[Secure-testing-commits] r37941 - data/CVE

Fri Nov 27 11:24:33 UTC 2015

Author: hertzog
Date: 2015-11-27 11:24:33 +0000 (Fri, 27 Nov 2015)
New Revision: 37941

Modified:
   data/CVE/list
Log:
Investigate second imagemagick issue (double free in coders/tga.c)

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-27 10:49:02 UTC (rev 37940)
+++ data/CVE/list	2015-11-27 11:24:33 UTC (rev 37941)
@@ -1784,10 +1784,13 @@
 	TODO: check
 CVE-2015-XXXX [Double free in coders/pict.c:2000]
 	- imagemagick <unfixed>
+	[jessie] - imagemagick <not-affected> (Can't reproduce crash with file)
+	[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
+	[squeeze] - imagemagick <not-affected> (Can't reproduce crash with file)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
-	TODO: check
+	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
 CVE-2015-XXXX [Double free in coders/tga.c:221]
 	- imagemagick <unfixed>
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362


