[Git][security-tracker-team/security-tracker][master] Triage CVE-2017-10794 and CVE-2017-17913 for graphicsmagick in Jessie

Tue, 29 May 2018 08:22:32 -0700 

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7046f872 by Markus Koschany at 2018-05-29T17:20:49+02:00
Triage CVE-2017-10794 and CVE-2017-17913 for graphicsmagick in Jessie

CVE-2017-10794: samples_per_pixel does not exist and is not evaluated
CVE-2017-17913: webp feature is not compiled in

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21436,6 +21436,7 @@ CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a 
vulnerability was found in the fu
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
 CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a 
stack-based ...)
        - graphicsmagick 1.3.27-3
+       [jessie] - graphicsmagick <not-affected> (webp feature was not compiled 
in)
        [wheezy] - graphicsmagick <not-affected> (webp feature has not been 
implemented)
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/88313ebe379c
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f
@@ -50967,6 +50968,7 @@ CVE-2017-10795 (Cross-site scripting (XSS) 
vulnerability in Subrion CMS 4.1.4 al
        NOT-FOR-US: Subrion CMS
 CVE-2017-10794 (When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with 
metadata ...)
        - graphicsmagick 1.3.26-1 (bug #867085)
+       [jessie] - graphicsmagick <not-affected> (vulnerable code not present)
        [wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
        NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a20bee0a0ad2
 CVE-2017-10793 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG589, 
NVG599, and ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7046f8724af425cd2a01bb75707e8677d5f1c200

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7046f8724af425cd2a01bb75707e8677d5f1c200
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to