[Secure-testing-commits] r54982 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Aug 23 09:10:15 UTC 2017 

Author: sectracker
Date: 2017-08-23 09:10:15 +0000 (Wed, 23 Aug 2017)
New Revision: 54982

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-23 06:25:38 UTC (rev 54981)
+++ data/CVE/list	2017-08-23 09:10:15 UTC (rev 54982)
@@ -1,3 +1,43 @@
+CVE-2017-13146 (In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory ...)
+	TODO: check
+CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image ...)
+	TODO: check
+CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a "width ...)
+	TODO: check
+CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage ...)
+	TODO: check
+CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG ...)
+	TODO: check
+CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file ...)
+	TODO: check
+CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ...)
+	TODO: check
+CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...)
+	TODO: check
+CVE-2017-13138
+	RESERVED
+CVE-2017-13137
+	RESERVED
+CVE-2017-13136
+	RESERVED
+CVE-2017-13135
+	RESERVED
+CVE-2017-13134 (In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the ...)
+	TODO: check
+CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
+	TODO: check
+CVE-2017-13132 (In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c ...)
+	TODO: check
+CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the ...)
+	TODO: check
+CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via a crafted ...)
+	TODO: check
+CVE-2017-13129
+	RESERVED
+CVE-2017-13128
+	RESERVED
+CVE-2017-13127
+	RESERVED
 CVE-2017-13126
 	RESERVED
 CVE-2017-13125
@@ -11609,25 +11649,25 @@
 	NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039
 CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based ...)
-	{DLA-1008-1}
+	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #863018)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
 CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based ...)
-	{DLA-1008-1}
+	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #863019)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
 CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based ...)
-	{DLA-1008-1}
+	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #863021)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
 CVE-2017-9047 (A buffer overflow was discovered in libxml2 ...)
-	{DLA-1008-1}
+	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #863022)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
@@ -12166,7 +12206,7 @@
 CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to ...)
 	NOT-FOR-US: OnePlus One
 CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by ...)
-	{DLA-1002-1}
+	{DSA-3951-1 DLA-1002-1}
 	- smb4k 1.2.1-2 (bug #862505)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
 	NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt
@@ -16747,7 +16787,7 @@
 	NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c
 CVE-2017-7376 [Incorrect limit used for port values]
 	RESERVED
-	{DLA-1060-1}
+	{DSA-3952-1 DLA-1060-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #870865)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
 	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
@@ -16758,7 +16798,7 @@
 	NOTE: the port from ever being negative. Upstream decided to leave the above patch.
 CVE-2017-7375 [Missing validation for external entities in xmlParsePEReference]
 	RESERVED
-	{DLA-1008-1}
+	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #870867)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
 	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
@@ -35361,7 +35401,7 @@
 CVE-2017-0664 (A elevation of privilege vulnerability in the Android framework. ...)
 	NOT-FOR-US: Android
 CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable an ...)
-	{DLA-1060-1}
+	{DSA-3952-1 DLA-1060-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #870870)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
 	NOTE: https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc

More information about the Secure-testing-commits mailing list