[Secure-testing-commits] r47468 - in data: CVE DLA DSA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Dec 27 05:31:17 UTC 2016 

Author: carnil
Date: 2016-12-27 05:31:17 +0000 (Tue, 27 Dec 2016)
New Revision: 47468

Modified:
   data/CVE/list
   data/DLA/list
   data/DSA/list
Log:
CVE-2016-1005{4,5,6,7}/imagemagick assigned

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-27 05:31:06 UTC (rev 47467)
+++ data/CVE/list	2016-12-27 05:31:17 UTC (rev 47468)
@@ -16791,12 +16791,22 @@
 CVE-2015-8955 (arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 ...)
 	- linux 4.1.3-1
 	NOTE: Fixed by: https://git.kernel.org/linus/8fff105e13041e49b82f92eef034f363a6b1c071 (4.1-rc1)
-CVE-2016-XXXX [Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders (bug report from Donghai Zhu)]
+CVE-2016-10057
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
-	[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
-	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
-	NOTE: Workaround entry for DLA-731-1 until CVE is assigned
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
+	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+CVE-2016-10056
+	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
+	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+CVE-2016-10055
+	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
+	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+CVE-2016-10054
+	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
+	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10053 [TIFF divide by zero]
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
 	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-12-27 05:31:06 UTC (rev 47467)
+++ data/DLA/list	2016-12-27 05:31:17 UTC (rev 47468)
@@ -109,7 +109,7 @@
 	{CVE-2016-7067}
 	[wheezy] - monit 1:5.4-2+deb7u1
 [02 Dec 2016] DLA-731-1 imagemagick - security update
-	{CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-4562 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6823 CVE-2016-7101 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7536 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-10046 CVE-2016-10048 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052}
+	{CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-4562 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6823 CVE-2016-7101 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7536 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-10046 CVE-2016-10048 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10054 CVE-2016-10055 CVE-2016-10056 CVE-2016-10057}
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
 [01 Dec 2016] DLA-730-1 firefox-esr - security update
 	{CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9079}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2016-12-27 05:31:06 UTC (rev 47467)
+++ data/DSA/list	2016-12-27 05:31:17 UTC (rev 47468)
@@ -227,7 +227,7 @@
 [23 Sep 2016] DSA-3673-2 openssl - regression update
 	[jessie] - openssl 1.0.1t-1+deb8u5
 [23 Sep 2016] DSA-3675-1 imagemagick - security update
-	{CVE-2016-10053}
+	{CVE-2016-10053 CVE-2016-10054 CVE-2016-10055 CVE-2016-10056 CVE-2016-10057}
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
 [22 Sep 2016] DSA-3674-1 firefox-esr - security update
 	{CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284}

More information about the Secure-testing-commits mailing list