[Secure-testing-commits] r55841 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun Sep 17 21:10:16 UTC 2017
Author: sectracker
Date: 2017-09-17 21:10:16 +0000 (Sun, 17 Sep 2017)
New Revision: 55841
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-17 18:30:44 UTC (rev 55840)
+++ data/CVE/list 2017-09-17 21:10:16 UTC (rev 55841)
@@ -1,15 +1,23 @@
-CVE-2017-14503 [out-of-bounds read in lha_read_data_none()]
+CVE-2017-14507
+ RESERVED
+CVE-2017-14506
+ RESERVED
+CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...)
+ TODO: check
+CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure ...)
+ TODO: check
+CVE-2017-14503 (libarchive 3.3.2 suffers from an out-of-bounds read within ...)
- libarchive <unfixed> (bug #875960)
[stretch] - libarchive <no-dsa> (Minor issue)
[jessie] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/948
-CVE-2017-14502 [out-of-bounds read in archive_read_format_rar_read_header()]
+CVE-2017-14502 (read_header in archive_read_support_format_rar.c in libarchive 3.3.2 ...)
- libarchive <unfixed> (bug #875974)
[stretch] - libarchive <no-dsa> (Minor issue)
[jessie] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
-CVE-2017-14501 [out-of-bounds read in archive_read_format_iso9660_read_header()]
+CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in ...)
- libarchive <unfixed> (bug #875966)
NOTE: https://github.com/libarchive/libarchive/issues/949
CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in ...)
@@ -655,10 +663,10 @@
RESERVED
CVE-2017-14245
RESERVED
-CVE-2017-14244
- RESERVED
-CVE-2017-14243
- RESERVED
+CVE-2017-14244 (An authentication bypass vulnerability on iBall Baton ADSL2+ Home ...)
+ TODO: check
+CVE-2017-14243 (An authentication bypass vulnerability on UTStar WA3002G4 ADSL ...)
+ TODO: check
CVE-2017-14242 (SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 ...)
- dolibarr <unfixed>
NOTE: https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb
@@ -34253,11 +34261,13 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/03/5
CVE-2017-2924 [Heap-based buffer overflow in the read_legacy_biff function]
RESERVED
+ {DSA-3976-1 DLA-1098-1}
- freexl 1.0.4-1 (bug #875691)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431
NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
CVE-2017-2923 [Heap-based buffer overflow in the read_biff_next_record function]
RESERVED
+ {DSA-3976-1 DLA-1098-1}
- freexl 1.0.4-1 (bug #875690)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430
NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
More information about the Secure-testing-commits
mailing list