[Git][security-tracker-team/security-tracker][master] Triage CVE-2017-10794 and CVE-2017-17913 for graphicsmagick in Jessie
Markus Koschany
apo at debian.org
Tue May 29 16:22:17 BST 2018
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7046f872 by Markus Koschany at 2018-05-29T17:20:49+02:00
Triage CVE-2017-10794 and CVE-2017-17913 for graphicsmagick in Jessie
CVE-2017-10794: samples_per_pixel does not exist and is not evaluated
CVE-2017-17913: webp feature is not compiled in
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21436,6 +21436,7 @@ CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the fu
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based ...)
- graphicsmagick 1.3.27-3
+ [jessie] - graphicsmagick <not-affected> (webp feature was not compiled in)
[wheezy] - graphicsmagick <not-affected> (webp feature has not been implemented)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/88313ebe379c
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f
@@ -50967,6 +50968,7 @@ CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 al
NOT-FOR-US: Subrion CMS
CVE-2017-10794 (When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata ...)
- graphicsmagick 1.3.26-1 (bug #867085)
+ [jessie] - graphicsmagick <not-affected> (vulnerable code not present)
[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a20bee0a0ad2
CVE-2017-10793 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7046f8724af425cd2a01bb75707e8677d5f1c200
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7046f8724af425cd2a01bb75707e8677d5f1c200
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180529/57c44d27/attachment.html>
More information about the debian-security-tracker-commits
mailing list