Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7108b2d7 by security tracker role at 2017-12-30T21:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2017-18000
+ RESERVED
+CVE-2017-17999
+ RESERVED
CVE-2017-17998
RESERVED
CVE-2017-17997 (In Wireshark 2.2.11 and before, the MRDISC dissector misuses a
NULL ...)
@@ -1209,14 +1213,14 @@ CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x
before 4.0.28, 5.0.x bef
NOTE: OTRS-5:
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
NOTE: OTRS-4:
https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the
...)
- {DLA-1220-1}
+ {DSA-4077-1 DLA-1220-1}
- gimp <unfixed> (bug #884836)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=edb251a7ef1602d20a5afcbf23f24afb163de63b
(master)
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54
(gimp-2-8)
NOTE: Can be reproduced (at least in wheezy) with "valgrind
--trace-children=yes gimp <reproducerfile>"
CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in
ReadImage in ...)
- {DLA-1220-1}
+ {DSA-4077-1 DLA-1220-1}
- gimp <unfixed> (unimportant; bug #884862)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b
(master)
@@ -1225,20 +1229,20 @@ CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based
buffer over-read in ReadIm
NOTE:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366
(gimp-2-8)
NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17788 (In GIMP 2.8.22, there is a stack-based buffer over-read in ...)
- {DLA-1220-1}
+ {DSA-4077-1 DLA-1220-1}
- gimp <unfixed> (unimportant; bug #885347)
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126
(master)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783
NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17784 (In GIMP 2.8.22, there is a heap-based buffer over-read in
load_image in ...)
- {DLA-1220-1}
+ {DSA-4077-1 DLA-1220-1}
- gimp <unfixed> (unimportant; bug #884925)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=06d24a79af94837d615d0024916bb95a01bf3c59
(master)
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270
(gimp-2-8)
NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...)
- {DLA-1220-1}
+ {DSA-4077-1 DLA-1220-1}
- gimp <unfixed> (bug #884837)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849
NOTE:
https://git.gnome.org/browse/GIMP/commit/?id=28e95fbeb5720e6005a088fa811f5bf3c1af48b8
(master)
@@ -1246,7 +1250,7 @@ CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based
buffer overflow in ...)
NOTE: Cannot be reproduced in wheezy with "valgrind
--trace-children=yes gimp <reproducerfile>"
NOTE: Some OOB read/write can be reproduced in sid with "valgrind
--trace-children=yes gimp <reproducerfile>"
CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
- {DLA-1220-1}
+ {DSA-4077-1 DLA-1220-1}
- gimp <unfixed> (unimportant; bug #884927)
NOTE:
https://git.gnome.org/browse/GIMP/commit/?id=eb2980683e6472aff35a3117587c4f814515c74d
(master)
NOTE:
https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d
(gimp-2-8)
@@ -7963,6 +7967,7 @@ CVE-2017-17097
CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards
plugin ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open
Source ...)
+ {DSA-4076-1 DLA-1225-1}
- asterisk 1:13.18.3~dfsg-1 (bug #883342)
NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27452
@@ -8566,8 +8571,8 @@ CVE-2018-0742
RESERVED
CVE-2018-0741
RESERVED
-CVE-2017-17089
- RESERVED
+CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote
authenticated ...)
+ TODO: check
CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the
newbloguser ...)
{DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
@@ -16960,8 +16965,8 @@ CVE-2017-14857 (In Exiv2 0.26, there is an invalid free
in the Image class in im
NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14856
RESERVED
-CVE-2017-14855
- RESERVED
+CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial
of service ...)
+ TODO: check
CVE-2017-14854
RESERVED
CVE-2017-14853
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7108b2d76a1574418a14e580e05b44b8fcdc7c13
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7108b2d76a1574418a14e580e05b44b8fcdc7c13
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
