[Secure-testing-commits] r38896 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jan 14 07:29:39 UTC 2016


Author: carnil
Date: 2016-01-14 07:29:39 +0000 (Thu, 14 Jan 2016)
New Revision: 38896

Modified:
   data/CVE/list
Log:
Mark two temporary entries for imagemagick as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-13 22:17:19 UTC (rev 38895)
+++ data/CVE/list	2016-01-14 07:29:39 UTC (rev 38896)
@@ -6914,6 +6914,8 @@
 	TODO: check
 CVE-2015-XXXX [Double free in coders/pict.c:2000]
 	- imagemagick <unfixed> (bug #806441)
+	[jessie] - imagemagick <no-dsa> (Minor issue)
+	[wheezy] - imagemagick <no-dsa> (Minor issue)
 	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
 	NOTE: workaround entry for DLA-353-1 until/if CVE assigned
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
@@ -6930,6 +6932,8 @@
 	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
 CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
 	- imagemagick <unfixed> (bug #806441)
+	[jessie] - imagemagick <no-dsa> (Minor issue)
+	[wheezy] - imagemagick <no-dsa> (Minor issue)
 	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
 	NOTE: workaround entry for DLA-353-1 until/if CVE assigned
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747




More information about the Secure-testing-commits mailing list