Author: sectracker
Date: 2016-10-25 09:10:13 +0000 (Tue, 25 Oct 2016)
New Revision: 45577
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-25 09:06:01 UTC (rev 45576)
+++ data/CVE/list 2016-10-25 09:10:13 UTC (rev 45577)
@@ -530,42 +530,52 @@
NOTE: Corresponds to the
0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch
CVE-2016-8703
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8702
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8701
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8700
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8699
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8698
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8697 [AddressSanitizer: FPE on unknown address 0x508d51 in bm_new ...
bitmap.h]
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/
CVE-2016-8696
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8695
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8694
RESERVED
+ {DLA-675-1}
- potrace 1.13-1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
@@ -1105,7 +1115,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/13
CVE-2016-8602 [type confusion]
RESERVED
- {DSA-3691-1}
+ {DSA-3691-1 DLA-674-1}
- ghostscript <unfixed> (bug #840451)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
@@ -1347,7 +1357,7 @@
RESERVED
CVE-2016-7979 [type confusion in .initialize_dsc_parser allows remote code
execution]
RESERVED
- {DSA-3691-1}
+ {DSA-3691-1 DLA-674-1}
- ghostscript <unfixed> (bug #839846)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
@@ -1356,7 +1366,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
CVE-2016-7978 [reference leak in .setdevice allows use-after-free and remote
code execution]
RESERVED
- {DSA-3691-1}
+ {DSA-3691-1 DLA-674-1}
- ghostscript <unfixed> (bug #839845)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
@@ -1364,7 +1374,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7977 [.libfile doesn't check PermitFileReading array, allowing remote
file disclosure]
RESERVED
- {DSA-3691-1}
+ {DSA-3691-1 DLA-674-1}
- ghostscript <unfixed> (high; bug #839841)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
NOTE: Reproducer:
http://www.openwall.com/lists/oss-security/2016/09/29/28
@@ -1372,7 +1382,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7976 [various userparams allow %pipe% in paths, allowing remote shell
command execution]
RESERVED
- {DSA-3691-1}
+ {DSA-3691-1 DLA-674-1}
- ghostscript <unfixed> (high; bug #839260)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
NOTE: Reproducer:
http://www.openwall.com/lists/oss-security/2016/09/30/8
@@ -49478,6 +49488,7 @@
NOTE: libbluray is only in wheezy and later and the issue is neutered
by the kernel hardening for /tmp
NOTE: Affected code removed in 0.7.0-1
CVE-2013-7437 (Multiple integer overflows in potrace 1.11 allow remote
attackers to ...)
+ {DLA-675-1}
- potrace 1.12-1 (bug #778646)
[squeeze] - potrace <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808
@@ -83745,7 +83756,7 @@
- serendipity <not-affected> (Spellcheck plugin not included in 1.5.x)
CVE-2013-5653 [Ghostscript information disclosure through getenv,
filenameforall]
RESERVED
- {DSA-3691-1}
+ {DSA-3691-1 DLA-674-1}
- ghostscript <unfixed> (low; bug #839118)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694724
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
