[Secure-testing-commits] r55339 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Aug 31 21:10:14 UTC 2017
Author: sectracker
Date: 2017-08-31 21:10:14 +0000 (Thu, 31 Aug 2017)
New Revision: 55339
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-31 20:34:31 UTC (rev 55338)
+++ data/CVE/list 2017-08-31 21:10:14 UTC (rev 55339)
@@ -1,5 +1,60 @@
-CVE-2017-14063 [incorrect URL parsing]
+CVE-2017-14077
RESERVED
+CVE-2017-14076 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id ...)
+ TODO: check
+CVE-2017-14075
+ RESERVED
+CVE-2017-14074
+ RESERVED
+CVE-2017-14073
+ RESERVED
+CVE-2017-14072
+ RESERVED
+CVE-2017-14071
+ RESERVED
+CVE-2017-14070 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via ...)
+ TODO: check
+CVE-2017-14069 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw ...)
+ TODO: check
+CVE-2017-14068
+ RESERVED
+CVE-2017-14067
+ RESERVED
+CVE-2017-14066
+ RESERVED
+CVE-2017-14065
+ RESERVED
+CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can ...)
+ TODO: check
+CVE-2017-14062 (Integer overflow in the decode_digit function in puny_decode.c in ...)
+ TODO: check
+CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 before ...)
+ TODO: check
+CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in ...)
+ TODO: check
+CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ...)
+ TODO: check
+CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...)
+ TODO: check
+CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...)
+ TODO: check
+CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...)
+ TODO: check
+CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...)
+ TODO: check
+CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...)
+ TODO: check
+CVE-2017-14053
+ RESERVED
+CVE-2017-14052
+ RESERVED
+CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of ...)
+ TODO: check
+CVE-2016-10509 (SQL injection vulnerability in the updateAmazonOrderTracking function ...)
+ TODO: check
+CVE-2016-10508 (Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() ...)
+ TODO: check
+CVE-2017-14063 (Async Http Client (aka async-http-client) before 2.0.35 can be tricked ...)
- async-http-client <undetermined>
NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1455
NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/eb9e3347e45319be494db24d285a2aee4396f5d3
@@ -552,9 +607,11 @@
CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...)
NOT-FOR-US: Fiyo CMS
CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
+ {DLA-1082-1}
- graphicsmagick <unfixed> (low)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
+ {DLA-1082-1}
- graphicsmagick <unfixed> (low)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() ...)
@@ -852,7 +909,7 @@
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
NOTE: https://github.com/uclouvain/openjpeg/issues/992
-CVE-2017-14042 [memory allocation failure in MagickRealloc]
+CVE-2017-14042 (A memory allocation failure was discovered in the ReadPNMImage function ...)
- graphicsmagick <unfixed> (unimportant; bug #873538)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
NOTE: https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c-2/
@@ -863,8 +920,8 @@
[jessie] - binutils <ignored> (Minor issue)
[wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b
-CVE-2017-13708
- RESERVED
+CVE-2017-13708 (Buffer overflow in the web server service in VX Search Enterprise ...)
+ TODO: check
CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version ...)
NOT-FOR-US: Replibit
CVE-2017-13706
@@ -2020,6 +2077,7 @@
- graphicsmagick <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/
CVE-2017-13146 (In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870013)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430
CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file ...)
@@ -2034,11 +2092,13 @@
CVE-2017-13135
RESERVED
CVE-2017-13134 (In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the ...)
+ {DLA-1081-1}
- imagemagick <unfixed> (bug #873099)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5304ae14655a67b9a3db00563fe44d9abd6de4f0
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
+ {DLA-1081-1}
- imagemagick <unfixed> (bug #873100)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8
@@ -2181,14 +2241,17 @@
- graphicsmagick <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/
CVE-2017-13065 (GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in ...)
+ {DLA-1082-1}
- graphicsmagick 1.3.26-7 (bug #873119)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/435/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13064 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in ...)
+ {DLA-1082-1}
- graphicsmagick 1.3.26-7 (bug #873129)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/436/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in ...)
+ {DLA-1082-1}
- graphicsmagick 1.3.26-7 (bug #873130)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
@@ -2360,6 +2423,7 @@
CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, ...)
NOT-FOR-US: PHPMyWind
CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c ...)
+ {DLA-1081-1}
- imagemagick <unfixed> (bug #873134)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/682
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5
@@ -2563,14 +2627,17 @@
[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/2
CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
+ {DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872574)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
+ {DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872575)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
+ {DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872576)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
@@ -3215,6 +3282,7 @@
CVE-2014-10039
RESERVED
CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c ...)
+ {DLA-1081-1}
- imagemagick <unfixed> (bug #872373)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
@@ -3752,16 +3820,19 @@
CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an ...)
NOT-FOR-US: IdentityServer
CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870118)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/618
NOTE: https://github.com/ImageMagick/ImageMagick/commit/387adbe4b05a545b9f3972e862602480c850303c
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7287f50888c26b133ee173816332fcaec4e8cb62
CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional data was ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870022)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/616
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7
CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the ...)
+ {DLA-1081-1}
[experimental] - imagemagick 8:6.9.9.6+dfsg-1
- imagemagick <unfixed> (bug #872609)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
@@ -3780,6 +3851,7 @@
- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870475)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/571
CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870489)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/575
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba8f335fa06daf1165e0878462686028e633a74
@@ -3795,6 +3867,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5559407ce29f4371e5df9c1cbde65455fe5854c
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/45aeda5da9eb328689afc221fa3b7dfa5cdea54d
CVE-2017-12665 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870501)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/577
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c1b09bbec148f6ae11d0b686fdb89ac6dc0ab14e
@@ -3820,6 +3893,7 @@
CVE-2017-12655 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the ...)
NOT-FOR-US: NexusPHP
CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870502)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/620
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ffcb8f8e2248fde38a2cb30aeb48403d2b3471cc
@@ -3849,13 +3923,16 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a33f7498f9052b50e8fe8c8422a11ba84474cb42
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0
CVE-2017-12642 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869796)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/552
CVE-2017-12641 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870108)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/550
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/542
NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
@@ -3983,6 +4060,7 @@
NOTE: https://github.com/rsyslog/rsyslog/pull/1565
NOTE: The zmq3 input and output modules are not enabled and built in Debian
CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870526)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/535
NOTE: https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add
@@ -4031,21 +4109,25 @@
CVE-2017-12567 (SQL injection exists in Quest KACE Asset Management Appliance ...)
NOT-FOR-US: Quest KACE Asset Management Appliance
CVE-2017-12566 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870503)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/603
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2477eacf09d3a26efe814590a5dbbe1efd16764f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/27b3b9ca5cfb7b8935852cf315abc005ea7c1e16
CVE-2017-12565 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870115)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/602
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e0e544bb173213df00f82a810d66321e1bb4f3c8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4d0ac66c9778faebd2d1fac7140462b043626458
CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870017)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/601
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b
CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870530)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
@@ -4383,22 +4465,26 @@
CVE-2017-12436
RESERVED
CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870504)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/543
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088
CVE-2017-12433 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the ...)
+ {DLA-1081-1}
[experimental] - imagemagick 8:6.9.9.6+dfsg-1
- imagemagick <unfixed> (unimportant; bug #872481)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/548
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620
CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870491)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/536
NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74
CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13
NOTE: https://github.com/ImageMagick/ImageMagick/issues/545
NOTE: https://github.com/ImageMagick/ImageMagick/commit/30a74ed25a4890acfa94f452d653d54c9628c87e
@@ -4406,6 +4492,7 @@
NOTE: The fix applied for #869727 included the change for upstream issue 545, cf.
NOTE: https://github.com/ImageMagick/ImageMagick/issues/546#issuecomment-313968413
CVE-2017-12427 (The ProcessMSLScript function in coders/msl.c in ImageMagick before ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870525)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/636
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b
@@ -4436,6 +4523,7 @@
[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
NOTE: https://mantisbt.org/bugs/view.php?id=23173
CVE-2017-12418 (ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM ...)
+ {DLA-1081-1}
[experimental] - imagemagick 8:6.9.9.6+dfsg-1
- imagemagick <unfixed> (unimportant; bug #872498)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/643
@@ -5013,6 +5101,7 @@
- libytnef <unfixed> (bug #870815)
NOTE: https://github.com/Yeraze/ytnef/issues/50
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an ...)
+ {DLA-1081-1}
[experimental] - imagemagick 8:6.9.9.6+dfsg-1
- imagemagick <unfixed> (bug #873059)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
@@ -5832,13 +5921,16 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645
CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870107)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870105)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
@@ -5856,11 +5948,13 @@
- imagemagick <not-affected> (Affects only ImageMagick-7; vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/629
CVE-2017-11752 (The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870481)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/628
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/21d19d0c64ff070dbf37279432837bf425c0d5dd
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eccfd52199616da66c93b6d627d4d4126f5a5f0
CVE-2017-11751 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870480)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/631
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb713211bad3fa4f0c535255fa043917482fc964
@@ -5950,15 +6044,18 @@
CVE-2017-11723 (Directory traversal vulnerability in plugins/ImageManager/backend.php ...)
NOT-FOR-US: Xinha
CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870023)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/624
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870020)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870019)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
@@ -5968,6 +6065,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/547
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375
CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870012)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/362
NOTE: https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
@@ -6231,6 +6329,7 @@
CVE-2017-11645 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
NOT-FOR-US: NetComm Wireless 4GT101W routers
CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870016)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/587
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a6802e21d824e786d1e2a8440cf749a6e1a8d95f
@@ -6248,11 +6347,13 @@
- graphicsmagick 1.3.26-4 (bug #870155)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870067)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/584
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86
CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870065)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/588
NOTE: https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014
@@ -6336,10 +6437,12 @@
NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/kohler/t1utils/issues/6
CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a "width ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869728)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84
CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869727)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/546
NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5
@@ -6349,15 +6452,18 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123
CVE-2017-12664 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869721)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
NOTE: https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f
CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869715)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/555
NOTE: https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5660836f9197107e9c38f14f27a45c2d9f26afe2
CVE-2017-12428 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869713)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/544
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b2b48d50300a9fbcd0aa0d9230fd6d7a08f7671e
@@ -6614,6 +6720,7 @@
- imagemagick <not-affected> (Only affects ImageMagick-7 series)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/581
CVE-2017-11539 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870120)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/582
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4e81160d66f02bf7b4f569669ca7dd80d416ba6e
@@ -6624,6 +6731,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0a80c9e5f293a8de51011ac784ac52b96932c08f
NOTE: Introduced after: https://github.com/ImageMagick/ImageMagick/commit/0bf18387ae1336475631284854b664d0e2d89697
CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869712)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/560
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd
@@ -6635,24 +6743,29 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/167e1538ae9818d46c9462a4273082871e35a480
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dba1ccfbcdf61c0eb599c7c308b42ed46dc92be6
CVE-2017-11535 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869827)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/561
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4
NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/bba95cfcc19fa8a261e12692f31279148ad42441
CVE-2017-11534 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869711)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/564
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3f21b17f06eacb40dab08738e0abf68fb0d58c90
CVE-2017-11533 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869834)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/562
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f0c29cc251578fe0ad8ec7b72f2487a77a1696b8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed1fd69231ab21dc540167c63bc3b0fa3282ec59
CVE-2017-11532 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869726)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/563
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d60d705cddac7fa5d0e6596c183bbb9b46a57161
CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869725)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/566
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
@@ -6706,6 +6819,7 @@
[wheezy] - tor <not-affected> (aa-exec in jessie is located in /usr/sbin/)
NOTE: https://twitter.com/pissquark/status/888142796414226432
CVE-2017-11523 (The ReadTXTImage function in coders/txt.c in ImageMagick through ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #869210)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/591
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
@@ -6843,18 +6957,18 @@
CVE-2017-11451
RESERVED
CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867894)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602
CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867896)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce
NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867893)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11
@@ -6865,6 +6979,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #868950)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/537
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/787ee25e9fb0e4e0509121342371d925fe5044f8
@@ -7102,7 +7217,7 @@
CVE-2017-11361 (Inteno routers have a JUCI ACL misconfiguration that allows the "user" ...)
NOT-FOR-US: Inteno routers
CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
@@ -7208,27 +7323,27 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2715
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556
CVE-2017-11529 (The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867823)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/525
CVE-2017-11478 (The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867826)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/528
CVE-2017-11526 (The ReadOneMNGImage function in coders/png.c in ImageMagick before ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867825)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/527
CVE-2017-11505 (The ReadOneJNGImage function in coders/png.c in ImageMagick through ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867824)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/526
CVE-2017-11530 (The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867821)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/524
CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick before ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867798)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/506
CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...)
@@ -7649,7 +7764,7 @@
- gnome-session 2.30.0-1
NOTE: https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d
CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/472
CVE-2017-11169
@@ -7684,9 +7799,9 @@
NOT-FOR-US: Installer in Synology Assistant
CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in ...)
NOT-FOR-US: Installer in Synology Photo Station Uploader
-CVE-2017-11158
- RESERVED
-CVE-2017-11157 (Multiple untrusted search path vulnerabilities in installer in ...)
+CVE-2017-11158 (Multiple untrusted search path vulnerabilities in the installer in ...)
+ TODO: check
+CVE-2017-11157 (Multiple untrusted search path vulnerabilities in the installer in ...)
NOT-FOR-US: Synology
CVE-2017-11156 (Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before ...)
NOT-FOR-US: Synology Download Station
@@ -7920,7 +8035,7 @@
[jessie] - fedmsg <no-dsa> (Minor issue)
NOTE: https://github.com/fedora-infra/fedmsg/commit/5c21cf88a
CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868264)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f
@@ -7987,19 +8102,19 @@
- links2 2.14-3 (unimportant; bug #870299)
NOTE: PoC: http://seclists.org/fulldisclosure/2017/Jul/76
CVE-2017-11527 (The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867812)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/523
CVE-2017-11528 (The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867811)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/522
CVE-2017-11525 (The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867810)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/519
CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867806)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...)
@@ -8291,6 +8406,7 @@
CVE-2017-10996
RESERVED
CVE-2017-10995 (The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #867748)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/538
NOTE: https://github.com/ImageMagick/ImageMagick/commit/24430226caf7eb468b4180f2883b2563e8cc1b23
@@ -8589,7 +8705,7 @@
NOTE: https://github.com/radare/radare2/issues/7855
NOTE: https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85
CVE-2017-10928 (In ImageMagick 7.0.6-0, a heap-based buffer over-read in the ...)
- {DSA-3914-1}
+ {DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867367)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/539
CVE-2017-10927
@@ -12214,7 +12330,7 @@
CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default protocol ...)
- curl <not-affected> (Windows only)
CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the ...)
- {DSA-3914-1 DLA-1000-1}
+ {DSA-3914-1 DLA-1081-1 DLA-1000-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867721)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/491
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74
@@ -13519,13 +13635,14 @@
CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not ...)
- tikiwiki <removed>
CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash ...)
+ {DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #868469)
[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/502
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f1f01b695e869c410ee10e2176f8fd764f09373
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/86cb33143c5b21912187403860a7c26761a3cd23
CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because ...)
- {DSA-3863-1 DLA-960-1}
+ {DSA-3863-1 DLA-1081-1 DLA-960-1}
- imagemagick 8:6.9.7.4+dfsg-9 (bug #863126)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198
CVE-2017-9142 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...)
@@ -15663,7 +15780,7 @@
- imagemagick 8:6.9.7.4+dfsg-7 (bug #862632)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/454
CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows ...)
- {DSA-3863-1 DLA-960-1}
+ {DSA-3863-1 DLA-1081-1 DLA-960-1}
- imagemagick 8:6.9.7.4+dfsg-7 (bug #862590)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/452
CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows ...)
@@ -35888,20 +36005,20 @@
RESERVED
CVE-2017-1451
RESERVED
-CVE-2017-1450
- RESERVED
-CVE-2017-1449
- RESERVED
+CVE-2017-1450 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to ...)
+ TODO: check
+CVE-2017-1449 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to ...)
+ TODO: check
CVE-2017-1448 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could ...)
NOT-FOR-US: IBM
-CVE-2017-1447
- RESERVED
+CVE-2017-1447 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site ...)
+ TODO: check
CVE-2017-1446 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1445 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2017-1444
- RESERVED
+CVE-2017-1444 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site ...)
+ TODO: check
CVE-2017-1443 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2017-1442 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...)
@@ -36984,8 +37101,7 @@
RESERVED
CVE-2017-0903
RESERVED
-CVE-2017-0902 [DNS request hijacking vulnerability]
- RESERVED
+CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking ...)
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -36996,8 +37112,7 @@
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
-CVE-2017-0901 [gem installer allows a malicious gem to overwrite arbitrary files]
- RESERVED
+CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification ...)
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -37006,8 +37121,7 @@
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
-CVE-2017-0900 [DOS vulernerability in the query command]
- RESERVED
+CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -37016,8 +37130,7 @@
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
-CVE-2017-0899 [ANSI escape sequence vulnerability]
- RESERVED
+CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -68713,8 +68826,8 @@
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
-CVE-2016-0713
- RESERVED
+CVE-2016-0713 (Gorouter in Cloud Foundry cf-release v141 through v228 allows ...)
+ TODO: check
CVE-2016-0712 (Cross-site scripting (XSS) vulnerability in Apache Jetspeed before ...)
NOT-FOR-US: Apache Jetspeed
CVE-2016-0711 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed ...)
More information about the Secure-testing-commits
mailing list