[Secure-testing-commits] r47471 - in data: CVE DLA DSA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 27 05:44:04 UTC 2016
Author: carnil
Date: 2016-12-27 05:44:04 +0000 (Tue, 27 Dec 2016)
New Revision: 47471
Modified:
data/CVE/list
data/DLA/list
data/DSA/list
Log:
CVE-201-6-1006{0,1,2}/imagemagick assigned
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-27 05:43:54 UTC (rev 47470)
+++ data/CVE/list 2016-12-27 05:44:04 UTC (rev 47471)
@@ -9292,14 +9292,26 @@
NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-XXXX [Check return of write function]
+CVE-2016-10062 [fwrite issue in ReadGROUP4Image]
+ - imagemagick <unfixed>
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
+ NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: CVE is for the fwrite issue in ReadGROUP4Image. This was
+ NOTE: specifically noted at the beginning of issues/196, but not fixed in
+ NOTE: either of these commits 933e96f01a8c889c7bf5ffd30020e86a02a046e7 nor
+ NOTE: 4e914bbe371433f0590cefdf3bd5f3a5710069f9 upstream. It is not the same
+ NOTE: as the fputc issue in ReadGROUP4Image.
+CVE-2016-10061 [Check return of write function]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
- NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
- [wheezy] - imagemagick 8:6.7.7.10-5+deb7u10
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
+ NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+CVE-2016-10060 [Check return of write function]
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
NOTE: latter patch was missing from 8:6.8.9.9-5+deb8u6 upload so DSA-3726-1 was incomplete
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10059 [Imagemagick (jessie and older) buffer overflow]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2016-12-27 05:43:54 UTC (rev 47470)
+++ data/DLA/list 2016-12-27 05:44:04 UTC (rev 47471)
@@ -26,7 +26,7 @@
{CVE-2016-4412 CVE-2016-6626 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2016-9865}
[wheezy] - phpmyadmin 4:3.4.11.1-2+deb7u7
[21 Dec 2016] DLA-756-1 imagemagick - security update
- {CVE-2016-7799 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-10059}
+ {CVE-2016-7799 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061}
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u10
[21 Dec 2016] DLA-755-1 dcmtk - security update
{CVE-2015-8979}
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-12-27 05:43:54 UTC (rev 47470)
+++ data/DSA/list 2016-12-27 05:44:04 UTC (rev 47471)
@@ -67,7 +67,7 @@
{CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333}
[jessie] - hdf5 1.8.13+docs-15+deb8u1
[26 Nov 2016] DSA-3726-1 imagemagick - security update
- {CVE-2016-7799 CVE-2016-7906 CVE-2016-8677 CVE-2016-8862 CVE-2016-9556 CVE-2016-9559 CVE-2016-10059}
+ {CVE-2016-7799 CVE-2016-7906 CVE-2016-8677 CVE-2016-8862 CVE-2016-9556 CVE-2016-9559 CVE-2016-10059 CVE-2016-10061}
[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
[27 Nov 2016] DSA-3725-1 icu - security update
{CVE-2014-9911 CVE-2015-2632 CVE-2015-4844 CVE-2016-0494 CVE-2016-6293 CVE-2016-7415}
More information about the Secure-testing-commits
mailing list