[Secure-testing-commits] r55363 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Sep 1 13:55:41 UTC 2017
Author: carnil
Date: 2017-09-01 13:55:40 +0000 (Fri, 01 Sep 2017)
New Revision: 55363
Modified:
data/CVE/list
Log:
Add CVE-2017-14103/graphicsmagick
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-01 09:18:38 UTC (rev 55362)
+++ data/CVE/list 2017-09-01 13:55:40 UTC (rev 55363)
@@ -1,3 +1,10 @@
+CVE-2017-14103 [use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403)]
+ - graphicsmagick <unfixed>
+ [stretch] - imagemagick <not-affected> (Incomplete fix not applied)
+ [jessie] - imagemagick <not-affected> (Incomplete fix not applied)
+ NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
+ NOTE: http://www.openwall.com/lists/oss-security/2017/09/01/6
+ NOTE: https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/
CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping ...)
- mimedefang <unfixed>
NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html
@@ -7202,6 +7209,8 @@
{DLA-1045-1}
- graphicsmagick 1.3.26-3
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
+ NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
+ NOTE: issue. See: http://www.openwall.com/lists/oss-security/2017/09/01/6
CVE-2017-11402
RESERVED
CVE-2017-11401
More information about the Secure-testing-commits
mailing list