[Secure-testing-commits] r37944 - in data: . CVE DLA
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Nov 27 13:34:53 UTC 2015
Author: hertzog
Date: 2015-11-27 13:34:53 +0000 (Fri, 27 Nov 2015)
New Revision: 37944
Modified:
data/CVE/list
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-353-1 for imagemagick
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-27 11:32:16 UTC (rev 37943)
+++ data/CVE/list 2015-11-27 13:34:53 UTC (rev 37944)
@@ -1784,6 +1784,8 @@
TODO: check
CVE-2015-XXXX [Double free in coders/pict.c:2000]
- imagemagick <unfixed>
+ [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
+ NOTE: workaround entry for DLA-353-1 until/if CVE assigned
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
@@ -1798,6 +1800,8 @@
NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
- imagemagick <unfixed>
+ [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
+ NOTE: workaround entry for DLA-353-1 until/if CVE assigned
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2015-11-27 11:32:16 UTC (rev 37943)
+++ data/DLA/list 2015-11-27 13:34:53 UTC (rev 37944)
@@ -1,3 +1,5 @@
+[27 Nov 2015] DLA-353-1 imagemagick - security update
+ [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
[26 Nov 2015] DLA-352-1 libcommons-collections3-java - security update
[squeeze] - libcommons-collections3-java 3.2.1-4+deb6u1
[26 Nov 2015] DLA-351-1 redmine - security update
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-11-27 11:32:16 UTC (rev 37943)
+++ data/dla-needed.txt 2015-11-27 13:34:53 UTC (rev 37944)
@@ -17,9 +17,6 @@
dbconfig-common
NOTE: maintainer should take care of this, cf https://lists.debian.org/565626BF.2010307@debian.org
--
-imagemagick (Raphaël Hertzog)
- NOTE: maintainer might take care of it, cf http://lists.debian.org/D7AE3B74-1C15-4073-9E4E-30803BE1400D@gmail.com
---
libphp-snoopy
--
libsndfile (Thorsten Alteholz)
More information about the Secure-testing-commits
mailing list