[Secure-testing-commits] r53566 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jul 17 09:14:03 UTC 2017
Author: jmm
Date: 2017-07-17 09:14:03 +0000 (Mon, 17 Jul 2017)
New Revision: 53566
Modified:
data/CVE/list
Log:
imagemagick CVEfied
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-17 09:10:13 UTC (rev 53565)
+++ data/CVE/list 2017-07-17 09:14:03 UTC (rev 53566)
@@ -5,7 +5,9 @@
CVE-2017-11361
RESERVED
CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...)
- TODO: check
+ - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
+ NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
CVE-2017-11359
RESERVED
CVE-2017-11358
@@ -17,23 +19,23 @@
CVE-2017-11355
RESERVED
CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fiyo CMS
CVE-2017-11351
RESERVED
CVE-2017-11350
RESERVED
CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs ...)
- TODO: check
+ NOT-FOR-US: dataTaker
CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user with ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2017-11347 (Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2017-11346 (Zoho ManageEngine Desktop Central before build 100092 allows remote ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2017-11345 (Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2017-11344 (Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition ...)
- yadm <unfixed> (bug #868300)
NOTE: https://github.com/TheLocehiliosan/yadm/issues/74
@@ -685,7 +687,7 @@
CVE-2017-1000033 (Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a ...)
NOT-FOR-US: WordPress plugin
CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow ...)
- TODO: check
+ NOTE: Seems like a duplicate, contacted MITRE for rejection
CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...)
TODO: check
CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...)
@@ -819,10 +821,6 @@
CVE-2017-XXXX [memory exhaustion in ReadCINImage]
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867810)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/519
-CVE-2017-XXXX [CPU exhaustion in ReadRLEImage]
- - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
- NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
- NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...)
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867806)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
More information about the Secure-testing-commits
mailing list