[Secure-testing-commits] r37945 - data/CVE

Fri Nov 27 14:23:39 UTC 2015

Author: hertzog
Date: 2015-11-27 14:23:39 +0000 (Fri, 27 Nov 2015)
New Revision: 37945

Modified:
   data/CVE/list
Log:
Reported imagemagick issues to the BTS

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-27 13:34:53 UTC (rev 37944)
+++ data/CVE/list	2015-11-27 14:23:39 UTC (rev 37945)
@@ -1783,14 +1783,14 @@
 CVE-2014-9752 (Unrestricted file upload vulnerability in ...)
 	TODO: check
 CVE-2015-XXXX [Double free in coders/pict.c:2000]
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (bug #806441)
 	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
 	NOTE: workaround entry for DLA-353-1 until/if CVE assigned
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
 CVE-2015-XXXX [Double free in coders/tga.c:221]
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (bug #806442)
 	[jessie] - imagemagick <not-affected> (Can't reproduce crash with file)
 	[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
 	[squeeze] - imagemagick <not-affected> (Can't reproduce crash with file)
@@ -1799,7 +1799,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
 	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
 CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (bug #806441)
 	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
 	NOTE: workaround entry for DLA-353-1 until/if CVE assigned
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747


