[Secure-testing-commits] r51765 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri May 19 21:23:25 UTC 2017
Author: jmm
Date: 2017-05-19 21:23:25 +0000 (Fri, 19 May 2017)
New Revision: 51765
Modified:
data/CVE/list
Log:
imagemagick CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-19 21:22:11 UTC (rev 51764)
+++ data/CVE/list 2017-05-19 21:23:25 UTC (rev 51765)
@@ -1,7 +1,9 @@
CVE-2017-9099
RESERVED
CVE-2017-9098 (ImageMagick before 7.0.5-2 uses uninitialized memory in the RLE ...)
- TODO: check
+ - imagemagick <unfixed> (bug #862967)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
+ NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
CVE-2017-9097
RESERVED
CVE-2017-9096
@@ -46,10 +48,6 @@
{DSA-3859-1}
- dropbear <unfixed> (bug #862970)
NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
-CVE-2017-XXXX [Reset memory for RLE decoder]
- - imagemagick <unfixed> (bug #862967)
- NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
- NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
More information about the Secure-testing-commits
mailing list