[Secure-testing-commits] r54437 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Aug 8 15:35:19 UTC 2017
Author: jmm
Date: 2017-08-08 15:35:19 +0000 (Tue, 08 Aug 2017)
New Revision: 54437
Modified:
data/CVE/list
Log:
mark some imagemagick memleaks as unimportant
we won't treat these as security issues for older releases
glance is treated as a documented shortcoming by upstream
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-08 14:17:00 UTC (rev 54436)
+++ data/CVE/list 2017-08-08 15:35:19 UTC (rev 54437)
@@ -14,16 +14,16 @@
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
CVE-2017-12673 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...)
- - imagemagick 8:6.9.7.4+dfsg-15 (bug #870117)
+ - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870117)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/619
CVE-2017-12672 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...)
- - imagemagick 8:6.9.7.4+dfsg-14 (bug #870021)
+ - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/617
CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in ...)
- - imagemagick 8:6.9.7.4+dfsg-15 (bug #870119)
+ - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/621
CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...)
- - imagemagick 8:6.9.7.4+dfsg-16 (bug #870475)
+ - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870475)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/571
CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in ...)
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870489)
@@ -29335,7 +29335,6 @@
CVE-2017-2575 [NULL pointer dereference in image_alloc]
RESERVED
NOT-FOR-US: libbpg
- NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg
CVE-2017-2574
RESERVED
CVE-2017-2573
@@ -52406,12 +52405,10 @@
CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 allow ...)
NOT-FOR-US: HPE Performance Center
CVE-2016-4383 (The glance-manage db in all versions of HPE Helion Openstack Glance ...)
- - glance <unfixed> (bug #868185)
- [stretch] - glance <no-dsa> (Minor issue)
- [jessie] - glance <no-dsa> (Minor issue)
- [wheezy] - glance <end-of-life> (Not supported in Wheezy LTS)
+ - glance <unfixed> (unimportant; bug #868185)
NOTE: https://bugs.launchpad.net/glance/+bug/1593799/
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0075
+ NOTE: No code fix, documented shortcoming
CVE-2016-4382 (HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows ...)
NOT-FOR-US: HPE Performance Center
CVE-2016-4381 (HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x ...)
More information about the Secure-testing-commits
mailing list