Author: sectracker
Date: 2017-11-05 21:10:14 +0000 (Sun, 05 Nov 2017)
New Revision: 57351
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-05 19:35:53 UTC (rev 57350)
+++ data/CVE/list 2017-11-05 21:10:14 UTC (rev 57351)
@@ -1,3 +1,9 @@
+CVE-2017-16544
+ RESERVED
+CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via ...)
+ TODO: check
+CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 allows
Post-authentication ...)
+ TODO: check
CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote
attackers to ...)
TODO: check
CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote
database ...)
@@ -1953,6 +1959,7 @@
CVE-2017-15864
RESERVED
CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol
Scripting" ...)
+ {DLA-1161-1}
- redis 3:3.2.7-1
NOTE:
https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks
plugin ...)
@@ -9107,6 +9114,7 @@
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870013)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430
CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a
crafted file ...)
+ {DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/600
CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the
Bridge theme ...)
@@ -11046,6 +11054,7 @@
- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/617
CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in
...)
+ {DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/621
CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in
WriteCALSImage ...)
@@ -11133,7 +11142,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/550
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in
...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/542
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
@@ -11316,7 +11325,7 @@
NOTE: https://github.com/rsyslog/rsyslog/pull/1565
NOTE: The zmq3 input and output modules are not enabled and built in
Debian
CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the
ReadPWPImage ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870526)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/535
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add
@@ -11732,7 +11741,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620
CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was
found in ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870491)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/536
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7
@@ -13291,13 +13300,14 @@
NOTE: changing the upstream pro file to enable YT_USE_YTSIG.
YT_USE_YTSIG is
NOTE: disabled by default on upstream since 17.2.0
CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ...)
+ {DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870111)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/596
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645
CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in
...)
@@ -13306,7 +13316,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a
crafted PNG ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870105)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
@@ -13438,12 +13448,13 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was
found in ...)
+ {DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870014)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/547
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375
CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the
ReadMATImage ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870012)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/362
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
@@ -13633,6 +13644,7 @@
CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet
function in ...)
NOT-FOR-US: eapmd5pass
CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the
ReadJP2Image ...)
+ {DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869830)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/501
@@ -13738,13 +13750,13 @@
- graphicsmagick 1.3.26-4 (bug #870155)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870067)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/584
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86
CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870065)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/588
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014
@@ -13828,7 +13840,7 @@
NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/kohler/t1utils/issues/6
CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than
a "width ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869728)
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84
@@ -13850,13 +13862,13 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f
CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was
found in the ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869715)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/555
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/5660836f9197107e9c38f14f27a45c2d9f26afe2
CVE-2017-12428 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found
in the ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869713)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/544
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b2b48d50300a9fbcd0aa0d9230fd6d7a08f7671e
@@ -14140,7 +14152,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/0a80c9e5f293a8de51011ac784ac52b96932c08f
NOTE: Introduced after:
https://github.com/ImageMagick/ImageMagick/commit/0bf18387ae1336475631284854b664d0e2d89697
CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869712)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/560
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd
@@ -14152,7 +14164,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/167e1538ae9818d46c9462a4273082871e35a480
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/dba1ccfbcdf61c0eb599c7c308b42ed46dc92be6
CVE-2017-11535 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869827)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/561
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4
@@ -14163,7 +14175,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/564
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3f21b17f06eacb40dab08738e0abf68fb0d58c90
CVE-2017-11533 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869834)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/562
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f0c29cc251578fe0ad8ec7b72f2487a77a1696b8
@@ -14227,7 +14239,7 @@
[wheezy] - tor <not-affected> (aa-exec in jessie is located in
/usr/sbin/)
NOTE: https://twitter.com/pissquark/status/888142796414226432
CVE-2017-11523 (The ReadTXTImage function in coders/txt.c in ImageMagick
through ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #869210)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/591
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
@@ -14386,7 +14398,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick
7.0.6-1 has an ...)
- {DLA-1081-1}
+ {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #868950)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/537
NOTE: ImageMagick-7:
https://github.com/ImageMagick/ImageMagick/commit/787ee25e9fb0e4e0509121342371d925fe5044f8
@@ -19944,7 +19956,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/491
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74
CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in
the ...)
- {DLA-1000-1}
+ {DSA-4019-1 DLA-1000-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/500
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
