[Secure-testing-commits] r47414 - data/CVE

security tracker role Sat, 24 Dec 2016 13:10:40 -0800

Author: sectracker
Date: 2016-12-24 21:10:11 +0000 (Sat, 24 Dec 2016)
New Revision: 47414


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-12-24 21:01:42 UTC (rev 47413)
+++ data/CVE/list       2016-12-24 21:10:11 UTC (rev 47414)
@@ -516,9 +516,11 @@
        NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
        NOTE: 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215
 CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting 
Vulnerability ...)
+       {DLA-760-1}
        - spip <unfixed> (bug #848641)
        NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
 CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting 
Vulnerability ...)
+       {DLA-760-1}
        - spip <unfixed> (bug #848641)
        NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
 CVE-2015-8979 [remote stack buffer overflow]
@@ -564,7 +566,7 @@
 CVE-2016-582384
        REJECTED
 CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a 
&quot;\r\n&quot; ...)
-       {DSA-3743-1}
+       {DSA-3743-1 DLA-761-1}
        - python-bottle 0.12.11-1 (bug #848392)
        NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913
        NOTE: Upstream patch: 
https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
@@ -2780,6 +2782,7 @@
        NOTE: 
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
 CVE-2016-9830 [memory allocation failure in MagickRealloc]
        RESERVED
+       {DSA-3746-1}
        - graphicsmagick 1.3.25-6 (bug #847055)
        NOTE: 
https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
        NOTE: POC: 
https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
@@ -12357,19 +12360,19 @@
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
 CVE-2016-8684 [memory allocation failure in MagickMalloc (memory.c)]
        RESERVED
-       {DLA-683-1}
+       {DSA-3746-1 DLA-683-1}
        - graphicsmagick 1.3.25-5
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/
        NOTE: Fixed by: 
http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
 CVE-2016-8683 [memory allocation failure in ReadPCXImage (pcx.c)]
        RESERVED
-       {DLA-683-1}
+       {DSA-3746-1 DLA-683-1}
        - graphicsmagick 1.3.25-5
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/
        NOTE: Fixed by: 
http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9
 CVE-2016-8682 [stack-based buffer overflow in ReadSCTImage (sct.c)]
        RESERVED
-       {DLA-683-1}
+       {DSA-3746-1 DLA-683-1}
        - graphicsmagick 1.3.25-5
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
        NOTE: Fixed by: 
http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
@@ -14272,12 +14275,12 @@
        NOTE: reproducible in Jessie (3.0.17-2+deb8u2)
 CVE-2016-7997 [denial of service via a crash due to an assertion]
        RESERVED
-       {DLA-683-1}
+       {DSA-3746-1 DLA-683-1}
        - graphicsmagick 1.3.25-4
        NOTE: patch for this and CVE-2016-7996 at: 
http://openwall.com/lists/oss-security/2016/10/07/4
 CVE-2016-7996 [missing check that the provided colormap is not larger than 256 
entries resulting in potential heap overflow]
        RESERVED
-       {DLA-683-1}
+       {DSA-3746-1 DLA-683-1}
        - graphicsmagick 1.3.21-2
        NOTE: The patch addressing CVE-2016-7996 applied is in 1.3.25-4, but in
        NOTE: the experimental upload 1.3.20-4 and later uploaded to unstable as
@@ -14848,7 +14851,7 @@
        RESERVED
 CVE-2016-7800
        RESERVED
-       {DLA-651-1}
+       {DSA-3746-1 DLA-651-1}
        - graphicsmagick 1.3.25-3
        NOTE: 
https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
 CVE-2016-7799 [mogrify global buffer overflow]
@@ -23382,7 +23385,7 @@
        NOTE: Fixed by: 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
 CVE-2016-5240 [negative stroke-dasharray arguments which were resulting in 
endless looping.]
        RESERVED
-       {DLA-547-1}
+       {DSA-3746-1 DLA-547-1}
        - graphicsmagick 1.3.24-1
        NOTE: Fixed by: 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
        NOTE: DLA-547-1 didn't fix this properly
@@ -24274,7 +24277,7 @@
        NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/
        NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842
 CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 
and ...)
-       {DSA-3591-1 DLA-502-1 DLA-500-1}
+       {DSA-3746-1 DSA-3591-1 DLA-502-1 DLA-500-1}
        - imagemagick 8:6.8.9.9-7.1 (bug #825799)
        - graphicsmagick 1.3.24-1 (bug #825800)
        NOTE: fixed by 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
@@ -28445,12 +28448,12 @@
        - graphicsmagick 1.3.24-1
        NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x 
before ...)
-       {DSA-3580-1 DLA-486-1 DLA-484-1}
+       {DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
        - imagemagick 8:6.9.6.2+dfsg-2
        - graphicsmagick 1.3.24-1
        NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) 
SHOW, ...)
-       {DSA-3580-1 DLA-486-1 DLA-484-1}
+       {DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
        - imagemagick 8:6.9.6.2+dfsg-2
        NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
        NOTE: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
@@ -32840,12 +32843,12 @@
        NOT-FOR-US: Huawei
 CVE-2016-2318
        RESERVED
-       {DLA-484-1}
+       {DSA-3746-1 DLA-484-1}
        - graphicsmagick 1.3.24-1 (bug #814732)
        NOTE: FIX 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31
 CVE-2016-2317
        RESERVED
-       {DLA-484-1}
+       {DSA-3746-1 DLA-484-1}
        - graphicsmagick 1.3.24-1 (bug #814732)
        NOTE: FIX 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6
        NOTE: FIX 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52b59d2ef4a1
@@ -33102,7 +33105,7 @@
        NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/ (not public)
        NOTE: According to upstream fixed in 6.2.0, but not details available
 CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 
1.3.18 ...)
-       {DLA-484-1}
+       {DSA-3746-1 DLA-484-1}
        - graphicsmagick 1.3.21-2
        NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
        NOTE: 
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47414 - data/CVE

Reply via email to