[Secure-testing-commits] r47159 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Sat Dec 17 01:10:31 UTC 2016
Author: anarcat
Date: 2016-12-17 01:10:31 +0000 (Sat, 17 Dec 2016)
New Revision: 47159
Modified:
data/CVE/list
Log:
Summary: details on graphicsmagick CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-17 00:57:36 UTC (rev 47158)
+++ data/CVE/list 2016-12-17 01:10:31 UTC (rev 47159)
@@ -2192,6 +2192,9 @@
RESERVED
- graphicsmagick 1.3.25-6 (bug #847055)
NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
+ NOTE: above says only 1.3.25 is affected but jessie seems to struggle with the POC
+ NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
+ TODO: is imagemagick affected? bug #847055 says so, https://github.com/ImageMagick/ImageMagick/issues/321 says not
CVE-2016-9829 [listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)]
RESERVED
- ming <removed>
More information about the Secure-testing-commits
mailing list