[Secure-testing-commits] r58974 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 27 22:10:20 UTC 2017
Author: carnil
Date: 2017-12-27 22:10:20 +0000 (Wed, 27 Dec 2017)
New Revision: 58974
Modified:
data/CVE/list
Log:
Add CVE-2017-17913/graphicsmagick
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-27 22:07:12 UTC (rev 58973)
+++ data/CVE/list 2017-12-27 22:10:20 UTC (rev 58974)
@@ -74,7 +74,10 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based ...)
- TODO: check
+ - graphicsmagick <unfixed>
+ NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f
+ NOTE: https://sourceforge.net/p/graphicsmagick/bugs/536/
+ TODO: check, potentially just unimportant like similar issue in imagemagick
CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
TODO: check
CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer ...)
More information about the Secure-testing-commits
mailing list