[Secure-testing-commits] r57776 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Nov 18 09:10:15 UTC 2017 

Author: sectracker
Date: 2017-11-18 09:10:15 +0000 (Sat, 18 Nov 2017)
New Revision: 57776

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-18 08:08:53 UTC (rev 57775)
+++ data/CVE/list	2017-11-18 09:10:15 UTC (rev 57776)
@@ -1,3 +1,23 @@
+CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before ...)
+	TODO: check
+CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...)
+	TODO: check
+CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme ...)
+	TODO: check
+CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...)
+	TODO: check
+CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...)
+	TODO: check
+CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...)
+	TODO: check
+CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through ...)
+	TODO: check
+CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
+	TODO: check
+CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...)
+	TODO: check
+CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
+	TODO: check
 CVE-2017-16879
 	RESERVED
 CVE-2017-16878
@@ -23,6 +43,7 @@
 CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code ...)
 	NOT-FOR-US: Elixir's vim plugin
 CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after free in the ...)
+	{DLA-1175-1}
 	- lynx 2.8.9dev16-1
 	- lynx-cur <removed>
 	NOTE: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
@@ -53,7 +74,7 @@
 	NOT-FOR-US: UpdraftPlus plugin for WordPress
 CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...)
 	NOT-FOR-US: UpdraftPlus plugin for WordPress
-CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of ...)
+CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...)
 	- upx-ucl <unfixed> (bug #882041; unimportant)
 	NOTE: https://github.com/upx/upx/issues/146
 	NOTE: crash in CLI tool, no security impact
@@ -386,6 +407,7 @@
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
 CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...)
+	{DLA-1173-1}
 	- procmail 3.22-26 (bug #876511)
 CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the ...)
 	NOT-FOR-US: Vonage VDV-23
@@ -1080,8 +1102,8 @@
 	NOT-FOR-US: Logitech Media Server
 CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...)
 	NOT-FOR-US: Logitech Media Server
-CVE-2017-16566
-	RESERVED
+CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not ...)
+	TODO: check
 CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...)
 	NOT-FOR-US: Vonage
 CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on ...)
@@ -1126,6 +1148,7 @@
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
 CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...)
+	{DSA-4040-1}
 	- imagemagick <unfixed> (bug #881392)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
@@ -2966,7 +2989,7 @@
 CVE-2017-15925
 	RESERVED
 CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...)
-	{DSA-4033-1}
+	{DSA-4033-1 DLA-1174-1}
 	- konversation 1.7.3-1 (bug #881586)
 	NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...)
@@ -4524,7 +4547,7 @@
 CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...)
 	NOT-FOR-US: TeamPass
 CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...)
-	{DSA-4032-1 DLA-1140-1 DLA-1139-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1}
 	- imagemagick <unfixed> (bug #878578)
 	- graphicsmagick 1.3.26-14
 	NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
@@ -5452,7 +5475,7 @@
 	NOTE: https://core.trac.wordpress.org/ticket/38474
 	NOTE: Wordpress in Wheezy requires a database upgrade and backports of new functions
 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...)
-	{DSA-4032-1 DLA-1131-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
 	- imagemagick <unfixed> (bug #878562)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
@@ -6337,7 +6360,7 @@
 CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by ...)
 	NOT-FOR-US: geminabox
 CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...)
-	{DSA-4032-1 DLA-1131-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
 	- imagemagick <unfixed> (bug #876488)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
@@ -6572,7 +6595,7 @@
 	NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
 	NOTE: https://github.com/LibRaw/LibRaw/issues/101
 CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ...)
-	{DSA-4032-1 DLA-1131-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
 	- imagemagick <unfixed> (low; bug #878527)
 	NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
@@ -7667,7 +7690,7 @@
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
 CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ...)
-	{DSA-4032-1 DLA-1131-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
 	- imagemagick <unfixed> (bug #876097)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
@@ -8161,8 +8184,8 @@
 	[wheezy] - asterisk <ignored> (strictrtp option is disabled by default. Too intrusive too backport)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013
 	NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27013
-CVE-2017-14077
-	RESERVED
+CVE-2017-14077 (HTML Injection in Securimage 3.6.4 and earlier allows remote attackers ...)
+	TODO: check
 CVE-2017-14076 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id ...)
 	NOT-FOR-US: NexusPHP
 CVE-2017-14075 (This vulnerability allows local attackers to escalate privileges on ...)
@@ -8711,7 +8734,7 @@
 	NOT-FOR-US: Apple
 CVE-2017-13827
 	RESERVED
-CVE-2017-13826 (An issue was discovered in certain Apple products. macOS before ...)
+CVE-2017-13826
 	REJECTED
 CVE-2017-13825 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
@@ -8868,7 +8891,7 @@
 CVE-2017-13770
 	RESERVED
 CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...)
-	{DSA-4032-1 DLA-1131-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
 	- imagemagick <unfixed> (low; bug #878507)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
@@ -8918,7 +8941,7 @@
 CVE-2017-13759
 	RESERVED
 CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...)
-	{DSA-4032-1 DLA-1131-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
 	- imagemagick <unfixed> (bug #878508)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
@@ -10412,7 +10435,7 @@
 CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...)
 	TODO: check
 CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...)
-	{DSA-4032-1 DLA-1170-1 DLA-1081-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1170-1 DLA-1081-1}
 	- imagemagick <unfixed> (bug #873099)
 	- graphicsmagick 1.3.26-19 (bug #881524)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
@@ -10850,7 +10873,7 @@
 CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, ...)
 	NOT-FOR-US: PHPMyWind
 CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c ...)
-	{DSA-4032-1 DLA-1081-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1081-1}
 	- imagemagick <unfixed> (bug #873134)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/682
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5
@@ -11754,7 +11777,7 @@
 CVE-2014-10039
 	RESERVED
 CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c ...)
-	{DLA-1081-1}
+	{DSA-4040-1 DLA-1081-1}
 	- imagemagick <unfixed> (bug #872373)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
@@ -12443,7 +12466,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/550
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
 CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ...)
-	{DSA-4019-1 DLA-1081-1}
+	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/542
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
@@ -14640,7 +14663,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645
 CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...)
-	{DSA-4019-1 DLA-1081-1}
+	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
 CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ...)
@@ -15093,7 +15116,7 @@
 	- graphicsmagick 1.3.26-4 (bug #870155)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
 CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
-	{DSA-4019-1 DLA-1081-1}
+	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870067)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/584
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a
@@ -15183,7 +15206,7 @@
 	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/kohler/t1utils/issues/6
 CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a "width ...)
-	{DSA-4019-1 DLA-1081-1}
+	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869728)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84
@@ -15207,7 +15230,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f
 CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the ...)
-	{DSA-4019-1 DLA-1081-1}
+	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869715)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/555
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945
@@ -22639,7 +22662,7 @@
 CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not ...)
 	- tikiwiki <removed>
 CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash ...)
-	{DLA-1081-1}
+	{DSA-4040-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #868469)
 	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/502
@@ -36641,8 +36664,8 @@
 	RESERVED
 CVE-2017-4940
 	RESERVED
-CVE-2017-4939
-	RESERVED
+CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL ...)
+	TODO: check
 CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
 	NOT-FOR-US: VMware
 CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...)

More information about the Secure-testing-commits mailing list