[Secure-testing-commits] r25721 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Feb 13 09:35:57 UTC 2014
Author: carnil
Date: 2014-02-13 09:35:57 +0000 (Thu, 13 Feb 2014)
New Revision: 25721
Modified:
data/CVE/list
Log:
Update imagemagick entries
NOTE to reviewers: CVE-2014-1947, with commit
http://trac.imagemagick.org/changeset/14801 in function DecodePSDPixels
should be the one for the secunia entry. There is a second issue related
to the second and third hunk posted by Murray McAllister on
https://bugzilla.redhat.com/show_bug.cgi?id=1064098 which is
http://trac.imagemagick.org/changeset/13736 and should be a second
issue.
I have left the TODO item in both cases to be reviewed.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-13 09:29:09 UTC (rev 25720)
+++ data/CVE/list 2014-02-13 09:35:57 UTC (rev 25721)
@@ -1,7 +1,6 @@
-CVE-2014-XXXX [PSD Images Processing RLE Decoding Buffer Overflow Vulnerability]
+CVE-2014-XXXX [Buffer overflow vulnerability]
- imagemagick <unfixed>
- NOTE: http://secunia.com/advisories/56844/
- NOTE: http://trac.imagemagick.org/changeset/14801
+ NOTE: http://trac.imagemagick.org/changeset/13736
TODO: check
CVE-2014-XXXX [phpbb3: denial of service vulnerability]
- phpbb3 <unfixed>
@@ -18,9 +17,10 @@
- glance <unfixed>
NOTE: https://launchpad.net/bugs/1275062
TODO: check
-CVE-2014-1947 [Buffer overflow vulnerability]
+CVE-2014-1947 [PSD Images Processing RLE Decoding Buffer Overflow Vulnerability]
- imagemagick <unfixed>
- NOTE: http://trac.imagemagick.org/changeset/13736
+ NOTE: http://secunia.com/advisories/56844/
+ NOTE: http://trac.imagemagick.org/changeset/14801
TODO: check
CVE-2014-1943
- file <unfixed>
More information about the Secure-testing-commits
mailing list