Author: jmm Date: 2017-07-17 09:14:03 +0000 (Mon, 17 Jul 2017) New Revision: 53566
Modified: data/CVE/list Log: imagemagick CVEfied NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-17 09:10:13 UTC (rev 53565) +++ data/CVE/list 2017-07-17 09:14:03 UTC (rev 53566) @@ -5,7 +5,9 @@ CVE-2017-11361 RESERVED CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...) - TODO: check + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/518 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 CVE-2017-11359 RESERVED CVE-2017-11358 @@ -17,23 +19,23 @@ CVE-2017-11355 RESERVED CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in ...) - TODO: check + NOT-FOR-US: Fiyo CMS CVE-2017-11351 RESERVED CVE-2017-11350 RESERVED CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs ...) - TODO: check + NOT-FOR-US: dataTaker CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user with ...) - TODO: check + NOT-FOR-US: Octopus Deploy CVE-2017-11347 (Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a ...) - TODO: check + NOT-FOR-US: MetInfo CVE-2017-11346 (Zoho ManageEngine Desktop Central before build 100092 allows remote ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2017-11345 (Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS ...) - TODO: check + NOT-FOR-US: ASUS CVE-2017-11344 (Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ...) - TODO: check + NOT-FOR-US: ASUS CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition ...) - yadm <unfixed> (bug #868300) NOTE: https://github.com/TheLocehiliosan/yadm/issues/74 @@ -685,7 +687,7 @@ CVE-2017-1000033 (Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a ...) NOT-FOR-US: WordPress plugin CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow ...) - TODO: check + NOTE: Seems like a duplicate, contacted MITRE for rejection CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...) TODO: check CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...) @@ -819,10 +821,6 @@ CVE-2017-XXXX [memory exhaustion in ReadCINImage] - imagemagick 8:6.9.7.4+dfsg-12 (bug #867810) NOTE: https://github.com/ImageMagick/ImageMagick/issues/519 -CVE-2017-XXXX [CPU exhaustion in ReadRLEImage] - - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808) - NOTE: https://github.com/ImageMagick/ImageMagick/issues/518 - NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...) - imagemagick 8:6.9.7.4+dfsg-12 (bug #867806) NOTE: https://github.com/ImageMagick/ImageMagick/issues/509 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits