[Secure-testing-commits] r53367 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jul 10 21:25:24 UTC 2017
Author: jmm
Date: 2017-07-10 21:25:24 +0000 (Mon, 10 Jul 2017)
New Revision: 53367
Modified:
data/CVE/list
Log:
new imagemagick issue
NFUs
ipsec-tools bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-10 21:21:15 UTC (rev 53366)
+++ data/CVE/list 2017-07-10 21:25:24 UTC (rev 53367)
@@ -5,7 +5,8 @@
CVE-2017-11167
RESERVED
CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...)
- TODO: check
+ - imagemagick <unfixed> (low)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/471
CVE-2017-11165
RESERVED
CVE-2017-11164
@@ -758,7 +759,7 @@
CVE-2017-10930
RESERVED
CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...)
- - ipsec-tools <unfixed>
+ - ipsec-tools <unfixed> (bug #867986)
NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
CVE-2017-10929 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...)
@@ -15737,7 +15738,7 @@
CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and ...)
NOT-FOR-US: Apache CXF
CVE-2017-5652 (During a routine security analysis, it was found that one of the ports ...)
- TODO: check
+ NOT-FOR-US: Impala
CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.11-2 (bug #860071)
@@ -15798,7 +15799,7 @@
CVE-2017-5641
RESERVED
CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...)
- TODO: check
+ NOT-FOR-US: Impala
CVE-2017-5639
RESERVED
CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 ...)
More information about the Secure-testing-commits
mailing list