[Secure-testing-commits] r53566 - data/CVE

Moritz Muehlenhoff Mon, 17 Jul 2017 02:15:08 -0700

Author: jmm
Date: 2017-07-17 09:14:03 +0000 (Mon, 17 Jul 2017)
New Revision: 53566


Modified:
   data/CVE/list
Log:
imagemagick CVEfied
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-07-17 09:10:13 UTC (rev 53565)
+++ data/CVE/list       2017-07-17 09:14:03 UTC (rev 53566)
@@ -5,7 +5,9 @@
 CVE-2017-11361
        RESERVED
 CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 
7.0.6-1 has a ...)
-       TODO: check
+       - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
+       NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
 CVE-2017-11359
        RESERVED
 CVE-2017-11358
@@ -17,23 +19,23 @@
 CVE-2017-11355
        RESERVED
 CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Fiyo CMS
 CVE-2017-11351
        RESERVED
 CVE-2017-11350
        RESERVED
 CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose 
programs ...)
-       TODO: check
+       NOT-FOR-US: dataTaker
 CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user 
with ...)
-       TODO: check
+       NOT-FOR-US: Octopus Deploy
 CVE-2017-11347 (Authenticated Code Execution Vulnerability in MetInfo 5.3.17 
allows a ...)
-       TODO: check
+       NOT-FOR-US: MetInfo
 CVE-2017-11346 (Zoho ManageEngine Desktop Central before build 100092 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2017-11345 (Stack buffer overflow in networkmap in Asuswrt-Merlin firmware 
for ASUS ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2017-11344 (Global buffer overflow in networkmap in Asuswrt-Merlin 
firmware for ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition 
...)
        - yadm <unfixed> (bug #868300)
        NOTE: https://github.com/TheLocehiliosan/yadm/issues/74
@@ -685,7 +687,7 @@
 CVE-2017-1000033 (Wordpress Plugin Vospari Forms version &lt; 1.4 is 
vulnerable to a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b 
allow ...)
-       TODO: check
+       NOTE: Seems like a duplicate, contacted MITRE for rejection
 CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in 
Cacti ...)
        TODO: check
 CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 
22) is ...)
@@ -819,10 +821,6 @@
 CVE-2017-XXXX [memory exhaustion in ReadCINImage]
        - imagemagick 8:6.9.7.4+dfsg-12 (bug #867810)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/519
-CVE-2017-XXXX [CPU exhaustion in ReadRLEImage]
-       - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
-       NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
-       NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
 CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 
7.0.6-0 has a ...)
        - imagemagick 8:6.9.7.4+dfsg-12 (bug #867806)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/509


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r53566 - data/CVE

Reply via email to