[Secure-testing-commits] r58650 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sun Dec 17 18:47:01 UTC 2017 

Author: jmm
Date: 2017-12-17 18:47:01 +0000 (Sun, 17 Dec 2017)
New Revision: 58650

Modified:
   data/CVE/list
Log:
two imagemagick no-dsa
ruby n/a


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-17 18:01:45 UTC (rev 58649)
+++ data/CVE/list	2017-12-17 18:47:01 UTC (rev 58650)
@@ -4468,12 +4468,16 @@
 CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...)
 	TODO: check
 CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in ...)
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (low)
+	[stretch] - imagemagick <no-dsa> (Minor issue)
+	[jessie] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
 CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found ...)
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (low)
+	[stretch] - imagemagick <no-dsa> (Minor issue)
+	[jessie] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/869
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f6ca1441a5260165dabc627d26f60c32af1d5678
 	NOTE: different fix: https://github.com/ImageMagick/ImageMagick/commit/73d59a74e0b0a864c1a9581b8a4bdbee427125e2
@@ -43429,7 +43433,7 @@
 	NOTE: Fixed by: http://svn.apache.org/r1793471 (7.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1793491 (7.0.x)
 CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and ...)
-	TODO: check
+	NOT-FOR-US: Apache Fineract
 CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the ...)
 	{DLA-926-1}
 	- batik 1.9-1 (bug #860566)
@@ -82135,9 +82139,9 @@
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0031/
 	NOTE: https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab
 CVE-2016-2336 (Type confusion exists in two methods of Ruby's WIN32OLE class, ...)
-	- ruby2.3 <unfixed> (unimportant)
-	- ruby2.1 <removed> (unimportant)
-	NOTE: Wulnerable win32ole ruby extension not included in binary packages
+	- ruby2.3 <not-affected> (Windows-specific)
+	- ruby2.1 <not-affected> (Windows-specific)
+	NOTE: Vulnerable win32ole ruby extension not included in binary packages, specific to Windows
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0029/
 CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip ...)
 	{DSA-3599-1 DLA-510-1}

More information about the Secure-testing-commits mailing list