[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Dec 30 21:10:19 UTC 2017 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7108b2d7 by security tracker role at 2017-12-30T21:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2017-18000
+	RESERVED
+CVE-2017-17999
+	RESERVED
 CVE-2017-17998
 	RESERVED
 CVE-2017-17997 (In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL ...)
@@ -1209,14 +1213,14 @@ CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x bef
 	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
 	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
 CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the ...)
-	{DLA-1220-1}
+	{DSA-4077-1 DLA-1220-1}
 	- gimp <unfixed> (bug #884836)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=edb251a7ef1602d20a5afcbf23f24afb163de63b (master)
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 (gimp-2-8)
 	NOTE: Can be reproduced (at least in wheezy) with "valgrind --trace-children=yes gimp <reproducerfile>"
 CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in ...)
-	{DLA-1220-1}
+	{DSA-4077-1 DLA-1220-1}
 	- gimp <unfixed> (unimportant; bug #884862)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b (master)
@@ -1225,20 +1229,20 @@ CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadIm
 	NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366 (gimp-2-8)
 	NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17788 (In GIMP 2.8.22, there is a stack-based buffer over-read in ...)
-	{DLA-1220-1}
+	{DSA-4077-1 DLA-1220-1}
 	- gimp <unfixed> (unimportant; bug #885347)
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 (master)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783
 	NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17784 (In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in ...)
-	{DLA-1220-1}
+	{DSA-4077-1 DLA-1220-1}
 	- gimp <unfixed> (unimportant; bug #884925)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=06d24a79af94837d615d0024916bb95a01bf3c59 (master)
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270 (gimp-2-8)
 	NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...)
-	{DLA-1220-1}
+	{DSA-4077-1 DLA-1220-1}
 	- gimp <unfixed> (bug #884837)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849
 	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=28e95fbeb5720e6005a088fa811f5bf3c1af48b8 (master)
@@ -1246,7 +1250,7 @@ CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...)
 	NOTE: Cannot be reproduced in wheezy with "valgrind --trace-children=yes gimp <reproducerfile>"
 	NOTE: Some OOB read/write can be reproduced in sid with "valgrind --trace-children=yes gimp <reproducerfile>"
 CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
-	{DLA-1220-1}
+	{DSA-4077-1 DLA-1220-1}
 	- gimp <unfixed> (unimportant; bug #884927)
 	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=eb2980683e6472aff35a3117587c4f814515c74d (master)
 	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d (gimp-2-8)
@@ -7963,6 +7967,7 @@ CVE-2017-17097
 CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards plugin ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source ...)
+	{DSA-4076-1 DLA-1225-1}
 	- asterisk 1:13.18.3~dfsg-1 (bug #883342)
 	NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27452
@@ -8566,8 +8571,8 @@ CVE-2018-0742
 	RESERVED
 CVE-2018-0741
 	RESERVED
-CVE-2017-17089
-	RESERVED
+CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote authenticated ...)
+	TODO: check
 CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser ...)
 	{DLA-1216-1}
 	- wordpress 4.9.1+dfsg-1 (bug #883314)
@@ -16960,8 +16965,8 @@ CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in im
 	NOTE: Reproducible in experimental(0.26-1).
 CVE-2017-14856
 	RESERVED
-CVE-2017-14855
-	RESERVED
+CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial of service ...)
+	TODO: check
 CVE-2017-14854
 	RESERVED
 CVE-2017-14853



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7108b2d76a1574418a14e580e05b44b8fcdc7c13

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7108b2d76a1574418a14e580e05b44b8fcdc7c13
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171230/e7070f99/attachment-0001.html>

More information about the Secure-testing-commits mailing list