Author: sectracker
Date: 2017-08-23 09:10:15 +0000 (Wed, 23 Aug 2017)
New Revision: 54982
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-23 06:25:38 UTC (rev 54981)
+++ data/CVE/list 2017-08-23 09:10:15 UTC (rev 54982)
@@ -1,3 +1,43 @@
+CVE-2017-13146 (In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is
a memory ...)
+ TODO: check
+CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the
ReadJP2Image ...)
+ TODO: check
+CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than
a "width ...)
+ TODO: check
+CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the
ReadMATImage ...)
+ TODO: check
+CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a
crafted PNG ...)
+ TODO: check
+CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a
crafted file ...)
+ TODO: check
+CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ...)
+ TODO: check
+CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...)
+ TODO: check
+CVE-2017-13138
+ RESERVED
+CVE-2017-13137
+ RESERVED
+CVE-2017-13136
+ RESERVED
+CVE-2017-13135
+ RESERVED
+CVE-2017-13134 (In ImageMagick 7.0.6-6, a heap-based buffer over-read was
found in the ...)
+ TODO: check
+CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in
coders/xcf.c lacks ...)
+ TODO: check
+CVE-2017-13132 (In ImageMagick 7.0.6-8, the WritePDFImage function in
coders/pdf.c ...)
+ TODO: check
+CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found
in the ...)
+ TODO: check
+CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via
a crafted ...)
+ TODO: check
+CVE-2017-13129
+ RESERVED
+CVE-2017-13128
+ RESERVED
+CVE-2017-13127
+ RESERVED
CVE-2017-13126
RESERVED
CVE-2017-13125
@@ -11609,25 +11649,25 @@
NOTE: Fix in ffmpeg:
https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039
CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a
heap-based ...)
- {DLA-1008-1}
+ {DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #863018)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by:
https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a
heap-based ...)
- {DLA-1008-1}
+ {DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #863019)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by:
https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a
stack-based ...)
- {DLA-1008-1}
+ {DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #863021)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by:
https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
CVE-2017-9047 (A buffer overflow was discovered in libxml2 ...)
- {DLA-1008-1}
+ {DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #863022)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
@@ -12166,7 +12206,7 @@
CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T
devices. Due to ...)
NOT-FOR-US: OnePlus One
CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges
by ...)
- {DLA-1002-1}
+ {DSA-3951-1 DLA-1002-1}
- smb4k 1.2.1-2 (bug #862505)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt
@@ -16747,7 +16787,7 @@
NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c
CVE-2017-7376 [Incorrect limit used for port values]
RESERVED
- {DLA-1060-1}
+ {DSA-3952-1 DLA-1060-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #870865)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
NOTE: Android patch:
https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
@@ -16758,7 +16798,7 @@
NOTE: the port from ever being negative. Upstream decided to leave the
above patch.
CVE-2017-7375 [Missing validation for external entities in xmlParsePEReference]
RESERVED
- {DLA-1008-1}
+ {DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #870867)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
NOTE: Android patch:
https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
@@ -35361,7 +35401,7 @@
CVE-2017-0664 (A elevation of privilege vulnerability in the Android
framework. ...)
NOT-FOR-US: Android
CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable
an ...)
- {DLA-1060-1}
+ {DSA-3952-1 DLA-1060-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #870870)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
NOTE:
https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
