Author: jmm Date: 2017-08-08 15:35:19 +0000 (Tue, 08 Aug 2017) New Revision: 54437
Modified: data/CVE/list Log: mark some imagemagick memleaks as unimportant we won't treat these as security issues for older releases glance is treated as a documented shortcoming by upstream Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-08 14:17:00 UTC (rev 54436) +++ data/CVE/list 2017-08-08 15:35:19 UTC (rev 54437) @@ -14,16 +14,16 @@ - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/604 CVE-2017-12673 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...) - - imagemagick 8:6.9.7.4+dfsg-15 (bug #870117) + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870117) NOTE: https://github.com/ImageMagick/ImageMagick/issues/619 CVE-2017-12672 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...) - - imagemagick 8:6.9.7.4+dfsg-14 (bug #870021) + - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021) NOTE: https://github.com/ImageMagick/ImageMagick/issues/617 CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in ...) - - imagemagick 8:6.9.7.4+dfsg-15 (bug #870119) + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119) NOTE: https://github.com/ImageMagick/ImageMagick/issues/621 CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...) - - imagemagick 8:6.9.7.4+dfsg-16 (bug #870475) + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870475) NOTE: https://github.com/ImageMagick/ImageMagick/issues/571 CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in ...) - imagemagick 8:6.9.7.4+dfsg-16 (bug #870489) @@ -29335,7 +29335,6 @@ CVE-2017-2575 [NULL pointer dereference in image_alloc] RESERVED NOT-FOR-US: libbpg - NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg CVE-2017-2574 RESERVED CVE-2017-2573 @@ -52406,12 +52405,10 @@ CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 allow ...) NOT-FOR-US: HPE Performance Center CVE-2016-4383 (The glance-manage db in all versions of HPE Helion Openstack Glance ...) - - glance <unfixed> (bug #868185) - [stretch] - glance <no-dsa> (Minor issue) - [jessie] - glance <no-dsa> (Minor issue) - [wheezy] - glance <end-of-life> (Not supported in Wheezy LTS) + - glance <unfixed> (unimportant; bug #868185) NOTE: https://bugs.launchpad.net/glance/+bug/1593799/ NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0075 + NOTE: No code fix, documented shortcoming CVE-2016-4382 (HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows ...) NOT-FOR-US: HPE Performance Center CVE-2016-4381 (HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits