[Secure-testing-commits] r47161 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 17 05:36:02 UTC 2016
Author: carnil
Date: 2016-12-17 05:36:01 +0000 (Sat, 17 Dec 2016)
New Revision: 47161
Modified:
data/CVE/list
Log:
Remove one TODO
CVE was assigned to graphicsmagick, and imagemagick itself works on this
regard as expected and not a security issue due to the applied security
policy.
CVE-2016-9830 already triaged to affected by bug, cf. #847055. The fix
is as deduced not urgent, but will be included in the future DSA.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-17 01:12:43 UTC (rev 47160)
+++ data/CVE/list 2016-12-17 05:36:01 UTC (rev 47161)
@@ -2192,9 +2192,7 @@
RESERVED
- graphicsmagick 1.3.25-6 (bug #847055)
NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
- NOTE: above says only 1.3.25 is affected but jessie seems to struggle with the POC
NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
- TODO: is imagemagick affected? bug #847055 says so, https://github.com/ImageMagick/ImageMagick/issues/321 says not
CVE-2016-9829 [listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)]
RESERVED
- ming <removed>
More information about the Secure-testing-commits
mailing list