[Secure-testing-commits] r42267 - in data: CVE DLA DSA

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-06-02 19:21:55 +0000 (Thu, 02 Jun 2016)
New Revision: 42267

Modified:
   data/CVE/list
   data/DLA/list
   data/DSA/list
Log:
Add CVE-2016-5239

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-02 19:09:07 UTC (rev 42266)
+++ data/CVE/list	2016-06-02 19:21:55 UTC (rev 42267)
@@ -104,6 +104,11 @@
 	- mat <unfixed> (bug #826101)
 	NOTE: https://labs.riseup.net/code/issues/11067
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
+CVE-2016-5239 [mageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection]
+	{DSA-3580-1 DLA-486-1 DLA-484-1}
+	- graphicsmagick 1.3.24-1
+	- imagemagick <unfixed>
+	NOTE: http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16
 CVE-2016-5238 [scsi: esp: OOB write when using non-DMA mode in get_cmd]
 	- qemu <unfixed> (bug #826152)
 	- qemu-kvm <removed>

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-06-02 19:09:07 UTC (rev 42266)
+++ data/DLA/list	2016-06-02 19:21:55 UTC (rev 42267)
@@ -46,13 +46,13 @@
 [25 May 2016] DLA-487-1 debian-security-support - Long term security support update
 	[wheezy] - debian-security-support 2016.05.24~deb7u1
 [23 May 2016] DLA-486-1 imagemagick - security update
-	{CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
+	{CVE-2016-5239 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u5
 [22 May 2016] DLA-485-1 extplorer - security update
 	{CVE-2015-5660}
 	[wheezy] - extplorer 2.1.0b6+dfsg.3-4+deb7u3
 [21 May 2016] DLA-484-1 graphicsmagick - security update
-	{CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
+	{CVE-2016-5239 CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
 	[wheezy] - graphicsmagick 1.3.16-1.1+deb7u1
 [19 May 2016] DLA-483-1 expat - security update
 	{CVE-2016-0718}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2016-06-02 19:09:07 UTC (rev 42266)
+++ data/DSA/list	2016-06-02 19:21:55 UTC (rev 42267)
@@ -35,7 +35,7 @@
 	{CVE-2016-3698}
 	[jessie] - libndp 1.4-2+deb8u1
 [16 May 2016] DSA-3580-1 imagemagick - security update
-	{CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
+	{CVE-2016-5239 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u2
 [16 May 2016] DSA-3579-1 xerces-c - security update
 	{CVE-2016-2099}