[Secure-testing-commits] r50585 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Apr 11 21:10:15 UTC 2017


Author: sectracker
Date: 2017-04-11 21:10:14 +0000 (Tue, 11 Apr 2017)
New Revision: 50585

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-11 20:59:13 UTC (rev 50584)
+++ data/CVE/list	2017-04-11 21:10:14 UTC (rev 50585)
@@ -1,3 +1,89 @@
+CVE-2017-7688
+	RESERVED
+CVE-2017-7687
+	RESERVED
+CVE-2017-7686
+	RESERVED
+CVE-2017-7685
+	RESERVED
+CVE-2017-7684
+	RESERVED
+CVE-2017-7683
+	RESERVED
+CVE-2017-7682
+	RESERVED
+CVE-2017-7681
+	RESERVED
+CVE-2017-7680
+	RESERVED
+CVE-2017-7679
+	RESERVED
+CVE-2017-7678
+	RESERVED
+CVE-2017-7677
+	RESERVED
+CVE-2017-7676
+	RESERVED
+CVE-2017-7675
+	RESERVED
+CVE-2017-7674
+	RESERVED
+CVE-2017-7673
+	RESERVED
+CVE-2017-7672
+	RESERVED
+CVE-2017-7671
+	RESERVED
+CVE-2017-7670
+	RESERVED
+CVE-2017-7669
+	RESERVED
+CVE-2017-7668
+	RESERVED
+CVE-2017-7667
+	RESERVED
+CVE-2017-7666
+	RESERVED
+CVE-2017-7665
+	RESERVED
+CVE-2017-7664
+	RESERVED
+CVE-2017-7663
+	RESERVED
+CVE-2017-7662
+	RESERVED
+CVE-2017-7661
+	RESERVED
+CVE-2017-7660
+	RESERVED
+CVE-2017-7659
+	RESERVED
+CVE-2017-7658
+	RESERVED
+CVE-2017-7657
+	RESERVED
+CVE-2017-7656
+	RESERVED
+CVE-2017-7655
+	RESERVED
+CVE-2017-7654
+	RESERVED
+CVE-2017-7653
+	RESERVED
+CVE-2017-7652
+	RESERVED
+CVE-2017-7651
+	RESERVED
+CVE-2017-7650
+	RESERVED
+CVE-2017-7649
+	RESERVED
+CVE-2017-7648 (Foscam networked devices use the same hardcoded SSL private key across ...)
+	TODO: check
+CVE-2017-7647 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...)
+	TODO: check
+CVE-2017-7646 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...)
+	TODO: check
 CVE-2017-7645
 	RESERVED
 CVE-2017-7644
@@ -46,8 +132,8 @@
 	NOT-FOR-US: ImageWorsener
 CVE-2017-7622 (dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 ...)
 	NOT-FOR-US: dde-daemon
-CVE-2017-7621
-	RESERVED
+CVE-2017-7621 (Cross Site Scripting Vulnerability in core-eMLi in AuroMeera ...)
+	TODO: check
 CVE-2017-7620
 	RESERVED
 CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to ...)
@@ -449,7 +535,7 @@
 CVE-2017-7470
 	RESERVED
 CVE-2017-7469
-	RESERVED
+	REJECTED
 CVE-2017-7468
 	RESERVED
 CVE-2017-7467
@@ -463,10 +549,10 @@
 CVE-2017-7463
 	RESERVED
 	NOT-FOR-US: Red Hat business central
-CVE-2017-7462
-	RESERVED
-CVE-2017-7461
-	RESERVED
+CVE-2017-7462 (Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a ...)
+	TODO: check
+CVE-2017-7461 (Directory traversal vulnerability in the web-based management site on ...)
+	TODO: check
 CVE-2017-7460
 	RESERVED
 CVE-2017-7459
@@ -838,7 +924,7 @@
 	NOT-FOR-US: MODX Revolution
 CVE-2017-7320 (setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier ...)
 	NOT-FOR-US: MODX Revolution
-CVE-2017-7319 (A vulnerability in the Linux kernel package 3.16.0-28 on Ubuntu 14.04 ...)
+CVE-2017-7319
 	REJECTED
 CVE-2017-7318 (Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command ...)
 	NOT-FOR-US: Siklu EtherHaul
@@ -1300,8 +1386,8 @@
 	RESERVED
 CVE-2016-10260
 	RESERVED
-CVE-2016-10259
-	RESERVED
+CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptible to ...)
+	TODO: check
 CVE-2016-10258
 	RESERVED
 CVE-2016-10257
@@ -4355,8 +4441,7 @@
 	RESERVED
 CVE-2017-6089
 	RESERVED
-CVE-2017-6088
-	RESERVED
+CVE-2017-6088 (Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 ...)
 	NOT-FOR-US: EyesOfNetwork
 CVE-2017-6087 (EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated ...)
 	NOT-FOR-US: EyesOfNetwork
@@ -4699,8 +4784,7 @@
 	- linux 4.9.10-1
 	NOTE: Fixed by: https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644 (v4.10-rc8)
 	NOTE: Introduced by: https://github.com/torvalds/linux/commit/f84af32cbca70a3c6d30463dc08c7984af11c277 (v2.6.35-rc1)
-CVE-2017-5969 [null pointer dereference when parsing a xml file using recover mode]
-	RESERVED
+CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote ...)
 	- libxml2 <unfixed> (bug #855001)
 	[stretch] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
 	[jessie] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
@@ -5084,8 +5168,8 @@
 	NOT-FOR-US: dotCMS
 CVE-2017-5874 (CSRF exists on D-Link DIR-600M Rev. Cx devices before ...)
 	NOT-FOR-US: D-Link
-CVE-2017-5873
-	RESERVED
+CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service in ...)
+	TODO: check
 CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with ...)
 	NOT-FOR-US: Unisys ClearPath
 CVE-2017-5871
@@ -5658,8 +5742,8 @@
 	NOT-FOR-US: GoAhead Web Server
 CVE-2017-5673 (In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum ...)
 	NOT-FOR-US: Joomla extension
-CVE-2017-5672
-	RESERVED
+CVE-2017-5672 (Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the ...)
+	TODO: check
 CVE-2017-5671 (Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 ...)
 	NOT-FOR-US: Honeywell
 CVE-2017-5670 (Riverbed RiOS through 9.6.0 deletes the secure vault with the rm ...)
@@ -7389,12 +7473,12 @@
 	RESERVED
 	- salt 2016.11.2+ds-1
 CVE-2017-5339 [http: correct the expected error for RC4]
-	RESERVED
+	REJECTED
 	- libgit2 <unfixed> (unimportant; bug #851406)
 	NOTE: https://github.com/libgit2/libgit2/commit/3829ba2e710553893faf6336cc6b2f3fc17a293e (v0.25.1)
 	NOTE: https://github.com/libgit2/libgit2/commit/d3cb8f64cde3b84c3d1543f122f989aeb2f6a69e (v0.24.1)
 CVE-2017-5338 [http: perform 'badssl' check also via certificate callback]
-	RESERVED
+	REJECTED
 	- libgit2 <unfixed> (unimportant; bug #851406)
 	NOTE: https://github.com/libgit2/libgit2/commit/98d66240ecb7765e191da19b535c75c92ccc90fe (v0.25.1)
 	NOTE: https://github.com/libgit2/libgit2/commit/ca531956619f021913ac01669b3818a705b7b676 (v0.24.6)
@@ -10982,7 +11066,7 @@
 	NOT-FOR-US: Samsung
 CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the Telecom ...)
 	NOT-FOR-US: Samsung
-CVE-2016-9962 (Race condition in Docker Engine before 1.12.6 might allow local root ...)
+CVE-2016-9962 (RunC allowed additional container processes via 'runc exec' to be ...)
 	- docker.io <unfixed> (bug #850952)
 	- runc 0.1.1+dfsg1-2 (bug #850951)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568
@@ -14096,7 +14180,6 @@
 	RESERVED
 CVE-2017-2669 [auth: Do not double-expand key in passdb dict when authenticating]
 	RESERVED
-	{DSA-3828-1}
 	- dovecot 1:2.2.27-3 (bug #860049)
 	[jessie] - dovecot <not-affected> (Vulnerable code not present)
 	[wheezy] - dovecot <not-affected> (Vulnerable code not present)
@@ -14289,7 +14372,7 @@
 	NOTE: Qemu upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
 CVE-2017-2619
 	RESERVED
-	{DSA-3816-1}
+	{DSA-3816-1 DLA-894-1}
 	- samba 2:4.5.6+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2017-2619.html
 CVE-2017-2618 [selinux: fix off-by-one in setprocattr]
@@ -24214,12 +24297,12 @@
 	RESERVED
 CVE-2016-8238
 	RESERVED
-CVE-2016-8237
-	RESERVED
+CVE-2016-8237 (Remote code execution in Lenovo Updates (not Lenovo System Update) ...)
+	TODO: check
 CVE-2016-8236 (Reset to default settings may occur in Lenovo ThinkServer TSM RD350, ...)
 	NOT-FOR-US: Lenovo
-CVE-2016-8235
-	RESERVED
+CVE-2016-8235 (Privilege escalation in Lenovo Customer Care Software Development Kit ...)
+	TODO: check
 CVE-2016-8234
 	RESERVED
 CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA) versions ...)
@@ -26669,8 +26752,8 @@
 	RESERVED
 CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on ...)
 	NOT-FOR-US: F5
-CVE-2016-7467
-	RESERVED
+CVE-2016-7467 (The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 ...)
+	TODO: check
 CVE-2016-7465
 	RESERVED
 CVE-2016-7464
@@ -28676,7 +28759,7 @@
 	RESERVED
 	NOT-FOR-US: Apache CXF
 CVE-2016-6811
-	RESERVED
+	REJECTED
 CVE-2016-6810
 	RESERVED
 	- activemq 5.14.2+dfsg-1 (unimportant)
@@ -33837,8 +33920,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2559
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=659
 	NOTE: No security impact, just a crash in a CLI tool
-CVE-2016-5322 [extractContigSamplesBytes: out-of-bounds read]
-	RESERVED
+CVE-2016-5322 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier ...)
 	{DSA-3762-1 DLA-610-1 DLA-606-1}
 	- tiff 4.0.7-1
 	- tiff3 <removed> (unimportant)
@@ -34535,8 +34617,7 @@
 CVE-2014-9836 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9837 [Add additional PNM sanity checks]
-	RESERVED
+CVE-2014-9837 (coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
 CVE-2014-9838 (magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause ...)
@@ -35424,8 +35505,7 @@
 CVE-2016-5012 (In Moodle 3.x, glossary search displays entries without checking user ...)
 	- moodle <not-affected> (Only affects 3.1)
 	NOTE: https://moodle.org/mod/forum/discuss.php?d=336697
-CVE-2016-5011 [Extended partition loop in MBR partition  table leads to DoS]
-	RESERVED
+CVE-2016-5011 (The parse_dos_extended function in partitions/dos.c in the libblkid ...)
 	- util-linux 2.28.1-1 (bug #830802)
 	[jessie] - util-linux <no-dsa> (Minor issue)
 	[wheezy] - util-linux <no-dsa> (Minor issue)
@@ -35512,8 +35592,7 @@
 	RESERVED
 CVE-2016-4990
 	REJECTED
-CVE-2016-4989
-	RESERVED
+CVE-2016-4989 (setroubleshoot allows local users to bypass an intended container ...)
 	NOT-FOR-US: setroubleshoot
 CVE-2016-4988 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...)
 	NOT-FOR-US: Jenkins plugin
@@ -37226,8 +37305,8 @@
 	NOTE: Fixed by: https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
 CVE-2016-4469 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache ...)
 	NOT-FOR-US: Apache Archiva
-CVE-2016-4468
-	RESERVED
+CVE-2016-4468 (SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; ...)
+	TODO: check
 CVE-2016-4467 [Failure to verify that the server host name matches the certificate host name on Windows]
 	RESERVED
 	- qpid-proton <not-affected> (Windows-specific)
@@ -37300,14 +37379,11 @@
 	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83 (v2.9.4)
-CVE-2016-4446
-	RESERVED
+CVE-2016-4446 (The allow_execstack plugin for setroubleshoot allows local users to ...)
 	NOT-FOR-US: setroubleshoot
-CVE-2016-4445
-	RESERVED
+CVE-2016-4445 (The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 ...)
 	NOT-FOR-US: setroubleshoot
-CVE-2016-4444
-	RESERVED
+CVE-2016-4444 (The allow_execmod plugin for setroubleshoot before 3.2.23 allows local ...)
 	NOT-FOR-US: setroubleshoot
 CVE-2016-4443 (Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local ...)
 	NOT-FOR-US: org.ovirt.engine-root / engine-setup (Red Hat)
@@ -37411,8 +37487,7 @@
 	NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
 	NOTE: Fixed by: https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee
-CVE-2016-4483
-	RESERVED
+CVE-2016-4483 (The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 ...)
 	{DSA-3593-1 DLA-503-1}
 	- libxml2 2.9.3+dfsg1-1.1 (bug #823405)
 	NOTE: Minor issue, only when using libxml2 using recovery mode
@@ -42665,7 +42740,7 @@
 CVE-2016-2555
 	RESERVED
 CVE-2016-2553
-	RESERVED
+	REJECTED
 CVE-2016-2552
 	RESERVED
 CVE-2016-2551
@@ -45911,8 +45986,7 @@
 	NOT-FOR-US: Apple
 CVE-2016-1716 (AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local ...)
 	NOT-FOR-US: Apple
-CVE-2016-1908 [Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension]
-	RESERVED
+CVE-2016-1908 (The client in OpenSSH before 7.2 mishandles failed cookie generation ...)
 	- openssh 1:7.2p1-1
 	[jessie] - openssh <no-dsa> (Minor issue)
 	[wheezy] - openssh <no-dsa> (Minor issue)
@@ -48306,8 +48380,7 @@
 	- tiff3 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
 	NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
-CVE-2015-8666 [acpi: heap based buffer overrun during VM migration]
-	RESERVED
+CVE-2015-8666 (Heap-based buffer overflow in QEMU, when built with the ...)
 	- qemu 1:2.5+dfsg-1
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -48808,8 +48881,7 @@
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=569010
 CVE-2015-8611 (BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and ...)
 	NOT-FOR-US: BIG-IP
-CVE-2015-8613 [scsi: stack based buffer overflow in megasas_ctrl_get_info]
-	RESERVED
+CVE-2015-8613 (Stack-based buffer overflow in the megasas_ctrl_get_info function in ...)
 	{DSA-3471-1}
 	- qemu 1:2.5+dfsg-3 (bug #809232)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -49256,8 +49328,7 @@
 	RESERVED
 CVE-2016-0780
 	RESERVED
-CVE-2016-0779
-	RESERVED
+CVE-2016-0779 (The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x ...)
 	NOT-FOR-US: Apache TomEE
 CVE-2016-0778 (The (1) roaming_read and (2) roaming_write functions in ...)
 	{DSA-3446-1 DLA-387-1}
@@ -49631,7 +49702,8 @@
 	REJECTED
 CVE-2015-8582
 	REJECTED
-CVE-2015-8581 (The EjbObjectInputStream class in Apache TomEE allows remote attackers ...)
+CVE-2015-8581
+	REJECTED
 	NOT-FOR-US: Apache TomEE
 CVE-2015-8580 (Multiple use-after-free vulnerabilities in the (1) Print method and ...)
 	NOT-FOR-US: Foxit
@@ -49755,8 +49827,7 @@
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 (v4.4-rc6)
 	NOTE: pptp_{connect,bind} introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=00959ade36acadc00e757f87060bf6e4501d545f (v2.6.37-rc1)
 	NOTE: https://lkml.org/lkml/2015/12/14/252
-CVE-2015-8568 [net: vmxnet3: host memory leakage -- did not free the transmit & receive buffers while deactivating]
-	RESERVED
+CVE-2015-8568 (Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC ...)
 	{DSA-3471-1}
 	- qemu 1:2.5+dfsg-3 (bug #808145)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -51225,8 +51296,7 @@
 	NOT-FOR-US: Blue Coat Unified Agent
 CVE-2015-8481 (Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA ...)
 	NOT-FOR-US: Atlassian
-CVE-2015-8504 [vnc: avoid floating point exception]
-	RESERVED
+CVE-2015-8504 (Qemu, when built with VNC display driver support, allows remote ...)
 	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
 	- qemu 1:2.5+dfsg-1 (bug #808130)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -53436,8 +53506,8 @@
 	RESERVED
 CVE-2015-7894
 	RESERVED
-CVE-2015-7893
-	RESERVED
+CVE-2015-7893 (SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, ...)
+	TODO: check
 CVE-2015-7892
 	RESERVED
 CVE-2015-7891
@@ -55288,9 +55358,9 @@
 CVE-2015-7293
 	RESERVED
 CVE-2015-7292 (Stack-based buffer overflow in the havok_write function in ...)
- 	NOT-FOR-US: Amazon Fire OS
+	NOT-FOR-US: Amazon Fire OS
 CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the ...)
- 	NOT-FOR-US: Arris
+	NOT-FOR-US: Arris
 CVE-2015-7290 (Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web ...)
 	NOT-FOR-US: Arris
 CVE-2015-7289 (Arris DG860A, TG862A, and TG862G devices with firmware ...)
@@ -57087,7 +57157,7 @@
 CVE-2015-6645 (SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...)
 	NOT-FOR-US: Android
 CVE-2015-6644 (Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...)
-	{DLA-893-1}
+	{DSA-3829-1 DLA-893-1}
 	- bouncycastle 1.54-1
 	NOTE: https://source.android.com/security/bulletin/2016-01-01.html#information_disclosure_vulnerability_in_bouncy_castle
 	NOTE: https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f
@@ -79718,8 +79788,7 @@
 	NOT-FOR-US: phpMemcachedAdmin
 CVE-2014-8731 (PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute ...)
 	NOT-FOR-US: phpMemcachedAdmin
-CVE-2014-8716 [crafted jpeg file could lead to DOS]
-	RESERVED
+CVE-2014-8716 (The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to ...)
 	{DLA-90-1}
 	- imagemagick 8:6.8.9.9-3 (bug #768494)
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
@@ -80093,8 +80162,7 @@
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
 	[squeeze] - imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2014-8355 [buffer overflow in PCX parser]
-	RESERVED
+CVE-2014-8355 (PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers ...)
 	{DLA-242-1}
 	- imagemagick 8:6.8.9.9-1 (bug #767240)
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
@@ -80104,14 +80172,12 @@
 	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
 	[squeeze] - graphicsmagick <no-dsa> (Minor issue)
 	NOTE: http://sourceforge.net/p/graphicsmagick/code/ci/4426024497f9ed26cbadc5af5a5de55ac84796ff/ (graphicsmagick)
-CVE-2014-8562 [buffer overflow in DCM parser]
-	RESERVED
+CVE-2014-8562 (DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to ...)
 	{DLA-242-1}
 	- imagemagick 8:6.8.9.9-1 (bug #767240)
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
 	[squeeze] - imagemagick <no-dsa> (Minor issue)
-CVE-2014-8354 [out-of-bounds memory access in resize code]
-	RESERVED
+CVE-2014-8354 (The HorizontalFilter function in resize.c in ImageMagick before ...)
 	{DLA-242-1}
 	- imagemagick 8:6.8.9.9-1
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
@@ -103822,8 +103888,8 @@
 	NOTE: libv8 not covered by security support
 CVE-2013-6648
 	RESERVED
-CVE-2013-6647
-	RESERVED
+CVE-2013-6647 (A use-after-free in AnimationController::endAnimationUpdate in Google ...)
+	TODO: check
 CVE-2013-6646 (Use-after-free vulnerability in the Web Workers implementation in ...)
 	{DSA-2862-1}
 	- chromium-browser 32.0.1700.123-1




More information about the Secure-testing-commits mailing list