[Secure-testing-commits] r39823 - data/CVE

Brian May bam at moszumanska.debian.org
Mon Feb 22 23:29:34 UTC 2016 

Author: bam
Date: 2016-02-22 23:29:33 +0000 (Mon, 22 Feb 2016)
New Revision: 39823

Modified:
   data/CVE/list
Log:
Add link to latest CVE request; imagemagic issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-22 22:42:40 UTC (rev 39822)
+++ data/CVE/list	2016-02-22 23:29:33 UTC (rev 39823)
@@ -1958,7 +1958,7 @@
 	NOTE: fawour of the C version.
 CVE-2016-XXXX [Multiple minor security issues]
 	- imagemagick 8:6.8.9.9-7 (bug #811308)
-	TODO: check, needs possibly CVEs
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4
 CVE-2016-1925 [Improper handling of length parameter inconsitency]
 	RESERVED
 	- lha <removed> (unimportant)
@@ -9858,6 +9858,7 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4
 CVE-2015-XXXX [Double free in coders/tga.c:221]
 	- imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524)
 	[jessie] - imagemagick <not-affected> (Can't reproduce crash with file)
@@ -9866,6 +9867,7 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4
 	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
 CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
 	- imagemagick 8:6.8.9.9-7 (bug #806441)
@@ -9876,6 +9878,7 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4
 	NOTE: The issue is only exploitable on 32 bit architectures.
 CVE-2015-XXXX [EncryptedType uses static IV per key]
 	- python-sqlalchemy-utils <unfixed>

More information about the Secure-testing-commits mailing list