[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 07 Jan 2018 13:11:17 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bb6848e0 by security tracker role at 2018-01-07T21:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that 
is shared ...)
+       TODO: check
 CVE-2018-5255
        RESERVED
 CVE-2018-5254
@@ -17770,7 +17772,7 @@ CVE-2017-15566 (Insecure SPANK environment variable 
handling exists in SchedMD S
        NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public)
        NOTE: Fixed by: 
https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971
 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the 
...)
-       {DLA-1177-1}
+       {DSA-4079-1 DLA-1177-1}
        - poppler 0.61.1-2 (bug #879066)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016
        NOTE: Fixed by: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d
@@ -19754,17 +19756,17 @@ CVE-2017-14979 (Gxlcms uses an unsafe 
character-replacement approach in an attem
 CVE-2017-14978
        RESERVED
 CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in 
Poppler ...)
-       {DLA-1177-1}
+       {DSA-4079-1 DLA-1177-1}
        - poppler 0.61.1-2 (low; bug #877952)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c
 CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in 
Poppler ...)
-       {DLA-1177-1}
+       {DSA-4079-1 DLA-1177-1}
        - poppler 0.61.1-2 (low; bug #877954)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf
 CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in 
Poppler ...)
-       {DLA-1177-1}
+       {DSA-4079-1 DLA-1177-1}
        - poppler 0.61.1-2 (low; bug #877957)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102653
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff
@@ -21080,22 +21082,24 @@ CVE-2017-14522
 CVE-2017-14521
        RESERVED
 CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in ...)
+       {DSA-4079-1}
        - poppler 0.61.1-2 (low; bug #876081)
        [wheezy] - poppler <not-affected> (vulnerable code not present)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102719
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=504b3590182175390f474657a372e78fb1508262
 CVE-2017-14519 (In Poppler 0.59.0, memory corruption occurs in a call to ...)
-       {DLA-1116-1}
+       {DSA-4079-1 DLA-1116-1}
        - poppler 0.61.1-2 (bug #876086)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102701
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=aaf5327649e8f7371c9d3270e7813c43ddfd47ee
 CVE-2017-14518 (In Poppler 0.59.0, a floating point exception exists in the 
...)
+       {DSA-4079-1}
        - poppler 0.61.1-2 (low; bug #876082)
        [wheezy] - poppler <not-affected> (vulnerable code not present)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102688
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=80f9819b6233f9f9b5fd44f0e4cad026e5d048c2
 CVE-2017-14517 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the 
...)
-       {DLA-1116-1}
+       {DSA-4079-1 DLA-1116-1}
        - poppler 0.61.1-2 (low; bug #876079)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102687
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=476394e7a025e02e4897da2e765df2c895d0708f
@@ -32994,7 +32998,7 @@ CVE-2017-9867
 CVE-2017-9866
        RESERVED
 CVE-2017-9865 (The function GfxImageColorMap::getGray in GfxState.cc in 
Poppler 0.54.0 ...)
-       {DLA-1074-1}
+       {DSA-4079-1 DLA-1074-1}
        - poppler 0.57.0-2 (bug #867477)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100774
        NOTE: 
http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
@@ -34794,12 +34798,12 @@ CVE-2017-9778 (GNU Debugger (GDB) 8.0 and earlier 
fails to detect a negative len
 CVE-2017-9777
        RESERVED
 CVE-2017-9776 (Integer overflow leading to Heap buffer overflow in 
JBIG2Stream.cc in ...)
-       {DLA-1074-1}
+       {DSA-4079-1 DLA-1074-1}
        - poppler 0.57.0-2 (bug #865679)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101541
        NOTE: Fixed by: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
 CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler 
before ...)
-       {DLA-1074-1}
+       {DSA-4079-1 DLA-1074-1}
        - poppler 0.57.0-2 (bug #865680)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540
        NOTE: Fixed by: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9
@@ -36030,6 +36034,7 @@ CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage 
function in mpc.c allows
        [jessie] - imagemagick 8:6.8.9.9-5+deb8u10
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/458
 CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the 
...)
+       {DSA-4079-1}
        - poppler 0.57.0-2 (low; bug #864009)
        [wheezy] - poppler <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100776
@@ -36040,6 +36045,7 @@ CVE-2017-9407 (In ImageMagick 7.0.5-5, the 
ReadPALMImage function in palm.c allo
        [jessie] - imagemagick 8:6.8.9.9-5+deb8u10
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/459
 CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the 
...)
+       {DSA-4079-1}
        - poppler 0.57.0-2 (low; bug #864010)
        [wheezy] - poppler <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100775



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb6848e0a78c01f263ffc223826f3928bf28e740

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb6848e0a78c01f263ffc223826f3928bf28e740
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to