Author: jmm
Date: 2017-08-12 03:02:21 +0000 (Sat, 12 Aug 2017)
New Revision: 54664
Modified:
data/CVE/list
Log:
exiv2 no-dsa
imagemagick commit refs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-12 02:15:48 UTC (rev 54663)
+++ data/CVE/list 2017-08-12 03:02:21 UTC (rev 54664)
@@ -2554,6 +2554,7 @@
CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was
found in ...)
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870014)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/547
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375
CVE-2017-XXXX [use of uninitialized data in ImageMagick/coders/mat.c]
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870012)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/362
@@ -2663,9 +2664,10 @@
- libav <removed>
- ffmpeg 7:2.3.1-1
CVE-2017-11683 (There is a reachable assertion in the ...)
- - exiv2 <unfixed>
+ - exiv2 <unfixed> (low)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ [jessie] - exiv2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
- TODO: check
CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0
allows ...)
NOT-FOR-US: Hashtopussy
CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0
allows ...)
@@ -2821,6 +2823,8 @@
CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870067)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/584
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86
CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870065)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/588
@@ -2994,10 +2998,14 @@
CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown
Preview Plus ...)
NOT-FOR-US: Chrome extension Markdown Preview Plus
CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability
in the ...)
- - exiv2 <unfixed>
+ - exiv2 <unfixed> (low)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ [jessie] - exiv2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType
function in ...)
- - exiv2 <unfixed>
+ - exiv2 <unfixed> (low)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ [jessie] - exiv2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888
CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash
function in ...)
- libgxps 0.3.0-1 (low; bug #870183)
@@ -3102,9 +3110,10 @@
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2445
CVE-2017-11553 (There is an illegal address access in the extend_alias_table
function ...)
- - exiv2 <unfixed>
+ - exiv2 <unfixed> (low)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ [jessie] - exiv2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
- TODO: check
CVE-2017-11552 (The mad_decoder_run function in decoder.c in libmad 0.15.1b
allows ...)
- libmad <unfixed> (low; bug #870406)
[stretch] - libmad <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
