[Secure-testing-commits] r58650 - data/CVE

Moritz Muehlenhoff Sun, 17 Dec 2017 10:47:27 -0800

Author: jmm
Date: 2017-12-17 18:47:01 +0000 (Sun, 17 Dec 2017)
New Revision: 58650


Modified:
   data/CVE/list
Log:
two imagemagick no-dsa
ruby n/a


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-17 18:01:45 UTC (rev 58649)
+++ data/CVE/list       2017-12-17 18:47:01 UTC (rev 58650)
@@ -4468,12 +4468,16 @@
 CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 
0xb3702c44 ...)
        TODO: check
 CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was 
found in ...)
-       - imagemagick <unfixed>
+       - imagemagick <unfixed> (low)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
 CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability 
was found ...)
-       - imagemagick <unfixed>
+       - imagemagick <unfixed> (low)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/869
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/f6ca1441a5260165dabc627d26f60c32af1d5678
        NOTE: different fix: 
https://github.com/ImageMagick/ImageMagick/commit/73d59a74e0b0a864c1a9581b8a4bdbee427125e2
@@ -43429,7 +43433,7 @@
        NOTE: Fixed by: http://svn.apache.org/r1793471 (7.0.x)
        NOTE: Fixed by: http://svn.apache.org/r1793491 (7.0.x)
 CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and ...)
-       TODO: check
+       NOT-FOR-US: Apache Fineract
 CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of 
the ...)
        {DLA-926-1}
        - batik 1.9-1 (bug #860566)
@@ -82135,9 +82139,9 @@
        NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0031/
        NOTE: 
https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab
 CVE-2016-2336 (Type confusion exists in two methods of Ruby's WIN32OLE class, 
...)
-       - ruby2.3 <unfixed> (unimportant)
-       - ruby2.1 <removed> (unimportant)
-       NOTE: Wulnerable win32ole ruby extension not included in binary packages
+       - ruby2.3 <not-affected> (Windows-specific)
+       - ruby2.1 <not-affected> (Windows-specific)
+       NOTE: Vulnerable win32ole ruby extension not included in binary 
packages, specific to Windows
        NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0029/
 CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 
7zip ...)
        {DSA-3599-1 DLA-510-1}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58650 - data/CVE

Reply via email to