[Secure-testing-commits] r54111 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun Jul 30 21:10:15 UTC 2017
Author: sectracker
Date: 2017-07-30 21:10:15 +0000 (Sun, 30 Jul 2017)
New Revision: 54111
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-30 20:43:12 UTC (rev 54110)
+++ data/CVE/list 2017-07-30 21:10:15 UTC (rev 54111)
@@ -1,3 +1,33 @@
+CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote authenticated ...)
+ TODO: check
+CVE-2017-11755 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
+ TODO: check
+CVE-2017-11754 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
+ TODO: check
+CVE-2017-11753 (The GetImageDepth function in MagickCore/attribute.c in ImageMagick ...)
+ TODO: check
+CVE-2017-11752 (The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...)
+ TODO: check
+CVE-2017-11751 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
+ TODO: check
+CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and ...)
+ TODO: check
+CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted search path, ...)
+ TODO: check
+CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL ...)
+ TODO: check
+CVE-2017-11747 (main.c in Tinyproxy 1.8.4 and earlier creates a ...)
+ TODO: check
+CVE-2017-11746 (Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a ...)
+ TODO: check
+CVE-2017-11745
+ RESERVED
+CVE-2017-11744 (In MODX Revolution 2.5.7, the "key" and "name" parameters in the System ...)
+ TODO: check
+CVE-2017-11743
+ RESERVED
+CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in ...)
+ TODO: check
CVE-2017-11741
RESERVED
CVE-2017-11740
@@ -151,8 +181,8 @@
NOT-FOR-US: MEDHOST Document Management System
CVE-2017-11693 (MEDHOST Document Management System contains hard-coded credentials that ...)
NOT-FOR-US: MEDHOST Document Management System
-CVE-2017-11692
- RESERVED
+CVE-2017-11692 (The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 ...)
+ TODO: check
CVE-2016-10402 (Avira Antivirus engine versions before 8.3.36.60 allow remote code ...)
NOT-FOR-US: Avira
CVE-2017-11690
@@ -287,12 +317,15 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a6802e21d824e786d1e2a8440cf749a6e1a8d95f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/418f88dd18af34b6cb64f709567c81b89865d7bc
CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() ...)
+ {DLA-1045-1}
- graphicsmagick <unfixed> (bug #870157)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71
CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
+ {DLA-1045-1}
- graphicsmagick <unfixed> (bug #870156)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11641 (GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in ...)
+ {DLA-1045-1}
- graphicsmagick <unfixed> (bug #870155)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
@@ -302,12 +335,15 @@
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870065)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/588
CVE-2017-11638 (GraphicsMagick 1.3.26 has a segmentation violation in the ...)
+ {DLA-1045-1}
- graphicsmagick <unfixed> (bug #870154)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11637 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
+ {DLA-1045-1}
- graphicsmagick <unfixed> (bug #870153)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257
CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() ...)
+ {DLA-1045-1}
- graphicsmagick <unfixed> (bug #870149)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c
CVE-2017-11635
@@ -959,6 +995,7 @@
CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...)
+ {DLA-1045-1}
- graphicsmagick 1.3.26-3
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
CVE-2017-11402
@@ -1824,6 +1861,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f
CVE-2017-11140 (The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 ...)
+ {DLA-1045-1}
- graphicsmagick 1.3.26-3 (low)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a
CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ...)
@@ -1961,6 +1999,7 @@
NOTE: https://www.samba.org/samba/security/CVE-2017-11103.html
NOTE: Upstream Samba Bug: https://bugzilla.samba.org/show_bug.cgi?id=12894
CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
+ {DLA-1045-1}
- graphicsmagick 1.3.26-2 (bug #867746)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1
@@ -2722,6 +2761,7 @@
NOTE: the rlated changesets to mat.c since the one referenced should be
NOTE: picked up.
CVE-2017-10799 (When GraphicsMagick 1.3.25 processes a DPX image (with metadata ...)
+ {DLA-1045-1}
- graphicsmagick 1.3.26-1 (bug #867077)
[stretch] - graphicsmagick <no-dsa> (Minor issue)
[jessie] - graphicsmagick <no-dsa> (Minor issue)
@@ -25267,6 +25307,7 @@
RESERVED
CVE-2017-3163 [ReplicationHandler path traversal vulnerability]
RESERVED
+ {DLA-1046-1}
- lucene-solr <unfixed> (bug #867712)
NOTE: https://issues.apache.org/jira/browse/SOLR-10031
NOTE: https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4db
More information about the Secure-testing-commits
mailing list