[Secure-testing-commits] r46701 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Dec 2 09:10:14 UTC 2016
Author: sectracker
Date: 2016-12-02 09:10:14 +0000 (Fri, 02 Dec 2016)
New Revision: 46701
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-02 07:09:28 UTC (rev 46700)
+++ data/CVE/list 2016-12-02 09:10:14 UTC (rev 46701)
@@ -3169,7 +3169,7 @@
RESERVED
CVE-2016-9079 [SVG Animation Remote Code Execution]
RESERVED
- {DSA-3728-1}
+ {DSA-3728-1 DLA-730-1}
- firefox 50.0.2-1
- firefox-esr 45.5.1esr-1
- icedove 1:45.5.1-1
@@ -3229,7 +3229,7 @@
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9066
RESERVED
- {DSA-3716-1}
+ {DSA-3716-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
CVE-2016-9065
@@ -3237,7 +3237,7 @@
- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9064
RESERVED
- {DSA-3716-1}
+ {DSA-3716-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
CVE-2016-9063
@@ -9356,6 +9356,7 @@
RESERVED
CVE-2016-7101 [SGI security bug]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7100
@@ -10235,7 +10236,7 @@
TODO: check
CVE-2016-6823 [Buffer overflow in bmp file reader]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #834504)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
CVE-2016-XXXX [Out-of-bound in exif (jpeg) reader]
@@ -10875,7 +10876,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
CVE-2016-7514 [out-of-bounds read in coders/psd.c]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832457)
NOTE: https://bugs.launchpad.net/bugs/1533442
NOTE: https://github.com/ImageMagick/ImageMagick/issues/83
@@ -10886,7 +10887,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7515 [rle file handling for corrupted file]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832461)
NOTE: https://bugs.launchpad.net/bugs/1533445
NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
@@ -10894,7 +10895,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8957 [buffer overflow in sun file handling]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832464)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838
NOTE: https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a
@@ -10903,7 +10904,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8958 [potential DOS in sun file handling due to malformed files]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832465)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8f17d08b7418204bf8a05a5c24e87b2fc395b75
@@ -10913,35 +10914,35 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7516 [out of bunds problem in rle, pict, viff and sun files]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533452
NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7517
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533449
NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7518
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533447
NOTE: https://github.com/ImageMagick/ImageMagick/issues/81
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7519
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533445
NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7520 [heap overflow in hdr file handling]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
NOTE: https://bugs.launchpad.net/bugs/1537213
NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
@@ -10949,7 +10950,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7521 [heap buffer overflow in psd file handling]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
NOTE: https://bugs.launchpad.net/bugs/1537418
NOTE: https://github.com/ImageMagick/ImageMagick/issues/92
@@ -10957,7 +10958,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7522 [out of bound access for malformed psd file]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832475)
NOTE: https://bugs.launchpad.net/bugs/1537419
NOTE: https://github.com/ImageMagick/ImageMagick/issues/93
@@ -10965,14 +10966,14 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7523 [meta file out of bound access]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
NOTE: https://bugs.launchpad.net/bugs/1537420
NOTE: https://github.com/ImageMagick/ImageMagick/issues/94
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7524
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
NOTE: https://bugs.launchpad.net/bugs/1537422
NOTE: https://github.com/ImageMagick/ImageMagick/issues/96
@@ -10987,7 +10988,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7526 [out of bound access in wpg file coder]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
NOTE: https://bugs.launchpad.net/bugs/1539050
NOTE: https://github.com/ImageMagick/ImageMagick/issues/102
@@ -10996,7 +10997,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7527
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
NOTE: https://bugs.launchpad.net/bugs/1542115
NOTE: https://github.com/ImageMagick/ImageMagick/issues/122
@@ -11004,7 +11005,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7528 [out of bound access for viff file coder]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832483)
NOTE: https://bugs.launchpad.net/bugs/1537425
NOTE: https://github.com/ImageMagick/ImageMagick/issues/99
@@ -11012,7 +11013,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7529 [out of bound access in xcf file coder]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832504)
NOTE: https://bugs.launchpad.net/bugs/1539051
NOTE: https://bugs.launchpad.net/bugs/1539052
@@ -11022,7 +11023,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7530 [out of bound in quantum handling]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
NOTE: https://bugs.launchpad.net/bugs/1539067
NOTE: https://bugs.launchpad.net/bugs/1539053
@@ -11034,7 +11035,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7531 [pbd file out of bound access]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832633)
NOTE: https://bugs.launchpad.net/bugs/1539061
NOTE: https://bugs.launchpad.net/bugs/1542112
@@ -11042,14 +11043,14 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7532 [Fix handling of corrupted psd file]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
NOTE: https://bugs.launchpad.net/bugs/1539066
NOTE: https://github.com/ImageMagick/ImageMagick/issues/109
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7533 [wpg file out of bound for corrupted file]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832780)
NOTE: https://bugs.launchpad.net/bugs/1542114
NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
@@ -11057,7 +11058,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7534 [out of bound access in generic decoder]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
NOTE: https://bugs.launchpad.net/bugs/1542785
NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
@@ -11065,14 +11066,14 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7535 [out of bound access for corrupted psd file]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
NOTE: https://bugs.launchpad.net/bugs/1545180
NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7536 [SEGV reported in corrupted profile handling]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
NOTE: https://bugs.launchpad.net/bugs/1545367
NOTE: https://github.com/ImageMagick/ImageMagick/issues/130
@@ -11080,7 +11081,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7537 [out of bound access for corrupted pdb file]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832791)
NOTE: https://bugs.launchpad.net/bugs/1553366
NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
@@ -11088,7 +11089,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7538 [SIGABRT for corrupted pdb file]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
NOTE: https://bugs.launchpad.net/bugs/1556273
NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
@@ -11096,7 +11097,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8959 [DOS due to corrupted DDS files]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832944)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110
@@ -11104,7 +11105,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2014-9907 [DOS due to corrupted DDS files]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832942)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
@@ -11112,7 +11113,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7539 [potential DOS by not releasing memory]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833101)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
@@ -11384,7 +11385,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
CVE-2016-6491 [Buffer overflow]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
CVE-2016-6489 [RSA code is vulnerable to cache sharing related attacks]
@@ -13894,14 +13895,14 @@
NOTE: Upstream fix: https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22 (v3.2.1)
CVE-2016-5842
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
CVE-2016-5841
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
@@ -14317,29 +14318,29 @@
NOT-FOR-US: Simple Machines Forum
CVE-2016-5691 [lack of validation of pixel.red, pixel.green, and pixel.blue]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833044)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5690 [error in the for statement in the "Compute pixel scaling table" part of the ReadDCMImage function]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833043)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5689 [lack of required NULL pointer checks]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833042)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
NOTE: Will be fixed in a 6.9.4-3 based version
CVE-2016-5688 [issues in WPG parser]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833003)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
NOTE: https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
CVE-2016-5687 [out of bounds memory read]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832890)
NOTE: https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
TODO: check, referenced fix does not seem the one fixing the issue
@@ -15637,12 +15638,12 @@
- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-5297
RESERVED
- {DSA-3716-1}
+ {DSA-3716-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
CVE-2016-5296
RESERVED
- {DSA-3716-1}
+ {DSA-3716-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
CVE-2016-5295
@@ -15662,12 +15663,12 @@
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-5291
RESERVED
- {DSA-3716-1}
+ {DSA-3716-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
CVE-2016-5290
RESERVED
- {DSA-3716-1}
+ {DSA-3716-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
CVE-2016-5289
@@ -15973,48 +15974,63 @@
[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later)
CVE-2014-9805 [Avoid a SEGV due to a corrupted pnm file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9806 [Do not leak fd due to corrupted file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9807 [Fix a double free in pdb coder]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9808 [Fix a SEGV due to corrupted dpc images]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9809 [Fix a SEGV due to corrupted xwd images]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9810 [Fix a SEGV in dpx file handler]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9811 [Fix a SEGV in malformed xwd file handler]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9812 [Avoid a NULL pointer dereference in ps file handling]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9813 [Fix a crash with corrupted viff file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9814 [Fix a NULL pointer dereference in wpg file handling]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9815 [Do not continue on corrupted wpg file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9816 [Avoid an out of bound access in viff image]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9817 [Avoid a heap buffer overflow in pdb file handling]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9818 [Avoid an out of bound access on malformed sun file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9819 [Avoid heap overflow in palm files]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9820 [Avoid heap overflow in pnm files]
RESERVED
@@ -16022,15 +16038,19 @@
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9821 [Avoid heap overflow in xpm files]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9822 [Fix heap overflow in quantum file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9823 [Fix heap overflow in palm file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9824 [Fix heap overflow in psd file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9825 [Fix handling of corrupted of psd file]
RESERVED
@@ -16038,6 +16058,7 @@
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9826 [Fix handling of corrupted of sun file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <no-dsa> (No apparent security impact)
CVE-2014-9827 [Fix handling of corrupted of xpm file]
@@ -16046,42 +16067,55 @@
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9828 [Fix corrupted (too many colors) psd file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9829 [Fix an out of bound access in sun file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9830 [Fix handling of corrupted sun file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9831 [Fix handling of corrupted wpg file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9832 [Fix heap overflow in pcx files]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9833 [Fix heap overflow in psd files]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9834 [Fix heap overflow in pict files]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9835 [Fix heap overflow in wpf files]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9836 [DOS in xpm files]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9837 [Add additional PNM sanity checks]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9838 [Avoid a crash to out of memory in magick/cache.c]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9839 [Fix a theoretical out of bound access in magick/colormap-private.h]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9840 [Fix an out of bound access in palm file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9841 [Fixed throwing of exceptions in psd handling]
RESERVED
@@ -16093,24 +16127,31 @@
[wheezy] - imagemagick <not-affected> (Leak in a code path that does not exist in this version)
CVE-2014-9843 [Fixed boundary checks in DecodePSDPixels]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9844 [Fix another out of bound problem in rle file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9845 [Fix crash due to corrupted dib file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9846 [Added checks to prevent overflow in rle file]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9847 [Don't try to handle a "previous" image in the JNG decoder]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9848 [Avoid a memory leak in quantum management]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9849 [Avoid a crash in png coder]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9850 [incorrect handling of thread limit 0]
RESERVED
@@ -16119,6 +16160,7 @@
NOTE: patch supposed to be https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=2257d1eadd02d89d225fce21013a1219d221dc7d
CVE-2014-9851 [In psd file handling fixed parsing resource block and avoid a crash]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
NOTE: https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=33b2d377b94eb738011bc7d5e90ca0a16ce4d471
CVE-2014-9852 [In cache fix usage of object after it has been destroyed]
@@ -16127,9 +16169,11 @@
[wheezy] - imagemagick <not-affected> (distribute-cache.c does not exist in 6.7.7.10)
CVE-2014-9853 [Avoid a memory leak in rle file handling]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9854 [DoS in image identification]
RESERVED
+ {DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
- mat 0.6.1-3 (bug #826101)
@@ -16929,7 +16973,7 @@
NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
CVE-2016-5010 [Out-of-bounds read when processing crafted tiff file]
RESERVED
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832968)
NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows remote ...)
@@ -18286,7 +18330,7 @@
NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick before ...)
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832888)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick ...)
@@ -18294,7 +18338,7 @@
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832887)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick ...)
- {DSA-3652-1}
+ {DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832885)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere allows ...)
More information about the Secure-testing-commits
mailing list