[Secure-testing-commits] r38996 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jan 18 06:22:03 UTC 2016
Author: carnil
Date: 2016-01-18 06:22:02 +0000 (Mon, 18 Jan 2016)
New Revision: 38996
Modified:
data/CVE/list
Log:
Updates for imagemagick issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-18 06:18:26 UTC (rev 38995)
+++ data/CVE/list 2016-01-18 06:22:02 UTC (rev 38996)
@@ -1,3 +1,6 @@
+CVE-2016-XXXX [Multiple minor security issues]
+ - imagemagick 8:6.8.9.9-7 (bug #811308)
+ TODO: check, needs possibly CVEs
CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3]
NOT-FOR-US: KNOX 1.0 / Android 4.3
CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3]
@@ -7403,7 +7406,7 @@
CVE-2014-9752 (Unrestricted file upload vulnerability in ...)
TODO: check
CVE-2015-XXXX [Double free in coders/pict.c:2000]
- - imagemagick <unfixed> (bug #806441)
+ - imagemagick 8:6.8.9.9-7 (bug #806441)
[jessie] - imagemagick <no-dsa> (Minor issue)
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
@@ -7421,7 +7424,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2
NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
- - imagemagick <unfixed> (bug #806441)
+ - imagemagick 8:6.8.9.9-7 (bug #806441)
[jessie] - imagemagick <no-dsa> (Minor issue)
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
More information about the Secure-testing-commits
mailing list