[Secure-testing-commits] r50494 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun Apr 9 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-04-09 21:10:12 +0000 (Sun, 09 Apr 2017)
New Revision: 50494

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-09 19:46:53 UTC (rev 50493)
+++ data/CVE/list	2017-04-09 21:10:12 UTC (rev 50494)
@@ -1,12 +1,58 @@
+CVE-2017-7615
+	RESERVED
+CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
+	TODO: check
+CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...)
+	TODO: check
+CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...)
+	TODO: check
+CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...)
+	TODO: check
+CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...)
+	TODO: check
+CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compression ...)
+	TODO: check
+CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in ...)
+	TODO: check
+CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 allows ...)
+	TODO: check
+CVE-2017-7605 (aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion ...)
+	TODO: check
+CVE-2017-7604 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift ...)
+	TODO: check
+CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed ...)
+	TODO: check
+CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote ...)
+	TODO: check
+CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" ...)
+	TODO: check
+CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
+	TODO: check
+CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
+	TODO: check
+CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...)
+	TODO: check
+CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of ...)
+	TODO: check
+CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
+	TODO: check
+CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...)
+	TODO: check
+CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...)
+	TODO: check
+CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...)
+	TODO: check
+CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a ...)
+	TODO: check
 CVE-2017-XXXX [AST-2017-001: Buffer overflow in CDR's set user]
 	- asterisk <unfixed> (bug #859910)
-	 [wheezy] - asterisk <not-affected> (Vulnerable code not present)
+	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-001.html
 CVE-2017-XXXX [Infinite loop due to rounding error]
 	- imagemagick <unfixed> (bug #859769)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506
 	NOTE:  Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f
-CVE-2017-7606 [Undefined behavoir in rle]
+CVE-2017-7606 (coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of ...)
 	- imagemagick <unfixed> (bug #859771)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/415
 	NOTE: https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
@@ -23203,6 +23249,7 @@
 	[jessie] - potrace <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
 CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows remote ...)
+	{DLA-889-1}
 	- potrace 1.13-3 (bug #843861)
 	[jessie] - potrace <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
@@ -35107,7 +35154,7 @@
 	RESERVED
 CVE-2016-5063
 	RESERVED
-CVE-2016-5062 (The web server in Aternity 9 and earlier does not require ...)
+CVE-2016-5062 (The web server in Aternity before 9.0.1 does not require ...)
 	NOT-FOR-US: Aternity
 CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web server ...)
 	NOT-FOR-US: Aternity

More information about the Secure-testing-commits mailing list