[Secure-testing-commits] r54438 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Aug 8 15:42:38 UTC 2017
Author: jmm
Date: 2017-08-08 15:42:38 +0000 (Tue, 08 Aug 2017)
New Revision: 54438
Modified:
data/CVE/list
Log:
more unimportant imagemagick issues
new libav issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-08 15:35:19 UTC (rev 54437)
+++ data/CVE/list 2017-08-08 15:42:38 UTC (rev 54438)
@@ -3,7 +3,7 @@
NOTE: https://github.com/taglib/taglib/issues/829
NOTE: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6#diff-37f706c8696a7c1ca939b169c0a04d97
CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an ...)
- TODO: check
+ NOT-FOR-US: IdentityServer
CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...)
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870118)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/618
@@ -29,7 +29,7 @@
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870489)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/575
CVE-2017-12667 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in ...)
- - imagemagick 8:6.9.7.4+dfsg-14 (bug #870015)
+ - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870015)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/553
CVE-2017-12666 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage ...)
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870482)
@@ -38,10 +38,10 @@
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870501)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/577
CVE-2017-12663 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in ...)
- - imagemagick 8:6.9.7.4+dfsg-16 (bug #870483)
+ - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870483)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/573
CVE-2017-12662 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in ...)
- - imagemagick 8:6.9.7.4+dfsg-16 (bug #870492)
+ - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870492)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/576
CVE-2017-12661
RESERVED
@@ -56,7 +56,7 @@
CVE-2017-12656
RESERVED
CVE-2017-12655 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 ...)
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870502)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/620
@@ -98,7 +98,7 @@
CVE-2017-12638
RESERVED
CVE-2017-12637 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-12636
RESERVED
CVE-2017-12635
@@ -2276,7 +2276,8 @@
CVE-2017-11685 (Multiple Reflective cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Zoho ManageEngine Event Log Analyzer
CVE-2017-11684 (There is an illegal address access in the build_table function in ...)
- TODO: check
+ - libav <removed>
+ - ffmpeg <undetermined>
CVE-2017-11683 (There is a reachable assertion in the ...)
- exiv2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
@@ -2499,7 +2500,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123
CVE-2017-12664 [memory leak in WritePALMImage]
- - imagemagick 8:6.9.7.4+dfsg-13 (bug #869721)
+ - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869721)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
NOTE: https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f
CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the ...)
More information about the Secure-testing-commits
mailing list