Author: sectracker Date: 2016-12-24 21:10:11 +0000 (Sat, 24 Dec 2016) New Revision: 47414
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-24 21:01:42 UTC (rev 47413) +++ data/CVE/list 2016-12-24 21:10:11 UTC (rev 47414) @@ -516,9 +516,11 @@ NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215 CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ...) + {DLA-760-1} - spip <unfixed> (bug #848641) NOTE: https://core.spip.net/projects/spip/repository/revisions/23288 CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...) + {DLA-760-1} - spip <unfixed> (bug #848641) NOTE: https://core.spip.net/projects/spip/repository/revisions/23288 CVE-2015-8979 [remote stack buffer overflow] @@ -564,7 +566,7 @@ CVE-2016-582384 REJECTED CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" ...) - {DSA-3743-1} + {DSA-3743-1 DLA-761-1} - python-bottle 0.12.11-1 (bug #848392) NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913 NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54 @@ -2780,6 +2782,7 @@ NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c CVE-2016-9830 [memory allocation failure in MagickRealloc] RESERVED + {DSA-3746-1} - graphicsmagick 1.3.25-6 (bug #847055) NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc @@ -12357,19 +12360,19 @@ NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/ CVE-2016-8684 [memory allocation failure in MagickMalloc (memory.c)] RESERVED - {DLA-683-1} + {DSA-3746-1 DLA-683-1} - graphicsmagick 1.3.25-5 NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/ NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449 CVE-2016-8683 [memory allocation failure in ReadPCXImage (pcx.c)] RESERVED - {DLA-683-1} + {DSA-3746-1 DLA-683-1} - graphicsmagick 1.3.25-5 NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/ NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9 CVE-2016-8682 [stack-based buffer overflow in ReadSCTImage (sct.c)] RESERVED - {DLA-683-1} + {DSA-3746-1 DLA-683-1} - graphicsmagick 1.3.25-5 NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/ NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d @@ -14272,12 +14275,12 @@ NOTE: reproducible in Jessie (3.0.17-2+deb8u2) CVE-2016-7997 [denial of service via a crash due to an assertion] RESERVED - {DLA-683-1} + {DSA-3746-1 DLA-683-1} - graphicsmagick 1.3.25-4 NOTE: patch for this and CVE-2016-7996 at: http://openwall.com/lists/oss-security/2016/10/07/4 CVE-2016-7996 [missing check that the provided colormap is not larger than 256 entries resulting in potential heap overflow] RESERVED - {DLA-683-1} + {DSA-3746-1 DLA-683-1} - graphicsmagick 1.3.21-2 NOTE: The patch addressing CVE-2016-7996 applied is in 1.3.25-4, but in NOTE: the experimental upload 1.3.20-4 and later uploaded to unstable as @@ -14848,7 +14851,7 @@ RESERVED CVE-2016-7800 RESERVED - {DLA-651-1} + {DSA-3746-1 DLA-651-1} - graphicsmagick 1.3.25-3 NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/ CVE-2016-7799 [mogrify global buffer overflow] @@ -23382,7 +23385,7 @@ NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7 CVE-2016-5240 [negative stroke-dasharray arguments which were resulting in endless looping.] RESERVED - {DLA-547-1} + {DSA-3746-1 DLA-547-1} - graphicsmagick 1.3.24-1 NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c NOTE: DLA-547-1 didn't fix this properly @@ -24274,7 +24277,7 @@ NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/ NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842 CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ...) - {DSA-3591-1 DLA-502-1 DLA-500-1} + {DSA-3746-1 DSA-3591-1 DLA-502-1 DLA-500-1} - imagemagick 8:6.8.9.9-7.1 (bug #825799) - graphicsmagick 1.3.24-1 (bug #825800) NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858 @@ -28445,12 +28448,12 @@ - graphicsmagick 1.3.24-1 NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...) - {DSA-3580-1 DLA-486-1 DLA-484-1} + {DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1} - imagemagick 8:6.9.6.2+dfsg-2 - graphicsmagick 1.3.24-1 NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...) - {DSA-3580-1 DLA-486-1 DLA-484-1} + {DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1} - imagemagick 8:6.9.6.2+dfsg-2 NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3 NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 @@ -32840,12 +32843,12 @@ NOT-FOR-US: Huawei CVE-2016-2318 RESERVED - {DLA-484-1} + {DSA-3746-1 DLA-484-1} - graphicsmagick 1.3.24-1 (bug #814732) NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31 CVE-2016-2317 RESERVED - {DLA-484-1} + {DSA-3746-1 DLA-484-1} - graphicsmagick 1.3.24-1 (bug #814732) NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6 NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52b59d2ef4a1 @@ -33102,7 +33105,7 @@ NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/ (not public) NOTE: According to upstream fixed in 6.2.0, but not details available CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 ...) - {DLA-484-1} + {DSA-3746-1 DLA-484-1} - graphicsmagick 1.3.21-2 NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits