[Secure-testing-commits] r38896 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 14 07:29:39 UTC 2016
Author: carnil
Date: 2016-01-14 07:29:39 +0000 (Thu, 14 Jan 2016)
New Revision: 38896
Modified:
data/CVE/list
Log:
Mark two temporary entries for imagemagick as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-13 22:17:19 UTC (rev 38895)
+++ data/CVE/list 2016-01-14 07:29:39 UTC (rev 38896)
@@ -6914,6 +6914,8 @@
TODO: check
CVE-2015-XXXX [Double free in coders/pict.c:2000]
- imagemagick <unfixed> (bug #806441)
+ [jessie] - imagemagick <no-dsa> (Minor issue)
+ [wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
NOTE: workaround entry for DLA-353-1 until/if CVE assigned
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
@@ -6930,6 +6932,8 @@
NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
- imagemagick <unfixed> (bug #806441)
+ [jessie] - imagemagick <no-dsa> (Minor issue)
+ [wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
NOTE: workaround entry for DLA-353-1 until/if CVE assigned
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
More information about the Secure-testing-commits
mailing list