[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 7 commits: two wireshark/imagemagick issues ignored

Salvatore Bonaccorso carnil at debian.org
Thu Dec 28 09:00:55 UTC 2017 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d215439e by Moritz Muehlenhoff at 2017-12-28T08:25:42+00:00
two wireshark/imagemagick issues ignored


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58979 e39458fd-73e7-0310-bf30-c45bca0a0e42

- - - - -
e45304a5 by László Böszörményi at 2017-12-28T08:36:41+00:00
Additional patch for CVE-2017-17913/graphicsmagick


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58980 e39458fd-73e7-0310-bf30-c45bca0a0e42

- - - - -
8021b8c5 by Salvatore Bonaccorso at 2017-12-28T08:39:25+00:00
Fix typo in note

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58981 e39458fd-73e7-0310-bf30-c45bca0a0e42

- - - - -
5cdf4631 by László Böszörményi at 2017-12-28T08:40:54+00:00
Add CVE-2017-1791[35]/graphicsmagick fixed version in unstable


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58982 e39458fd-73e7-0310-bf30-c45bca0a0e42

- - - - -
41e5a351 by Salvatore Bonaccorso at 2017-12-28T08:52:27+00:00
Add TODO for CVE-2017-7559

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58983 e39458fd-73e7-0310-bf30-c45bca0a0e42

- - - - -
79dbe713 by Salvatore Bonaccorso at 2017-12-28T08:59:27+00:00
Add Red Hat reference for CVE-2017-7536

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58984 e39458fd-73e7-0310-bf30-c45bca0a0e42

- - - - -
f3a488bb by Salvatore Bonaccorso at 2017-12-28T08:59:39+00:00
Add description for CVE-2017-7536

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58985 e39458fd-73e7-0310-bf30-c45bca0a0e42

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20,6 +20,8 @@ CVE-2018-3600
 	RESERVED
 CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wireshark ...)
 	- wireshark <unfixed>
+	[stretch] - wireshark <ignored> (Minor issue)
+	[jessie] - wireshark <ignored> (Minor issue)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295
 	NOTE: https://code.wireshark.org/review/#/c/24997/
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
@@ -65,16 +67,19 @@ CVE-2017-17917
 CVE-2017-17916
 	RESERVED
 CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
-	- graphicsmagick <unfixed>
+	- graphicsmagick 1.3.27-3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
 CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
 	- imagemagick <unfixed>
+	[stretch] - imagemagick <ignored> (Minor issue)
+	[jessie] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
 CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based ...)
-	- graphicsmagick <unfixed>
+	- graphicsmagick 1.3.27-3
+	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/88313ebe379c
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/536/
 	TODO: check, potentially just unimportant like similar issue in imagemagick
@@ -38227,7 +38232,8 @@ CVE-2017-7559 [HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-
 	RESERVED
 	- undertow <undetermined>
 	NOTE: For an incomplete fix of CVE-2017-2666
-	NOTE: Invalid characters were still allwed in the query string and path parameters.
+	NOTE: Invalid characters were still allowed in the query string and path parameters.
+	TODO: check, asked for clarification to Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7
 CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()]
 	RESERVED
 	- linux 4.12.13-1
@@ -38326,9 +38332,10 @@ CVE-2017-7537
 	- dogtag-pki 10.3.5+12-5 (bug #869261)
 	NOTE: https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470817
-CVE-2017-7536
+CVE-2017-7536 [Privilege escalation when running under the security manager]
 	RESERVED
 	- libhibernate-validator-java <undetermined>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465573
 CVE-2017-7535
 	RESERVED
 	- foreman <itp> (bug #663101)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/107c22e993fd2d68c6991c74aeed8ab4570f4702...f3a488bb54a17d84bff0ca02edf3c002e5166d1e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/107c22e993fd2d68c6991c74aeed8ab4570f4702...f3a488bb54a17d84bff0ca02edf3c002e5166d1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171228/ad8046a5/attachment.html>

More information about the Secure-testing-commits mailing list