[Secure-testing-commits] r47568 - in data: . CVE

Ola Lundqvist opal at moszumanska.debian.org
Thu Dec 29 21:43:38 UTC 2016 

Author: opal
Date: 2016-12-29 21:43:38 +0000 (Thu, 29 Dec 2016)
New Revision: 47568

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Imagemagick not vulnerable according to latest information.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-29 21:38:07 UTC (rev 47567)
+++ data/CVE/list	2016-12-29 21:43:38 UTC (rev 47568)
@@ -11417,6 +11417,7 @@
 	RESERVED
 	{DSA-3726-1}
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
+	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u10
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
@@ -13996,6 +13997,7 @@
 	RESERVED
 	{DSA-3726-1}
 	- imagemagick 8:6.9.6.2+dfsg-1 (bug #845206)
+	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u10
 	NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
 CVE-2016-8676 [Issue that remains after addressing CVE-2016-8675 with e5b019725f53b79159931d3a7317107cbbfd0860]

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-12-29 21:38:07 UTC (rev 47567)
+++ data/dla-needed.txt	2016-12-29 21:43:38 UTC (rev 47568)
@@ -36,10 +36,6 @@
   NOTE: have got information from the stable security team. The problem is not
   NOTE: very important according to the maintainer.
 --
-imagemagick (Emilio Pozuelo)
-  NOTE: CVE-2016-8677 and CVE-2016-9559 are not major issues but as they were
-  NOTE: fixed in jessie it is probably worth fixing in wheezy too.
---
 libav (Hugo Lefeuvre)
   NOTE: Upstream should provide new point-releases fixing open security issues in the next months.
   NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML)

More information about the Secure-testing-commits mailing list