[Secure-testing-commits] r50811 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Apr 19 21:10:12 UTC 2017
Author: sectracker
Date: 2017-04-19 21:10:12 +0000 (Wed, 19 Apr 2017)
New Revision: 50811
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-19 20:25:21 UTC (rev 50810)
+++ data/CVE/list 2017-04-19 21:10:12 UTC (rev 50811)
@@ -1,3 +1,73 @@
+CVE-2017-7977
+ RESERVED
+CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...)
+ TODO: check
+CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds ...)
+ TODO: check
+CVE-2017-7974
+ RESERVED
+CVE-2017-7973
+ RESERVED
+CVE-2017-7972
+ RESERVED
+CVE-2017-7971
+ RESERVED
+CVE-2017-7970
+ RESERVED
+CVE-2017-7969
+ RESERVED
+CVE-2017-7968
+ RESERVED
+CVE-2017-7967
+ RESERVED
+CVE-2017-7966
+ RESERVED
+CVE-2017-7965
+ RESERVED
+CVE-2017-7964 (Zyxel WRE6505 devices have a default TELNET password of 1234 for the ...)
+ TODO: check
+CVE-2017-7963 (** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) ...)
+ TODO: check
+CVE-2017-7962 (The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ...)
+ TODO: check
+CVE-2017-7961 (The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and ...)
+ TODO: check
+CVE-2017-7960 (The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and ...)
+ TODO: check
+CVE-2017-7959
+ RESERVED
+CVE-2017-7958
+ RESERVED
+CVE-2017-7957
+ RESERVED
+CVE-2017-7956
+ RESERVED
+CVE-2017-7955
+ RESERVED
+CVE-2017-7954
+ RESERVED
+CVE-2017-7953
+ RESERVED
+CVE-2017-7952
+ RESERVED
+CVE-2017-7951
+ RESERVED
+CVE-2017-7950
+ RESERVED
+CVE-2017-7949
+ RESERVED
+CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...)
+ TODO: check
+CVE-2017-7947
+ RESERVED
+CVE-2016-10347
+ RESERVED
+CVE-2016-10346
+ RESERVED
+CVE-2015-9055
+ RESERVED
+CVE-2013-7463 (The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use ...)
+ TODO: check
CVE-2017-7946 (The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ...)
- radare2 <unfixed> (low)
[jessie] - radare2 <no-dsa> (Minor issue)
@@ -289,7 +359,8 @@
- feh 2.18-2 (low; bug #860367)
[jessie] - feh <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
-CVE-2017-7874 (udevd in udev 232, when the Linux kernel 4.8.0 is used, does not ...)
+CVE-2017-7874
+ REJECTED
TODO: check, seem at first stance again a invalid report from reporter, still under investigation
CVE-2017-7873
RESERVED
@@ -399,10 +470,10 @@
- libosip2 4.1.0-2.1 (bug #860287)
NOTE: https://savannah.gnu.org/support/index.php?109133
NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f
-CVE-2017-7850
- RESERVED
-CVE-2017-7849
- RESERVED
+CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local ...)
+ TODO: check
+CVE-2017-7849 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local ...)
+ TODO: check
CVE-2017-7848
RESERVED
CVE-2017-7847
@@ -30447,8 +30518,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb
NOTE: https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7515 [rle file handling for corrupted file]
- RESERVED
+CVE-2016-7515 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832461)
NOTE: https://bugs.launchpad.net/bugs/1533445
@@ -30495,8 +30565,7 @@
NOTE: https://bugs.launchpad.net/bugs/1533447
NOTE: https://github.com/ImageMagick/ImageMagick/issues/81
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7519
- RESERVED
+CVE-2016-7519 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533445
@@ -30518,8 +30587,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/92
NOTE: https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7522 [out of bound access for malformed psd file]
- RESERVED
+CVE-2016-7522 (The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832475)
NOTE: https://bugs.launchpad.net/bugs/1537419
@@ -30565,16 +30633,14 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/122
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7528 [out of bound access for viff file coder]
- RESERVED
+CVE-2016-7528 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832483)
NOTE: https://bugs.launchpad.net/bugs/1537425
NOTE: https://github.com/ImageMagick/ImageMagick/issues/99
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7529 [out of bound access in xcf file coder]
- RESERVED
+CVE-2016-7529 (coders/xcf.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832504)
NOTE: https://bugs.launchpad.net/bugs/1539051
@@ -30595,8 +30661,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/110
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7531 [pbd file out of bound access]
- RESERVED
+CVE-2016-7531 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832633)
NOTE: https://bugs.launchpad.net/bugs/1539061
@@ -30610,8 +30675,7 @@
NOTE: https://bugs.launchpad.net/bugs/1539066
NOTE: https://github.com/ImageMagick/ImageMagick/issues/109
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7533 [wpg file out of bound for corrupted file]
- RESERVED
+CVE-2016-7533 (The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832780)
NOTE: https://bugs.launchpad.net/bugs/1542114
@@ -30641,8 +30705,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/130
NOTE: https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7537 [out of bound access for corrupted pdb file]
- RESERVED
+CVE-2016-7537 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832791)
NOTE: https://bugs.launchpad.net/bugs/1553366
@@ -30665,8 +30728,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2014-9907 [DOS due to corrupted DDS files]
- RESERVED
+CVE-2014-9907 (coders/dds.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832942)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
@@ -34556,8 +34618,7 @@
CVE-2016-5411
RESERVED
NOT-FOR-US: ovirt engine
-CVE-2016-5410 [Firewall configuration can be modified by any logged in user]
- RESERVED
+CVE-2016-5410 (firewalld.py in firewalld before 0.4.3.3 allows local users to bypass ...)
- firewalld 0.4.3.3-1 (bug #834529)
[jessie] - firewalld <no-dsa> (Minor issue)
NOTE: Introduced by: https://github.com/t-woerner/firewalld/commit/6b9867cd5c5e2c83adeec42666521a420e59ef11
More information about the Secure-testing-commits
mailing list