Author: jmm
Date: 2017-08-08 15:42:38 +0000 (Tue, 08 Aug 2017)
New Revision: 54438

Modified:
   data/CVE/list
Log:
more unimportant imagemagick issues
new libav issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-08 15:35:19 UTC (rev 54437)
+++ data/CVE/list       2017-08-08 15:42:38 UTC (rev 54438)
@@ -3,7 +3,7 @@
        NOTE: https://github.com/taglib/taglib/issues/829
        NOTE: 
https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6#diff-37f706c8696a7c1ca939b169c0a04d97
 CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS 
in an ...)
-       TODO: check
+       NOT-FOR-US: IdentityServer
 CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found 
in the ...)
        - imagemagick 8:6.9.7.4+dfsg-15 (bug #870118)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/618
@@ -29,7 +29,7 @@
        - imagemagick 8:6.9.7.4+dfsg-16 (bug #870489)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/575
 CVE-2017-12667 (ImageMagick 7.0.6-1 has a memory leak vulnerability in 
ReadMATImage in ...)
-       - imagemagick 8:6.9.7.4+dfsg-14 (bug #870015)
+       - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870015)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/553
 CVE-2017-12666 (ImageMagick 7.0.6-2 has a memory leak vulnerability in 
WriteINLINEImage ...)
        - imagemagick 8:6.9.7.4+dfsg-16 (bug #870482)
@@ -38,10 +38,10 @@
        - imagemagick 8:6.9.7.4+dfsg-16 (bug #870501)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/577
 CVE-2017-12663 (ImageMagick 7.0.6-2 has a memory leak vulnerability in 
WriteMAPImage in ...)
-       - imagemagick 8:6.9.7.4+dfsg-16 (bug #870483)
+       - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870483)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/573
 CVE-2017-12662 (ImageMagick 7.0.6-2 has a memory leak vulnerability in 
WritePDFImage in ...)
-       - imagemagick 8:6.9.7.4+dfsg-16 (bug #870492)
+       - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870492)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/576
 CVE-2017-12661
        RESERVED
@@ -56,7 +56,7 @@
 CVE-2017-12656
        RESERVED
 CVE-2017-12655 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via 
the ...)
-       TODO: check
+       NOT-FOR-US: NexusPHP
 CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 
7.0.6-3 ...)
        - imagemagick 8:6.9.7.4+dfsg-16 (bug #870502)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/620
@@ -98,7 +98,7 @@
 CVE-2017-12638
        RESERVED
 CVE-2017-12637 (Directory traversal vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2017-12636
        RESERVED
 CVE-2017-12635
@@ -2276,7 +2276,8 @@
 CVE-2017-11685 (Multiple Reflective cross-site scripting (XSS) vulnerabilities 
in ...)
        NOT-FOR-US: Zoho ManageEngine Event Log Analyzer
 CVE-2017-11684 (There is an illegal address access in the build_table function 
in ...)
-       TODO: check
+       - libav <removed>
+       - ffmpeg <undetermined>
 CVE-2017-11683 (There is a reachable assertion in the ...)
        - exiv2 <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
@@ -2499,7 +2500,7 @@
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123
 CVE-2017-12664 [memory leak in WritePALMImage]
-       - imagemagick 8:6.9.7.4+dfsg-13 (bug #869721)
+       - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869721)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f
 CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was 
found in the ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to