[Secure-testing-commits] r37944 - in data: . CVE DLA

Raphaël Hertzog hertzog at moszumanska.debian.org
Fri Nov 27 13:34:53 UTC 2015 

Author: hertzog
Date: 2015-11-27 13:34:53 +0000 (Fri, 27 Nov 2015)
New Revision: 37944

Modified:
   data/CVE/list
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-353-1 for imagemagick

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-27 11:32:16 UTC (rev 37943)
+++ data/CVE/list	2015-11-27 13:34:53 UTC (rev 37944)
@@ -1784,6 +1784,8 @@
 	TODO: check
 CVE-2015-XXXX [Double free in coders/pict.c:2000]
 	- imagemagick <unfixed>
+	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
+	NOTE: workaround entry for DLA-353-1 until/if CVE assigned
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
@@ -1798,6 +1800,8 @@
 	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
 CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
 	- imagemagick <unfixed>
+	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
+	NOTE: workaround entry for DLA-353-1 until/if CVE assigned
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2015-11-27 11:32:16 UTC (rev 37943)
+++ data/DLA/list	2015-11-27 13:34:53 UTC (rev 37944)
@@ -1,3 +1,5 @@
+[27 Nov 2015] DLA-353-1 imagemagick - security update
+	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
 [26 Nov 2015] DLA-352-1 libcommons-collections3-java - security update
 	[squeeze] - libcommons-collections3-java 3.2.1-4+deb6u1
 [26 Nov 2015] DLA-351-1 redmine - security update

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-11-27 11:32:16 UTC (rev 37943)
+++ data/dla-needed.txt	2015-11-27 13:34:53 UTC (rev 37944)
@@ -17,9 +17,6 @@
 dbconfig-common
   NOTE: maintainer should take care of this, cf https://lists.debian.org/565626BF.2010307@debian.org
 --
-imagemagick (Raphaël Hertzog)
-  NOTE: maintainer might take care of it, cf http://lists.debian.org/D7AE3B74-1C15-4073-9E4E-30803BE1400D@gmail.com
---
 libphp-snoopy
 --
 libsndfile (Thorsten Alteholz)

More information about the Secure-testing-commits mailing list