[Secure-testing-commits] r53968 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 27 03:30:19 UTC 2017 

Author: carnil
Date: 2017-07-27 03:30:18 +0000 (Thu, 27 Jul 2017)
New Revision: 53968

Modified:
   data/CVE/list
Log:
Add new ghostscript issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-27 03:10:10 UTC (rev 53967)
+++ data/CVE/list	2017-07-27 03:30:18 UTC (rev 53968)
@@ -3345,7 +3345,9 @@
 CVE-2017-9836 (Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote ...)
 	- piwigo <removed>
 CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066
 CVE-2017-9834
 	RESERVED
 CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ...)
@@ -5151,9 +5153,13 @@
 CVE-2017-9741 (install/make-config.php in ProjectSend r754 allows remote attackers to ...)
 	NOT-FOR-US: ProjectSend
 CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626
 CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15
 CVE-2017-9738
 	RESERVED
 CVE-2017-9737
@@ -5181,9 +5187,13 @@
 CVE-2017-9728 (In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp ...)
 	- uclibc <unfixed> (unimportant)
 CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b
 CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b
 CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in ...)
 	{DLA-1021-1 DLA-1020-1}
 	- jetty9 9.2.22-1 (bug #864898)
@@ -5415,11 +5425,17 @@
 CVE-2017-9621 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Telaxus/EPESI
 CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9
 CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323
 CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698044
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb
 CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...)
 	- wireshark <unfixed> (low)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
@@ -5433,11 +5449,17 @@
 CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...)
 	NOT-FOR-US: SAP SuccessFactors
 CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c
 CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe
 CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...)
-	TODO: check
+	- ghostscript <unfixed>
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698025
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06
 CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows ...)
 	NOT-FOR-US: Blackcat CMS
 CVE-2017-9608

More information about the Secure-testing-commits mailing list