[Secure-testing-commits] r38996 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jan 18 06:22:03 UTC 2016


Author: carnil
Date: 2016-01-18 06:22:02 +0000 (Mon, 18 Jan 2016)
New Revision: 38996

Modified:
   data/CVE/list
Log:
Updates for imagemagick issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-18 06:18:26 UTC (rev 38995)
+++ data/CVE/list	2016-01-18 06:22:02 UTC (rev 38996)
@@ -1,3 +1,6 @@
+CVE-2016-XXXX [Multiple minor security issues]
+	- imagemagick 8:6.8.9.9-7 (bug #811308)
+	TODO: check, needs possibly CVEs
 CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3]
 	NOT-FOR-US: KNOX 1.0 / Android 4.3
 CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3]
@@ -7403,7 +7406,7 @@
 CVE-2014-9752 (Unrestricted file upload vulnerability in ...)
 	TODO: check
 CVE-2015-XXXX [Double free in coders/pict.c:2000]
-	- imagemagick <unfixed> (bug #806441)
+	- imagemagick 8:6.8.9.9-7 (bug #806441)
 	[jessie] - imagemagick <no-dsa> (Minor issue)
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
 	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
@@ -7421,7 +7424,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
 	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
 CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
-	- imagemagick <unfixed> (bug #806441)
+	- imagemagick 8:6.8.9.9-7 (bug #806441)
 	[jessie] - imagemagick <no-dsa> (Minor issue)
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
 	[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7




More information about the Secure-testing-commits mailing list