Author: jmm Date: 2017-08-12 03:02:21 +0000 (Sat, 12 Aug 2017) New Revision: 54664
Modified: data/CVE/list Log: exiv2 no-dsa imagemagick commit refs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-12 02:15:48 UTC (rev 54663) +++ data/CVE/list 2017-08-12 03:02:21 UTC (rev 54664) @@ -2554,6 +2554,7 @@ CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in ...) - imagemagick 8:6.9.7.4+dfsg-14 (bug #870014) NOTE: https://github.com/ImageMagick/ImageMagick/issues/547 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375 CVE-2017-XXXX [use of uninitialized data in ImageMagick/coders/mat.c] - imagemagick 8:6.9.7.4+dfsg-14 (bug #870012) NOTE: https://github.com/ImageMagick/ImageMagick/issues/362 @@ -2663,9 +2664,10 @@ - libav <removed> - ffmpeg 7:2.3.1-1 CVE-2017-11683 (There is a reachable assertion in the ...) - - exiv2 <unfixed> + - exiv2 <unfixed> (low) + [stretch] - exiv2 <no-dsa> (Minor issue) + [jessie] - exiv2 <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124 - TODO: check CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...) NOT-FOR-US: Hashtopussy CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows ...) @@ -2821,6 +2823,8 @@ CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...) - imagemagick 8:6.9.7.4+dfsg-15 (bug #870067) NOTE: https://github.com/ImageMagick/ImageMagick/issues/584 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86 CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...) - imagemagick 8:6.9.7.4+dfsg-15 (bug #870065) NOTE: https://github.com/ImageMagick/ImageMagick/issues/588 @@ -2994,10 +2998,14 @@ CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...) NOT-FOR-US: Chrome extension Markdown Preview Plus CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...) - - exiv2 <unfixed> + - exiv2 <unfixed> (low) + [stretch] - exiv2 <no-dsa> (Minor issue) + [jessie] - exiv2 <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function in ...) - - exiv2 <unfixed> + - exiv2 <unfixed> (low) + [stretch] - exiv2 <no-dsa> (Minor issue) + [jessie] - exiv2 <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888 CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in ...) - libgxps 0.3.0-1 (low; bug #870183) @@ -3102,9 +3110,10 @@ [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2445 CVE-2017-11553 (There is an illegal address access in the extend_alias_table function ...) - - exiv2 <unfixed> + - exiv2 <unfixed> (low) + [stretch] - exiv2 <no-dsa> (Minor issue) + [jessie] - exiv2 <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772 - TODO: check CVE-2017-11552 (The mad_decoder_run function in decoder.c in libmad 0.15.1b allows ...) - libmad <unfixed> (low; bug #870406) [stretch] - libmad <no-dsa> (Minor issue) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits