[Secure-testing-commits] r56123 - data/CVE

Mon Sep 25 09:15:37 UTC 2017

Author: carnil
Date: 2017-09-25 09:15:37 +0000 (Mon, 25 Sep 2017)
New Revision: 56123

Modified:
   data/CVE/list
Log:
Process two NFUs

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-09-25 09:12:04 UTC (rev 56122)
+++ data/CVE/list	2017-09-25 09:15:37 UTC (rev 56123)
@@ -107,7 +107,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a25142f284384a10306f14393d9bfd7af95ddfff
 CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by ...)
-	TODO: check
+	NOT-FOR-US: geminabox
 CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...)
 	- imagemagick <unfixed> (bug #876488)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
@@ -557,7 +557,7 @@
 CVE-2017-14507
 	RESERVED
 CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...)
-	TODO: check
+	NOT-FOR-US: geminabox
 CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/716


