVED CVE-2021-32980 RESERVED -CVE-2021-32979 - RESERVED +CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...) + TODO: check CVE-2021-32978 RESERVED CVE-2021-32977 @@ -19971,8 +19975,8 @@ CVE-2021-32973 RESERVED CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...) NOT-FOR-US: Panasonic -CVE-2021-32971 - RESERVED +CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...) + TODO: check CVE-2021-32970 RESERVED CVE-2021-32969 @@ -19987,16 +19991,16 @@ CVE-2021-32965 RESERVED CVE-2021-32964 RESERVED -CVE-2021-32963 - RESERVED +CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...) + TODO: check CVE-2021-32962 RESERVED CVE-2021-32961 RESERVED CVE-2021-32960 RESERVED -CVE-2021-32959 - RESERVED +CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...) + TODO: check CVE-2021-32958 RESERVED CVE-2021-32957 @@ -28118,10 +28122,10 @@ CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticat NOT-FOR-US: IBM CVE-2021-29906 RESERVED -CVE-2021-29905 - RESERVED -CVE-2021-29904 - RESERVED +CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check +CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check CVE-2021-29903 RESERVED CVE-2021-29902 @@ -28262,10 +28266,10 @@ CVE-2021-29835 RESERVED CVE-2021-29834 RESERVED -CVE-2021-29833 - RESERVED -CVE-2021-29832 - RESERVED +CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check +CVE-2021-29832 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29830 @@ -28296,20 +28300,20 @@ CVE-2021-29818 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_G NOT-FOR-US: IBM CVE-2021-29817 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM -CVE-2021-29816 - RESERVED -CVE-2021-29815 - RESERVED -CVE-2021-29814 - RESERVED -CVE-2021-29813 - RESERVED -CVE-2021-29812 - RESERVED +CVE-2021-29816 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check +CVE-2021-29815 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check +CVE-2021-29814 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check +CVE-2021-29813 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check +CVE-2021-29812 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check CVE-2021-29811 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM -CVE-2021-29810 - RESERVED +CVE-2021-29810 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + TODO: check CVE-2021-29809 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29808 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) @@ -28328,8 +28332,8 @@ CVE-2021-29802 (IBM Security SOAR performs an operation at a privilege level tha NOT-FOR-US: IBM CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM -CVE-2021-29800 - RESERVED +CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1 ...) + TODO: check CVE-2021-29799 RESERVED CVE-2021-29798 @@ -35636,8 +35640,8 @@ CVE-2021-26796 RESERVED CVE-2021-26795 RESERVED -CVE-2021-26794 - RESERVED +CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows ...) + TODO: check CVE-2021-26793 RESERVED CVE-2021-26792 @@ -35724,8 +35728,8 @@ CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating syst NOT-FOR-US: NeDi CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...) NOT-FOR-US: NeDi -CVE-2021-26750 - RESERVED +CVE-2021-26750 (DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Pa ...) + TODO: check CVE-2021-26749 RESERVED CVE-2021-26748 @@ -44711,18 +44715,18 @@ CVE-2021-22955 RESERVED CVE-2021-22954 RESERVED -CVE-2021-22953 - RESERVED -CVE-2021-22952 - RESERVED +CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...) + TODO: check +CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...) + TODO: check CVE-2021-22951 RESERVED -CVE-2021-22950 - RESERVED -CVE-2021-22949 - RESERVED -CVE-2021-22948 - RESERVED +CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...) + TODO: check +CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...) + TODO: check +CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver < ...) + TODO: check CVE-2021-22947 [STARTTLS protocol injection via MITM] RESERVED - curl <unfixed> @@ -44733,8 +44737,7 @@ CVE-2021-22946 [Protocol downgrade required TLS bypassed] - curl <unfixed> NOTE: https://curl.se/docs/CVE-2021-22946.html NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0) -CVE-2021-22945 [UAF and double-free in MQTT sending] - RESERVED +CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 c ...) - curl <unfixed> [buster] - curl <not-affected> (Vulnerable code introduced later) [stretch] - curl <not-affected> (Vulnerable code introduced later) @@ -44751,8 +44754,8 @@ CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware] [buster] - rails <not-affected> (Vulnerable code not present) [stretch] - rails <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1 -CVE-2021-22941 - RESERVED +CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones controller b ...) + TODO: check CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...) - nodejs 12.22.5~dfsg-1 [bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied) @@ -46344,8 +46347,8 @@ CVE-2021-22278 RESERVED CVE-2021-22277 RESERVED -CVE-2021-22276 - RESERVED +CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...) + TODO: check CVE-2021-22275 RESERVED CVE-2021-22274 @@ -46935,38 +46938,38 @@ CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains NOT-FOR-US: VMware CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...) NOT-FOR-US: VMware -CVE-2021-22020 - RESERVED -CVE-2021-22019 - RESERVED -CVE-2021-22018 - RESERVED -CVE-2021-22017 - RESERVED -CVE-2021-22016 - RESERVED -CVE-2021-22015 - RESERVED -CVE-2021-22014 - RESERVED -CVE-2021-22013 - RESERVED -CVE-2021-22012 - RESERVED -CVE-2021-22011 - RESERVED -CVE-2021-22010 - RESERVED -CVE-2021-22009 - RESERVED -CVE-2021-22008 - RESERVED -CVE-2021-22007 - RESERVED -CVE-2021-22006 - RESERVED -CVE-2021-22005 - RESERVED +CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability in the A ...) + TODO: check +CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability in VAPI ...) + TODO: check +CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion vulnerability i ...) + TODO: check +CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability due to im ...) + TODO: check +CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting vulnerabi ...) + TODO: check +CVE-2021-22015 (The vCenter Server contains multiple local privilege escalation vulner ...) + TODO: check +CVE-2021-22014 (The vCenter Server contains an authenticated code execution vulnerabil ...) + TODO: check +CVE-2021-22013 (The vCenter Server contains a file path traversal vulnerability leadin ...) + TODO: check +CVE-2021-22012 (The vCenter Server contains an information disclosure vulnerability du ...) + TODO: check +CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint vulnerability ...) + TODO: check +CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability in VPXD ...) + TODO: check +CVE-2021-22009 (The vCenter Server contains multiple denial-of-service vulnerabilities ...) + TODO: check +CVE-2021-22008 (The vCenter Server contains an information disclosure vulnerability in ...) + TODO: check +CVE-2021-22007 (The vCenter Server contains a local information disclosure vulnerabili ...) + TODO: check +CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass vulnerability due t ...) + TODO: check +CVE-2021-22005 (The vCenter Server contains an arbitrary file upload vulnerability in ...) + TODO: check CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The salt mini ...) - salt <unfixed> (bug #994016) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ @@ -46991,8 +46994,8 @@ CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability du NOT-FOR-US: VMware CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...) NOT-FOR-US: VMware -CVE-2021-21993 - RESERVED +CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request Forgery) vuln ...) + TODO: check CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability due to i ...) NOT-FOR-US: VMware CVE-2021-21991 (The vCenter Server contains a local privilege escalation vulnerability ...) @@ -47167,8 +47170,8 @@ CVE-2021-21915 RESERVED CVE-2021-21914 RESERVED -CVE-2021-21913 - RESERVED +CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...) + TODO: check CVE-2021-21912 RESERVED CVE-2021-21911 @@ -51998,8 +52001,8 @@ CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6 NOT-FOR-US: IBM CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...) NOT-FOR-US: IBM -CVE-2021-20563 - RESERVED +CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...) + TODO: check CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...) NOT-FOR-US: IBM CVE-2021-20561 @@ -52154,10 +52157,10 @@ CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user t NOT-FOR-US: IBM CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...) NOT-FOR-US: IBM -CVE-2021-20485 - RESERVED -CVE-2021-20484 - RESERVED +CVE-2021-20485 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...) + TODO: check +CVE-2021-20484 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cro ...) + TODO: check CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side reque ...) NOT-FOR-US: IBM CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...) @@ -52254,10 +52257,10 @@ CVE-2021-20437 RESERVED CVE-2021-20436 RESERVED -CVE-2021-20435 - RESERVED -CVE-2021-20434 - RESERVED +CVE-2021-20435 (IBM Security Verify Bridge 1.0.5.0 does not properly validate a certif ...) + TODO: check +CVE-2021-20434 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) + TODO: check CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user to obta ...) NOT-FOR-US: IBM CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...) @@ -52370,8 +52373,8 @@ CVE-2021-20379 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weak NOT-FOR-US: IBM CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invali ...) NOT-FOR-US: IBM -CVE-2021-20377 - RESERVED +CVE-2021-20377 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...) + TODO: check CVE-2021-20376 RESERVED CVE-2021-20375 @@ -72933,8 +72936,8 @@ CVE-2020-24329 RESERVED CVE-2020-24328 RESERVED -CVE-2020-24327 - RESERVED +CVE-2020-24327 (Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2 ...) + TODO: check CVE-2020-24326 RESERVED CVE-2020-24325 @@ -82877,6 +82880,7 @@ CVE-2020-19611 CVE-2020-19610 RESERVED CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...) + {DLA-2765-1} - mupdf 1.17.0+ds1-2 (bug #991401) [buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 @@ -121511,8 +121515,8 @@ CVE-2020-4943 RESERVED CVE-2020-4942 (IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to ...) NOT-FOR-US: IBM -CVE-2020-4941 - RESERVED +CVE-2020-4941 (IBM Edge 4.2 could reveal sensitive version information about the serv ...) + TODO: check CVE-2020-4940 RESERVED CVE-2020-4939 @@ -121775,20 +121779,20 @@ CVE-2020-4811 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6. NOT-FOR-US: IBM CVE-2020-4810 RESERVED -CVE-2020-4809 - RESERVED +CVE-2020-4809 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...) + TODO: check CVE-2020-4808 RESERVED CVE-2020-4807 RESERVED CVE-2020-4806 RESERVED -CVE-2020-4805 - RESERVED +CVE-2020-4805 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...) + TODO: check CVE-2020-4804 RESERVED -CVE-2020-4803 - RESERVED +CVE-2020-4803 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...) + TODO: check CVE-2020-4802 RESERVED CVE-2020-4801 @@ -122016,8 +122020,8 @@ CVE-2020-4692 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0. NOT-FOR-US: IBM CVE-2020-4691 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM -CVE-2020-4690 - RESERVED +CVE-2020-4690 (IBM Security Guardium 11.3 contains hard-coded credentials, such as a ...) + TODO: check CVE-2020-4689 (IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote pr ...) NOT-FOR-US: IBM CVE-2020-4688 (IBM Security Guardium 10.6 and 11.2 could allow a local attacker to ex ...) @@ -216116,6 +216120,7 @@ CVE-2018-10291 CVE-2018-10290 RESERVED CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space functi ...) + {DLA-2765-1} - mupdf 1.13.0+ds1-3 (unimportant; bug #896545) [jessie] - mupdf <not-affected> (Vulnerable code introduced later) [wheezy] - mupdf <not-affected> (Vulnerable code introduced later) @@ -226384,6 +226389,7 @@ CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...) + {DLA-2765-1} - mupdf 1.14.0+ds1-1 (unimportant; bug #900129) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695 @@ -277708,12 +277714,14 @@ CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before NOTE: Not suitable for code injection, hardly denial of service NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...) + {DLA-2765-1} - mupdf 1.11+ds1-1 (unimportant) [wheezy] - mupdf <not-affected> (Vulnerable code not present) NOTE: Although jstest_main.c compiled during build and mujstest is created NOTE: it is not included in the produced binary packages NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19 CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in A ...) + {DLA-2765-1} - mupdf 1.11+ds1-1 (unimportant) [wheezy] - mupdf <not-affected> (Vulnerable code not present) NOTE: Although jstest_main.c compiled during build and mujstest is created @@ -279961,6 +279969,7 @@ CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Pr CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...) NOT-FOR-US: SAP CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...) + {DLA-2765-1} - mupdf 1.12.0+ds1-1 (unimportant) [wheezy] - mupdf <not-affected> (Vulnerable code not present) NOTE: Although jstest_main.c compiled during build and mujstest is created View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a9e870f22b8f8739c99a9b7ace0b92945b7997 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a9e870f22b8f8739c99a9b7ace0b92945b7997 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits