[Secure-testing-commits] r46719 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Dec 2 18:37:01 UTC 2016


Author: carnil
Date: 2016-12-02 18:37:01 +0000 (Fri, 02 Dec 2016)
New Revision: 46719

Modified:
   data/CVE/list
Log:
Mark CVE-2016-9773 as undetermined for now

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-02 18:35:28 UTC (rev 46718)
+++ data/CVE/list	2016-12-02 18:37:01 UTC (rev 46719)
@@ -1846,10 +1846,11 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
 CVE-2016-9773 [Incomplete fix for CVE-2016-9556]
-	- imagemagick <unfixed>
+	- imagemagick <undetermined>
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/312
+	TODO: double-check, the incomplete fix might not affect the ImageMagick-6 branch
 CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
 	RESERVED
 	{DSA-3726-1}




More information about the Secure-testing-commits mailing list