[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 3 09:11:32 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb86f138 by security tracker role at 2018-08-03T08:11:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,57 @@
+CVE-2018-14878
+	RESERVED
+CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site ...)
+	TODO: check
+CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in ...)
+	TODO: check
+CVE-2018-14875
+	RESERVED
+CVE-2018-14874
+	RESERVED
+CVE-2018-14873 (An issue was discovered in Rincewind 0.1. There is a cross-site ...)
+	TODO: check
+CVE-2018-14872 (An issue was discovered in Rincewind 0.1. A reinstall vulnerability ...)
+	TODO: check
+CVE-2018-14871
+	RESERVED
+CVE-2018-14870
+	RESERVED
+CVE-2018-14869
+	RESERVED
+CVE-2018-14868
+	RESERVED
+CVE-2018-14867
+	RESERVED
+CVE-2018-14866
+	RESERVED
+CVE-2018-14865
+	RESERVED
+CVE-2018-14864
+	RESERVED
+CVE-2018-14863
+	RESERVED
+CVE-2018-14862
+	RESERVED
+CVE-2018-14861
+	RESERVED
+CVE-2018-14860
+	RESERVED
+CVE-2018-14859
+	RESERVED
+CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
+	TODO: check
+CVE-2018-14857
+	RESERVED
+CVE-2018-14856
+	RESERVED
+CVE-2018-14855
+	RESERVED
+CVE-2018-14854
+	RESERVED
+CVE-2018-14853
+	RESERVED
+CVE-2018-14852
+	RESERVED
 CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...)
 	- php7.2 7.2.8-1
 	- php7.1 <unfixed>
@@ -429,18 +483,22 @@ CVE-2018-14669
 CVE-2018-14668
 	RESERVED
 CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
+	{DSA-4260-1}
 	- libmspack 0.7-1 (bug #904802)
 	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
+	{DSA-4260-1}
 	- libmspack 0.7-1 (bug #904801)
 	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
+	{DSA-4260-1}
 	- libmspack 0.7-1 (bug #904800)
 	NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in ...)
+	{DSA-4260-1}
 	- libmspack 0.7-1 (bug #904799)
 	NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
@@ -14772,7 +14830,7 @@ CVE-2018-9019 (SQL Injection vulnerability in Dolibarr before version 7.0.2 allo
 	- dolibarr <removed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739
 CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...)
-	{DLA-1322-1}
+	{DLA-1456-1 DLA-1322-1}
 	- graphicsmagick 1.3.28-2 (bug #894396)
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
@@ -16981,17 +17039,17 @@ CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML
 CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit ...)
 	NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
 CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
-	{DLA-1322-1}
+	{DLA-1456-1 DLA-1322-1}
 	- graphicsmagick 1.3.27-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/475/
 CVE-2017-18230 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
-	{DLA-1322-1}
+	{DLA-1456-1 DLA-1322-1}
 	- graphicsmagick 1.3.27-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/473/
 CVE-2017-18229 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
-	{DLA-1322-1}
+	{DLA-1456-1 DLA-1322-1}
 	- graphicsmagick 1.3.27-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/461/
@@ -18089,14 +18147,14 @@ CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to sp
 CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in ...)
-	{DLA-1322-1}
+	{DLA-1456-1 DLA-1322-1}
 	- graphicsmagick 1.3.26-8
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
 	NOTE: Issue is related to CVE-2017-11403 but not the same issue.
 	TODO: check, needs clarification, the issue is CloseBlob use-after-free
 CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
-	{DLA-1322-1}
+	{DLA-1456-1 DLA-1322-1}
 	- graphicsmagick 1.3.27-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
@@ -20710,7 +20768,7 @@ CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...)
 CVE-2018-6915
 	RESERVED
 CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the ...)
-	{DLA-1421-1 DLA-1359-1 DLA-1358-1}
+	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -21004,7 +21062,7 @@ CVE-2018-6801
 CVE-2018-6800
 	RESERVED
 CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
-	{DLA-1282-1}
+	{DLA-1456-1 DLA-1282-1}
 	- graphicsmagick 1.3.28-1
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/531/
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/532/
@@ -24927,7 +24985,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...)
 	NOTE: EOF.
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
 CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ...)
-	{DLA-1245-1}
+	{DLA-1456-1 DLA-1245-1}
 	- graphicsmagick 1.3.27-4 (bug #887158)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/541/
@@ -30869,7 +30927,7 @@ CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the markup_clean_hre
 CVE-2017-17791
 	RESERVED
 CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...)
-	{DLA-1421-1 DLA-1222-1 DLA-1221-1}
+	{DSA-4259-1 DLA-1421-1 DLA-1222-1 DLA-1221-1}
 	- ruby2.5 2.5.0-1 (bug #884878)
 	- ruby2.3 <removed> (bug #884879)
 	- ruby2.1 <removed>
@@ -31025,7 +31083,7 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu
 CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
 	NOT-FOR-US: UCOPIA Wireless Appliance
 CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
-	{DLA-1421-1 DLA-1359-1 DLA-1358-1}
+	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -37404,7 +37462,7 @@ CVE-2017-17407 (This vulnerability allows remote attackers to execute arbitrary 
 CVE-2017-17406 (This vulnerability allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: NetGain
 CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...)
-	{DLA-1421-1 DLA-1222-1 DLA-1221-1}
+	{DSA-4259-1 DLA-1421-1 DLA-1222-1 DLA-1221-1}
 	- ruby2.5 2.5.0~rc1-1 (bug #884437)
 	- ruby2.3 2.3.6-1 (bug #884438)
 	- ruby2.1 <removed>
@@ -42602,7 +42660,7 @@ CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
 	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
 CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does ...)
-	{DLA-1170-1}
+	{DLA-1456-1 DLA-1170-1}
 	- graphicsmagick 1.3.26-18
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
@@ -43160,7 +43218,7 @@ CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disc
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8
 	NOTE: https://blogs.securiteam.com/index.php/archives/3494
 CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow ...)
-	{DLA-1159-1}
+	{DLA-1456-1 DLA-1159-1}
 	- graphicsmagick 1.3.26-17
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185
 	NOTE: https://blogs.securiteam.com/index.php/archives/3494
@@ -44558,7 +44616,7 @@ CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading 
 	NOTE: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
 	NOTE: https://github.com/radare/radare2/issues/8731
 CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null ...)
-	{DLA-1154-1}
+	{DLA-1456-1 DLA-1154-1}
 	- graphicsmagick 1.3.26-16 (bug #879999)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
@@ -46361,7 +46419,7 @@ CVE-2017-15279 (Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7
 CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...)
 	NOT-FOR-US: TeamPass
 CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...)
-	{DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1}
+	{DSA-4040-1 DSA-4032-1 DLA-1456-1 DLA-1140-1 DLA-1139-1}
 	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878578)
 	- graphicsmagick 1.3.26-14
 	NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
@@ -47408,7 +47466,7 @@ CVE-2017-14999
 CVE-2017-14998
 	RESERVED
 CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...)
-	{DLA-1130-1}
+	{DLA-1456-1 DLA-1130-1}
 	- graphicsmagick 1.3.26-13
 	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/
@@ -47417,7 +47475,7 @@ CVE-2017-14996
 CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...)
 	NOT-FOR-US: WSO2 Application Server
 CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote ...)
-	{DLA-1130-1}
+	{DLA-1456-1 DLA-1130-1}
 	- graphicsmagick 1.3.26-13
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
@@ -48875,7 +48933,7 @@ CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
 CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure ...)
-	{DLA-1130-1}
+	{DLA-1456-1 DLA-1130-1}
 	- graphicsmagick 1.3.26-11
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/
@@ -50947,14 +51005,15 @@ CVE-2017-13779 (GSTN_offline_tool in India Goods and Services Tax Network (GSTN)
 CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...)
 	NOT-FOR-US: Fiyo CMS
 CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
-	{DLA-1082-1}
+	{DLA-1456-1 DLA-1082-1}
 	- graphicsmagick 1.3.26-8 (low)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
 CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
-	{DLA-1082-1}
+	{DLA-1456-1 DLA-1082-1}
 	- graphicsmagick 1.3.26-8 (low)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
 CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() ...)
+	{DLA-1456-1}
 	- graphicsmagick 1.3.26-8 (low)
 	[wheezy] - graphicsmagick <not-affected> (Vulnerable code not present)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd
@@ -51157,7 +51216,7 @@ CVE-2017-13738 (There is an illegal address access in the _lou_getALine function
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297
 	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
 CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...)
-	{DLA-1140-1}
+	{DLA-1456-1 DLA-1140-1}
 	- graphicsmagick 1.3.26-15 (low; bug #878511)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/
@@ -53237,12 +53296,12 @@ CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
 CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
-	{DLA-1082-1}
+	{DLA-1456-1 DLA-1082-1}
 	- graphicsmagick 1.3.26-6 (bug #872575)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
 CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
-	{DLA-1082-1}
+	{DLA-1456-1 DLA-1082-1}
 	- graphicsmagick 1.3.26-6 (bug #872576)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
@@ -57389,11 +57448,11 @@ CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage(
 	- graphicsmagick 1.3.26-4 (bug #870157)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71
 CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
-	{DLA-1045-1}
+	{DLA-1456-1 DLA-1045-1}
 	- graphicsmagick 1.3.26-4 (bug #870156)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
 CVE-2017-11641 (GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in ...)
-	{DLA-1045-1}
+	{DLA-1456-1 DLA-1045-1}
 	- graphicsmagick 1.3.26-4 (bug #870155)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
 CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
@@ -57409,11 +57468,11 @@ CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8ec8ca4c61b1199b727cf52e440f3db79a5b0d0a
 CVE-2017-11638 (GraphicsMagick 1.3.26 has a segmentation violation in the ...)
-	{DLA-1045-1}
+	{DLA-1456-1 DLA-1045-1}
 	- graphicsmagick 1.3.26-4 (bug #870154)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
 CVE-2017-11637 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
-	{DLA-1045-1}
+	{DLA-1456-1 DLA-1045-1}
 	- graphicsmagick 1.3.26-4 (bug #870153)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257
 CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() ...)
@@ -58233,7 +58292,7 @@ CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administr
 CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...)
-	{DLA-1045-1}
+	{DLA-1456-1 DLA-1045-1}
 	- graphicsmagick 1.3.26-3
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
 	NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
@@ -59158,7 +59217,7 @@ CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f
 CVE-2017-11140 (The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 ...)
-	{DLA-1045-1}
+	{DLA-1456-1 DLA-1045-1}
 	- graphicsmagick 1.3.26-3 (low)
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a
 CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ...)
@@ -59300,7 +59359,7 @@ CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate servic
 	NOTE: https://www.samba.org/samba/security/CVE-2017-11103.html
 	NOTE: Upstream Samba Bug: https://bugzilla.samba.org/show_bug.cgi?id=12894
 CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
-	{DLA-1045-1}
+	{DLA-1456-1 DLA-1045-1}
 	- graphicsmagick 1.3.26-2 (bug #867746)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1
@@ -65282,7 +65341,7 @@ CVE-2017-9100 (login.cgi on D-Link DIR-600M devices with firmware 3.04 allows re
 CVE-2017-9099
 	RESERVED
 CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use ...)
-	{DSA-3863-1 DLA-960-1 DLA-953-1}
+	{DSA-3863-1 DLA-1456-1 DLA-960-1 DLA-953-1}
 	- imagemagick 8:6.9.7.4+dfsg-9 (bug #862967)
 	- graphicsmagick 1.3.24-1
 	NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
@@ -74117,6 +74176,7 @@ CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow re
 CVE-2017-6315 (Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute ...)
 	NOT-FOR-US: Astaro
 CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick ...)
+	{DLA-1456-1}
 	- graphicsmagick 1.3.25-8
 	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
 	NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
@@ -74441,10 +74501,10 @@ CVE-2017-6217
 	RESERVED
 CVE-2017-6216
 	RESERVED
-CVE-2017-6215
-	RESERVED
-CVE-2017-6213
-	RESERVED
+CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the ...)
+	TODO: check
+CVE-2017-6213 (paypal/invoice-sdk-php is vulnerable to reflected XSS in ...)
+	TODO: check
 CVE-2017-6212
 	REJECTED
 CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -105895,7 +105955,7 @@ CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
 	NOTE: Patch in 0.6.1-3 disabled PDF support
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
 CVE-2016-5239 (The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and ...)
-	{DSA-3580-1 DLA-486-1 DLA-484-1}
+	{DSA-3580-1 DLA-1456-1 DLA-486-1 DLA-484-1}
 	- graphicsmagick 1.3.24-1
 	- imagemagick 8:6.9.6.2+dfsg-2
 	NOTE: http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb86f1388ac2d828c5e9e58dcd8c8cdf5a81704c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb86f1388ac2d828c5e9e58dcd8c8cdf5a81704c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180803/b08690b1/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list