[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 4 commits: Process one NFU
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 30 06:58:30 UTC 2017
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8fb5cf08 by Salvatore Bonaccorso at 2017-12-30T07:57:03+01:00
Process one NFU
- - - - -
0db73214 by Salvatore Bonaccorso at 2017-12-30T07:57:24+01:00
Add rails issues, undetermined yet
- - - - -
1931fcd3 by Salvatore Bonaccorso at 2017-12-30T07:57:45+01:00
Add new (undetermined) php-horde issue
- - - - -
89cdfe8e by Salvatore Bonaccorso at 2017-12-30T07:58:00+01:00
CVE-2017-17760: Add new opencv issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -516,7 +516,7 @@ CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2
CVE-2017-17933 (cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or ...)
- TODO: check
+ NOT-FOR-US: NetWin SurgeFTP
CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ...)
NOT-FOR-US: ALLPlayer
CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the ...)
@@ -542,15 +542,23 @@ CVE-2017-17922
CVE-2017-17921
RESERVED
CVE-2017-17920 (SQL injection vulnerability in the 'reorder' method in Ruby on Rails ...)
- TODO: check
+ - rails <undetermined>
+ NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
+ TODO: check (and other possible earlier source packages)
CVE-2017-17919 (SQL injection vulnerability in the 'order' method in Ruby on Rails ...)
- TODO: check
+ - rails <undetermined>
+ NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
+ TODO: check (and other possible earlier source packages)
CVE-2017-17918
RESERVED
CVE-2017-17917 (SQL injection vulnerability in the 'where' method in Ruby on Rails ...)
- TODO: check
+ - rails <undetermined>
+ NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
+ TODO: check (and other possible earlier source packages)
CVE-2017-17916 (SQL injection vulnerability in the 'find_by' method in Ruby on Rails ...)
- TODO: check
+ - rails <undetermined>
+ NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
+ TODO: check (and other possible earlier source packages)
CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
- graphicsmagick 1.3.27-3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
@@ -1078,7 +1086,8 @@ CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-rea
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/530/
CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via the group ...)
- TODO: check
+ - php-horde <undetermined>
+ NOTE: http://code610.blogspot.com/2017/12/modus-operandi-horde-52x.html
CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS via a ...)
NOT-FOR-US: Clockwork SMS plugins for WordPress
CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the referrals.php id ...)
@@ -1171,6 +1180,9 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData ...)
+ - opencv <unfixed>
+ NOTE: https://github.com/opencv/opencv/issues/10351
+ NOTE: MISC:https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
TODO: check
CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Conarc iChannel
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3d1eb41b76511e626bd23b8c7cac6af31403150d...89cdfe8ef6215d3dcf164a7bac0dc5b8712b6390
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3d1eb41b76511e626bd23b8c7cac6af31403150d...89cdfe8ef6215d3dcf164a7bac0dc5b8712b6390
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171230/d29edfa9/attachment.html>
More information about the Secure-testing-commits
mailing list