[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 3 09:11:32 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cb86f138 by security tracker role at 2018-08-03T08:11:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,57 @@
+CVE-2018-14878
+ RESERVED
+CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site ...)
+ TODO: check
+CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in ...)
+ TODO: check
+CVE-2018-14875
+ RESERVED
+CVE-2018-14874
+ RESERVED
+CVE-2018-14873 (An issue was discovered in Rincewind 0.1. There is a cross-site ...)
+ TODO: check
+CVE-2018-14872 (An issue was discovered in Rincewind 0.1. A reinstall vulnerability ...)
+ TODO: check
+CVE-2018-14871
+ RESERVED
+CVE-2018-14870
+ RESERVED
+CVE-2018-14869
+ RESERVED
+CVE-2018-14868
+ RESERVED
+CVE-2018-14867
+ RESERVED
+CVE-2018-14866
+ RESERVED
+CVE-2018-14865
+ RESERVED
+CVE-2018-14864
+ RESERVED
+CVE-2018-14863
+ RESERVED
+CVE-2018-14862
+ RESERVED
+CVE-2018-14861
+ RESERVED
+CVE-2018-14860
+ RESERVED
+CVE-2018-14859
+ RESERVED
+CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
+ TODO: check
+CVE-2018-14857
+ RESERVED
+CVE-2018-14856
+ RESERVED
+CVE-2018-14855
+ RESERVED
+CVE-2018-14854
+ RESERVED
+CVE-2018-14853
+ RESERVED
+CVE-2018-14852
+ RESERVED
CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...)
- php7.2 7.2.8-1
- php7.1 <unfixed>
@@ -429,18 +483,22 @@ CVE-2018-14669
CVE-2018-14668
RESERVED
CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
+ {DSA-4260-1}
- libmspack 0.7-1 (bug #904802)
NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
+ {DSA-4260-1}
- libmspack 0.7-1 (bug #904801)
NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
+ {DSA-4260-1}
- libmspack 0.7-1 (bug #904800)
NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in ...)
+ {DSA-4260-1}
- libmspack 0.7-1 (bug #904799)
NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
@@ -14772,7 +14830,7 @@ CVE-2018-9019 (SQL Injection vulnerability in Dolibarr before version 7.0.2 allo
- dolibarr <removed>
NOTE: https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739
CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...)
- {DLA-1322-1}
+ {DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.28-2 (bug #894396)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
@@ -16981,17 +17039,17 @@ CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML
CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit ...)
NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
- {DLA-1322-1}
+ {DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/475/
CVE-2017-18230 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
- {DLA-1322-1}
+ {DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/473/
CVE-2017-18229 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
- {DLA-1322-1}
+ {DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/461/
@@ -18089,14 +18147,14 @@ CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to sp
CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: SecurEnvoy SecurMail
CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in ...)
- {DLA-1322-1}
+ {DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.26-8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
NOTE: Issue is related to CVE-2017-11403 but not the same issue.
TODO: check, needs clarification, the issue is CloseBlob use-after-free
CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
- {DLA-1322-1}
+ {DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
@@ -20710,7 +20768,7 @@ CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...)
CVE-2018-6915
RESERVED
CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the ...)
- {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -21004,7 +21062,7 @@ CVE-2018-6801
CVE-2018-6800
RESERVED
CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
- {DLA-1282-1}
+ {DLA-1456-1 DLA-1282-1}
- graphicsmagick 1.3.28-1
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/531/
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/532/
@@ -24927,7 +24985,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...)
NOTE: EOF.
NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ...)
- {DLA-1245-1}
+ {DLA-1456-1 DLA-1245-1}
- graphicsmagick 1.3.27-4 (bug #887158)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/541/
@@ -30869,7 +30927,7 @@ CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the markup_clean_hre
CVE-2017-17791
RESERVED
CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...)
- {DLA-1421-1 DLA-1222-1 DLA-1221-1}
+ {DSA-4259-1 DLA-1421-1 DLA-1222-1 DLA-1221-1}
- ruby2.5 2.5.0-1 (bug #884878)
- ruby2.3 <removed> (bug #884879)
- ruby2.1 <removed>
@@ -31025,7 +31083,7 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu
CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -37404,7 +37462,7 @@ CVE-2017-17407 (This vulnerability allows remote attackers to execute arbitrary
CVE-2017-17406 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: NetGain
CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...)
- {DLA-1421-1 DLA-1222-1 DLA-1221-1}
+ {DSA-4259-1 DLA-1421-1 DLA-1222-1 DLA-1221-1}
- ruby2.5 2.5.0~rc1-1 (bug #884437)
- ruby2.3 2.3.6-1 (bug #884438)
- ruby2.1 <removed>
@@ -42602,7 +42660,7 @@ CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does ...)
- {DLA-1170-1}
+ {DLA-1456-1 DLA-1170-1}
- graphicsmagick 1.3.26-18
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
@@ -43160,7 +43218,7 @@ CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disc
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8
NOTE: https://blogs.securiteam.com/index.php/archives/3494
CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow ...)
- {DLA-1159-1}
+ {DLA-1456-1 DLA-1159-1}
- graphicsmagick 1.3.26-17
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185
NOTE: https://blogs.securiteam.com/index.php/archives/3494
@@ -44558,7 +44616,7 @@ CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading
NOTE: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
NOTE: https://github.com/radare/radare2/issues/8731
CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null ...)
- {DLA-1154-1}
+ {DLA-1456-1 DLA-1154-1}
- graphicsmagick 1.3.26-16 (bug #879999)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
@@ -46361,7 +46419,7 @@ CVE-2017-15279 (Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7
CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...)
NOT-FOR-US: TeamPass
CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...)
- {DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1}
+ {DSA-4040-1 DSA-4032-1 DLA-1456-1 DLA-1140-1 DLA-1139-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #878578)
- graphicsmagick 1.3.26-14
NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
@@ -47408,7 +47466,7 @@ CVE-2017-14999
CVE-2017-14998
RESERVED
CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...)
- {DLA-1130-1}
+ {DLA-1456-1 DLA-1130-1}
- graphicsmagick 1.3.26-13
NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/
@@ -47417,7 +47475,7 @@ CVE-2017-14996
CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...)
NOT-FOR-US: WSO2 Application Server
CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote ...)
- {DLA-1130-1}
+ {DLA-1456-1 DLA-1130-1}
- graphicsmagick 1.3.26-13
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
@@ -48875,7 +48933,7 @@ CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure ...)
- {DLA-1130-1}
+ {DLA-1456-1 DLA-1130-1}
- graphicsmagick 1.3.26-11
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/
@@ -50947,14 +51005,15 @@ CVE-2017-13779 (GSTN_offline_tool in India Goods and Services Tax Network (GSTN)
CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...)
NOT-FOR-US: Fiyo CMS
CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
- {DLA-1082-1}
+ {DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-8 (low)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
- {DLA-1082-1}
+ {DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-8 (low)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() ...)
+ {DLA-1456-1}
- graphicsmagick 1.3.26-8 (low)
[wheezy] - graphicsmagick <not-affected> (Vulnerable code not present)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd
@@ -51157,7 +51216,7 @@ CVE-2017-13738 (There is an illegal address access in the _lou_getALine function
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297
NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...)
- {DLA-1140-1}
+ {DLA-1456-1 DLA-1140-1}
- graphicsmagick 1.3.26-15 (low; bug #878511)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196
NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/
@@ -53237,12 +53296,12 @@ CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
- {DLA-1082-1}
+ {DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872575)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
- {DLA-1082-1}
+ {DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872576)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
@@ -57389,11 +57448,11 @@ CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage(
- graphicsmagick 1.3.26-4 (bug #870157)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71
CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
- {DLA-1045-1}
+ {DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870156)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11641 (GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in ...)
- {DLA-1045-1}
+ {DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870155)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
@@ -57409,11 +57468,11 @@ CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
NOTE: https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8ec8ca4c61b1199b727cf52e440f3db79a5b0d0a
CVE-2017-11638 (GraphicsMagick 1.3.26 has a segmentation violation in the ...)
- {DLA-1045-1}
+ {DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870154)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11637 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
- {DLA-1045-1}
+ {DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870153)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257
CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() ...)
@@ -58233,7 +58292,7 @@ CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administr
CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...)
- {DLA-1045-1}
+ {DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-3
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
@@ -59158,7 +59217,7 @@ CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6
NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f
CVE-2017-11140 (The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 ...)
- {DLA-1045-1}
+ {DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-3 (low)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a
CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ...)
@@ -59300,7 +59359,7 @@ CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate servic
NOTE: https://www.samba.org/samba/security/CVE-2017-11103.html
NOTE: Upstream Samba Bug: https://bugzilla.samba.org/show_bug.cgi?id=12894
CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
- {DLA-1045-1}
+ {DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-2 (bug #867746)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1
@@ -65282,7 +65341,7 @@ CVE-2017-9100 (login.cgi on D-Link DIR-600M devices with firmware 3.04 allows re
CVE-2017-9099
RESERVED
CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use ...)
- {DSA-3863-1 DLA-960-1 DLA-953-1}
+ {DSA-3863-1 DLA-1456-1 DLA-960-1 DLA-953-1}
- imagemagick 8:6.9.7.4+dfsg-9 (bug #862967)
- graphicsmagick 1.3.24-1
NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
@@ -74117,6 +74176,7 @@ CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow re
CVE-2017-6315 (Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute ...)
NOT-FOR-US: Astaro
CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick ...)
+ {DLA-1456-1}
- graphicsmagick 1.3.25-8
[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
@@ -74441,10 +74501,10 @@ CVE-2017-6217
RESERVED
CVE-2017-6216
RESERVED
-CVE-2017-6215
- RESERVED
-CVE-2017-6213
- RESERVED
+CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the ...)
+ TODO: check
+CVE-2017-6213 (paypal/invoice-sdk-php is vulnerable to reflected XSS in ...)
+ TODO: check
CVE-2017-6212
REJECTED
CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -105895,7 +105955,7 @@ CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
NOTE: Patch in 0.6.1-3 disabled PDF support
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
CVE-2016-5239 (The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and ...)
- {DSA-3580-1 DLA-486-1 DLA-484-1}
+ {DSA-3580-1 DLA-1456-1 DLA-486-1 DLA-484-1}
- graphicsmagick 1.3.24-1
- imagemagick 8:6.9.6.2+dfsg-2
NOTE: http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb86f1388ac2d828c5e9e58dcd8c8cdf5a81704c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb86f1388ac2d828c5e9e58dcd8c8cdf5a81704c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180803/b08690b1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list