[Secure-testing-commits] r56121 - data/CVE

Mon Sep 25 09:10:13 UTC 2017

Author: sectracker
Date: 2017-09-25 09:10:13 +0000 (Mon, 25 Sep 2017)
New Revision: 56121

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-09-25 07:44:41 UTC (rev 56120)
+++ data/CVE/list	2017-09-25 09:10:13 UTC (rev 56121)
@@ -106,8 +106,8 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/770
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a25142f284384a10306f14393d9bfd7af95ddfff
-CVE-2017-14683
-	RESERVED
+CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by ...)
+	TODO: check
 CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...)
 	- imagemagick <unfixed> (bug #876488)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
@@ -556,8 +556,8 @@
 	NOT-FOR-US: Twitter iOS client
 CVE-2017-14507
 	RESERVED
-CVE-2017-14506
-	RESERVED
+CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...)
+	TODO: check
 CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
@@ -7068,7 +7068,7 @@
 	NOTE: Introduced in https://git.gnome.org/browse/gdm/commit/?id=ff98b28
 CVE-2017-12163 [Server memory information leak over SMB1]
 	RESERVED
-	{DSA-3983-1}
+	{DSA-3983-1 DLA-1110-1}
 	- samba 2:4.6.7+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html
 CVE-2017-12162
@@ -7111,7 +7111,7 @@
 	NOTE: https://www.samba.org/samba/security/CVE-2017-12151.html
 CVE-2017-12150 [SMB1/2/3 connections may not require signing where they should]
 	RESERVED
-	{DSA-3983-1}
+	{DSA-3983-1 DLA-1110-1}
 	- samba 2:4.6.7+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html
 CVE-2017-12149


