[Secure-testing-commits] r47414 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Dec 24 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-12-24 21:10:11 +0000 (Sat, 24 Dec 2016)
New Revision: 47414

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-24 21:01:42 UTC (rev 47413)
+++ data/CVE/list	2016-12-24 21:10:11 UTC (rev 47414)
@@ -516,9 +516,11 @@
 	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
 	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215
 CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ...)
+	{DLA-760-1}
 	- spip <unfixed> (bug #848641)
 	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
 CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...)
+	{DLA-760-1}
 	- spip <unfixed> (bug #848641)
 	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
 CVE-2015-8979 [remote stack buffer overflow]
@@ -564,7 +566,7 @@
 CVE-2016-582384
 	REJECTED
 CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" ...)
-	{DSA-3743-1}
+	{DSA-3743-1 DLA-761-1}
 	- python-bottle 0.12.11-1 (bug #848392)
 	NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913
 	NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
@@ -2780,6 +2782,7 @@
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
 CVE-2016-9830 [memory allocation failure in MagickRealloc]
 	RESERVED
+	{DSA-3746-1}
 	- graphicsmagick 1.3.25-6 (bug #847055)
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
 	NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
@@ -12357,19 +12360,19 @@
 	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
 CVE-2016-8684 [memory allocation failure in MagickMalloc (memory.c)]
 	RESERVED
-	{DLA-683-1}
+	{DSA-3746-1 DLA-683-1}
 	- graphicsmagick 1.3.25-5
 	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
 CVE-2016-8683 [memory allocation failure in ReadPCXImage (pcx.c)]
 	RESERVED
-	{DLA-683-1}
+	{DSA-3746-1 DLA-683-1}
 	- graphicsmagick 1.3.25-5
 	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9
 CVE-2016-8682 [stack-based buffer overflow in ReadSCTImage (sct.c)]
 	RESERVED
-	{DLA-683-1}
+	{DSA-3746-1 DLA-683-1}
 	- graphicsmagick 1.3.25-5
 	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
@@ -14272,12 +14275,12 @@
 	NOTE: reproducible in Jessie (3.0.17-2+deb8u2)
 CVE-2016-7997 [denial of service via a crash due to an assertion]
 	RESERVED
-	{DLA-683-1}
+	{DSA-3746-1 DLA-683-1}
 	- graphicsmagick 1.3.25-4
 	NOTE: patch for this and CVE-2016-7996 at: http://openwall.com/lists/oss-security/2016/10/07/4
 CVE-2016-7996 [missing check that the provided colormap is not larger than 256 entries resulting in potential heap overflow]
 	RESERVED
-	{DLA-683-1}
+	{DSA-3746-1 DLA-683-1}
 	- graphicsmagick 1.3.21-2
 	NOTE: The patch addressing CVE-2016-7996 applied is in 1.3.25-4, but in
 	NOTE: the experimental upload 1.3.20-4 and later uploaded to unstable as
@@ -14848,7 +14851,7 @@
 	RESERVED
 CVE-2016-7800
 	RESERVED
-	{DLA-651-1}
+	{DSA-3746-1 DLA-651-1}
 	- graphicsmagick 1.3.25-3
 	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
 CVE-2016-7799 [mogrify global buffer overflow]
@@ -23382,7 +23385,7 @@
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
 CVE-2016-5240 [negative stroke-dasharray arguments which were resulting in endless looping.]
 	RESERVED
-	{DLA-547-1}
+	{DSA-3746-1 DLA-547-1}
 	- graphicsmagick 1.3.24-1
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
 	NOTE: DLA-547-1 didn't fix this properly
@@ -24274,7 +24277,7 @@
 	NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/
 	NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842
 CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ...)
-	{DSA-3591-1 DLA-502-1 DLA-500-1}
+	{DSA-3746-1 DSA-3591-1 DLA-502-1 DLA-500-1}
 	- imagemagick 8:6.8.9.9-7.1 (bug #825799)
 	- graphicsmagick 1.3.24-1 (bug #825800)
 	NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
@@ -28445,12 +28448,12 @@
 	- graphicsmagick 1.3.24-1
 	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...)
-	{DSA-3580-1 DLA-486-1 DLA-484-1}
+	{DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
 	- imagemagick 8:6.9.6.2+dfsg-2
 	- graphicsmagick 1.3.24-1
 	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...)
-	{DSA-3580-1 DLA-486-1 DLA-484-1}
+	{DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
 	- imagemagick 8:6.9.6.2+dfsg-2
 	NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
@@ -32840,12 +32843,12 @@
 	NOT-FOR-US: Huawei
 CVE-2016-2318
 	RESERVED
-	{DLA-484-1}
+	{DSA-3746-1 DLA-484-1}
 	- graphicsmagick 1.3.24-1 (bug #814732)
 	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31
 CVE-2016-2317
 	RESERVED
-	{DLA-484-1}
+	{DSA-3746-1 DLA-484-1}
 	- graphicsmagick 1.3.24-1 (bug #814732)
 	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6
 	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52b59d2ef4a1
@@ -33102,7 +33105,7 @@
 	NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/ (not public)
 	NOTE: According to upstream fixed in 6.2.0, but not details available
 CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 ...)
-	{DLA-484-1}
+	{DSA-3746-1 DLA-484-1}
 	- graphicsmagick 1.3.21-2
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53

More information about the Secure-testing-commits mailing list