[Secure-testing-commits] r47255 - data/CVE

Antoine Beaupré anarcat at moszumanska.debian.org
Tue Dec 20 20:09:53 UTC 2016


Author: anarcat
Date: 2016-12-20 20:09:53 +0000 (Tue, 20 Dec 2016)
New Revision: 47255

Modified:
   data/CVE/list
Log:
add the CVE request for the remaining 20 imagemagick issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-20 19:57:47 UTC (rev 47254)
+++ data/CVE/list	2016-12-20 20:09:53 UTC (rev 47255)
@@ -8866,11 +8866,13 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Add check for invalid mat file]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 	NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-9559 [null pointer passed as argument 2, which is declared to never be null]
 	RESERVED
 	{DSA-3726-1}
@@ -8896,43 +8898,51 @@
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Fixed memory leak in psd file handling]
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845239)
 	[jessie] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Suspend exception processing if there are too many exceptions]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 	NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Fix out of bound read in viff file handling]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845212)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 	NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Better check for bufferoverflow for TIFF handling]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845202)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 	NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Check validity of extend during TIFF file reading]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845198)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 	NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Check return of write function]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
 	NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
 	NOTE: latter patch was missing from 8:6.8.9.9-5+deb8u6 upload so DSA-3726-1 was incomplete
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Imagemagick (jessie and older) buffer overflow]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 	NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
 	RESERVED
 	- tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297)
@@ -16410,11 +16420,13 @@
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
 	NOTE: Workaround entry for DLA-731-1 until CVE is assigned
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [TIFF divide by zero]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
 	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image ...)
 	{DLA-609-1}
 	- linux <not-affected>
@@ -17345,6 +17357,7 @@
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
 	NOTE: Workaround entry for DLA-731-1 until CVE is assigned
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-6792
 	RESERVED
 CVE-2016-6791
@@ -17602,6 +17615,7 @@
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
 	NOTE: Workaround entry for DLA-731-1 until CVE is assigned
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write function in ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #834904)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -17767,28 +17781,33 @@
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
 	NOTE: Workaround entry for DLA-731-1 until CVE is assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Segfault in ReadRLEImage]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833743)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
 	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Coder path transversal]
 	- imagemagick 8:6.9.5.7+dfsg-1 (bug #833735)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
 	NOTE: Workaround entry for DLA-731-1 until CVE is assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [memory leak]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833732)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present in version 6.7.7.10)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-XXXX [Buffer overflow in draw.c]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
 	NOTE: Workaround entry for DLA-731-1 until CVE is assigned
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-6887 [... wrong calculation result ...]
 	RESERVED
 	- matrixssl <removed>
@@ -69045,6 +69064,7 @@
 	- imagemagick 8:6.8.9.9-1 (bug #767240)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
 	[squeeze] - imagemagick <not-affected> (Vulnerable code not present)
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2014-8355 [buffer overflow in PCX parser]
 	RESERVED
 	{DLA-242-1}




More information about the Secure-testing-commits mailing list