Author: sectracker
Date: 2017-11-12 21:10:13 +0000 (Sun, 12 Nov 2017)
New Revision: 57585
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-12 20:47:07 UTC (rev 57584)
+++ data/CVE/list 2017-11-12 21:10:13 UTC (rev 57585)
@@ -1,3 +1,15 @@
+CVE-2017-16800
+ RESERVED
+CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in
modules/New/action.addcategory.php, ...)
+ TODO: check
+CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in
...)
+ TODO: check
+CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not
properly ...)
+ TODO: check
+CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not
check ...)
+ TODO: check
+CVE-2017-16795
+ RESERVED
CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not
properly ...)
- swftools <unfixed>
NOTE: https://github.com/matthiaskramm/swftools/issues/50
@@ -3947,7 +3959,7 @@
CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before
2.1.27.9. ...)
NOT-FOR-US: TeamPass
CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and
GraphicsMagick ...)
- {DLA-1140-1 DLA-1139-1}
+ {DSA-4032-1 DLA-1140-1 DLA-1139-1}
- imagemagick <unfixed> (bug #878578)
- graphicsmagick 1.3.26-14
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5
@@ -4869,7 +4881,7 @@
NOTE: https://core.trac.wordpress.org/ticket/38474
NOTE: Wordpress in Wheezy requires a database upgrade and backports of
new functions
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in
...)
- {DLA-1131-1}
+ {DSA-4032-1 DLA-1131-1}
- imagemagick <unfixed> (bug #878562)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
@@ -5752,7 +5764,7 @@
CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as
demonstrated by ...)
NOT-FOR-US: geminabox
CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows
remote ...)
- {DLA-1131-1}
+ {DSA-4032-1 DLA-1131-1}
- imagemagick <unfixed> (bug #876488)
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
@@ -5987,7 +5999,7 @@
NOTE:
https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
NOTE: https://github.com/LibRaw/LibRaw/issues/101
CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related
to ...)
- {DLA-1131-1}
+ {DSA-4032-1 DLA-1131-1}
- imagemagick <unfixed> (low; bug #878527)
NOTE: IM6 patch:
https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
@@ -7082,7 +7094,7 @@
- libav <undetermined>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c
in ...)
- {DLA-1131-1}
+ {DSA-4032-1 DLA-1131-1}
- imagemagick <unfixed> (bug #876097)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
@@ -8296,7 +8308,7 @@
CVE-2017-13770
RESERVED
CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in
ImageMagick ...)
- {DLA-1131-1}
+ {DSA-4032-1 DLA-1131-1}
- imagemagick <unfixed> (low; bug #878507)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
@@ -8346,7 +8358,7 @@
CVE-2017-13759
RESERVED
CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow
in the ...)
- {DLA-1131-1}
+ {DSA-4032-1 DLA-1131-1}
- imagemagick <unfixed> (bug #878508)
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
@@ -9840,7 +9852,7 @@
CVE-2017-13135
RESERVED
CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based
buffer ...)
- {DLA-1081-1}
+ {DSA-4032-1 DLA-1081-1}
- imagemagick <unfixed> (bug #873099)
- graphicsmagick 1.3.26-19 (bug #881524)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
@@ -10278,7 +10290,7 @@
CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to
message.php, ...)
NOT-FOR-US: PHPMyWind
CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in
coders/sfw.c ...)
- {DLA-1081-1}
+ {DSA-4032-1 DLA-1081-1}
- imagemagick <unfixed> (bug #873134)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/682
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
