[Secure-testing-commits] r47070 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 14 16:47:48 UTC 2016
Author: carnil
Date: 2016-12-14 16:47:48 +0000 (Wed, 14 Dec 2016)
New Revision: 47070
Modified:
data/CVE/list
Log:
Update status for CVE-2016-9773/imagemagick
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-14 16:36:37 UTC (rev 47069)
+++ data/CVE/list 2016-12-14 16:47:48 UTC (rev 47070)
@@ -8470,11 +8470,11 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
CVE-2016-9773 [Incomplete fix for CVE-2016-9556]
RESERVED
- - imagemagick <undetermined>
+ - imagemagick <not-affected> (Affects only the ImageMagick-7 branch, cf. NOTE)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3
NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/
NOTE: https://github.com/ImageMagick/ImageMagick/issues/312
- TODO: double-check, the incomplete fix might not affect the ImageMagick-6 branch
+ NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045
CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
RESERVED
{DSA-3726-1}
More information about the Secure-testing-commits
mailing list