[Secure-testing-commits] r54437 - data/CVE

Moritz Muehlenhoff Tue, 08 Aug 2017 08:35:38 -0700

Author: jmm
Date: 2017-08-08 15:35:19 +0000 (Tue, 08 Aug 2017)
New Revision: 54437


Modified:
   data/CVE/list
Log:
mark some imagemagick memleaks as unimportant
  we won't treat these as security issues for older releases
glance is treated as a documented shortcoming by upstream


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-08 14:17:00 UTC (rev 54436)
+++ data/CVE/list       2017-08-08 15:35:19 UTC (rev 54437)
@@ -14,16 +14,16 @@
        - imagemagick <unfixed>
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
 CVE-2017-12673 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found 
in the ...)
-       - imagemagick 8:6.9.7.4+dfsg-15 (bug #870117)
+       - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870117)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/619
 CVE-2017-12672 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found 
in the ...)
-       - imagemagick 8:6.9.7.4+dfsg-14 (bug #870021)
+       - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/617
 CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in 
...)
-       - imagemagick 8:6.9.7.4+dfsg-15 (bug #870119)
+       - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/621
 CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in 
WriteCALSImage ...)
-       - imagemagick 8:6.9.7.4+dfsg-16 (bug #870475)
+       - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870475)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/571
 CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in 
WritePCXImage in ...)
        - imagemagick 8:6.9.7.4+dfsg-16 (bug #870489)
@@ -29335,7 +29335,6 @@
 CVE-2017-2575 [NULL pointer dereference in image_alloc]
        RESERVED
        NOT-FOR-US: libbpg
-       NOTE: The libbpg library is not packaged in Debian but seem embedded in 
ffmpeg
 CVE-2017-2574
        RESERVED
 CVE-2017-2573
@@ -52406,12 +52405,10 @@
 CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 
allow ...)
        NOT-FOR-US: HPE Performance Center
 CVE-2016-4383 (The glance-manage db in all versions of HPE Helion Openstack 
Glance ...)
-       - glance <unfixed> (bug #868185)
-       [stretch] - glance <no-dsa> (Minor issue)
-       [jessie] - glance <no-dsa> (Minor issue)
-       [wheezy] - glance <end-of-life> (Not supported in Wheezy LTS)
+       - glance <unfixed> (unimportant; bug #868185)
        NOTE: https://bugs.launchpad.net/glance/+bug/1593799/
        NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0075
+       NOTE: No code fix, documented shortcoming
 CVE-2016-4382 (HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 
allows ...)
        NOT-FOR-US: HPE Performance Center
 CVE-2016-4381 (HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 
8.x ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r54437 - data/CVE

Reply via email to