[Secure-testing-commits] r45657 - data/CVE

Thu Oct 27 09:10:13 UTC 2016

Author: sectracker
Date: 2016-10-27 09:10:13 +0000 (Thu, 27 Oct 2016)
New Revision: 45657

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-10-27 07:23:20 UTC (rev 45656)
+++ data/CVE/list	2016-10-27 09:10:13 UTC (rev 45657)
@@ -1351,16 +1351,19 @@
 	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
 CVE-2016-8684 [memory allocation failure in MagickMalloc (memory.c)]
 	RESERVED
+	{DLA-683-1}
 	- graphicsmagick 1.3.25-5
 	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
 CVE-2016-8683 [memory allocation failure in ReadPCXImage (pcx.c)]
 	RESERVED
+	{DLA-683-1}
 	- graphicsmagick 1.3.25-5
 	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9
 CVE-2016-8682 [stack-based buffer overflow in ReadSCTImage (sct.c)]
 	RESERVED
+	{DLA-683-1}
 	- graphicsmagick 1.3.25-5
 	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
@@ -3220,10 +3223,12 @@
 	NOTE: https://core.spip.net/projects/spip/repository/revisions/23192
 CVE-2016-7997 [denial of service via a crash due to an assertion]
 	RESERVED
+	{DLA-683-1}
 	- graphicsmagick 1.3.25-4
 	NOTE: patch for this and CVE-2016-7996 at: http://openwall.com/lists/oss-security/2016/10/07/4
 CVE-2016-7996 [missing check that the provided colormap is not larger than 256 entries resulting in potential heap overflow]
 	RESERVED
+	{DLA-683-1}
 	- graphicsmagick 1.3.21-2
 	NOTE: The patch addressing CVE-2016-7996 applied is in 1.3.25-4, but in
 	NOTE: the experimental upload 1.3.20-4 and later uploaded to unstable as
@@ -3384,11 +3389,13 @@
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
 CVE-2016-7952 [for all of the other mishandling of the reply data]
 	RESERVED
+	{DLA-686-1}
 	- libxtst <unfixed> (low; bug #840444)
 	[jessie] - libxtst <no-dsa> (Minor issue, will be fixed in a point release)
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
 CVE-2016-7951 [for all of the integer overflows]
 	RESERVED
+	{DLA-686-1}
 	- libxtst <unfixed> (low; bug #840444)
 	[jessie] - libxtst <no-dsa> (Minor issue, will be fixed in a point release)
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
@@ -3418,12 +3425,14 @@
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
 CVE-2016-7946 [for all of the other mishandling of the reply data]
 	RESERVED
+	{DLA-685-1}
 	- libxi <unfixed> (low; bug #840440)
 	[jessie] - libxi <no-dsa> (Minor issue, will be fixed in a point release)
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
 	NOTE: Regression: https://bugs.freedesktop.org/98204
 CVE-2016-7945 [or all of the integer overflows]
 	RESERVED
+	{DLA-685-1}
 	- libxi <unfixed> (low; bug #840440)
 	[jessie] - libxi <no-dsa> (Minor issue, will be fixed in a point release)
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
@@ -3436,11 +3445,13 @@
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
 CVE-2016-7943
 	RESERVED
+	{DLA-684-1}
 	- libx11 <unfixed> (low; bug #840439)
 	[jessie] - libx11 <no-dsa> (Minor issue, will be fixed in a point release)
 	NOTE:  https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
 CVE-2016-7942
 	RESERVED
+	{DLA-684-1}
 	- libx11 <unfixed> (low; bug #840439)
 	[jessie] - libx11 <no-dsa> (Minor issue, will be fixed in a point release)
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
@@ -4513,6 +4524,7 @@
 	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/eb58028dacf5
 CVE-2016-7448 [Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU]
 	RESERVED
+	{DLA-683-1}
 	- graphicsmagick 1.3.25-1
 	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/30043afadb10
 	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d972c761b55d


