[Secure-testing-commits] r46719 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 2 18:37:01 UTC 2016
Author: carnil
Date: 2016-12-02 18:37:01 +0000 (Fri, 02 Dec 2016)
New Revision: 46719
Modified:
data/CVE/list
Log:
Mark CVE-2016-9773 as undetermined for now
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-02 18:35:28 UTC (rev 46718)
+++ data/CVE/list 2016-12-02 18:37:01 UTC (rev 46719)
@@ -1846,10 +1846,11 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
CVE-2016-9773 [Incomplete fix for CVE-2016-9556]
- - imagemagick <unfixed>
+ - imagemagick <undetermined>
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3
NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/
NOTE: https://github.com/ImageMagick/ImageMagick/issues/312
+ TODO: double-check, the incomplete fix might not affect the ImageMagick-6 branch
CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
RESERVED
{DSA-3726-1}
More information about the Secure-testing-commits
mailing list