[Secure-testing-commits] r10054 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Fri Oct 10 23:21:47 UTC 2008
Author: jmm-guest
Date: 2008-10-10 23:21:45 +0000 (Fri, 10 Oct 2008)
New Revision: 10054
Modified:
data/CVE/list
Log:
Lenny triage:
- imagemagick NMUed for CVE-2008-1096
- graphicsmagick NMUed for CVE-2008-1096, was only fixed in exp.
- graphicsmagick crashes hardly security-relevant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-10 22:08:43 UTC (rev 10053)
+++ data/CVE/list 2008-10-10 23:21:45 UTC (rev 10054)
@@ -3342,10 +3342,12 @@
CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...)
NOT-FOR-US: Soldner Secret Wars
CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...)
- - graphicsmagick <unfixed> (low; bug #491439)
+ - graphicsmagick <unfixed> (unimportant; bug #491439)
NOTE: several DoS fixed in 1.2.4 according to upstream
NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
TODO: check imagemagick
+ NOTE: *magick don't really meet the robustness/quality criteria to treat such crashes as
+ NOTE: security issues
CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...)
NOT-FOR-US: BareNuked CMS
CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
@@ -8182,8 +8184,8 @@
- graphicsmagick 1.1.7-13
- imagemagick 7:6.2.4.5.dfsg1-1
CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ...)
- - imagemagick <unfixed> (low; bug #414370)
- - graphicsmagick 1.2.3-1 (low; bug #414370)
+ - imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370)
+ - graphicsmagick 1.1.11-3.2 (medium; bug #414370)
CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...)
NOT-FOR-US: Sun Solaris
CVE-2008-1094
More information about the Secure-testing-commits
mailing list