[Secure-testing-commits] r41547 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon May 9 04:27:32 UTC 2016
Author: carnil
Date: 2016-05-09 04:27:32 +0000 (Mon, 09 May 2016)
New Revision: 41547
Modified:
data/CVE/list
Log:
Add graphicsmagick as affected source package for CVE-2016-371{4,5,6,7,8}
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-09 04:04:40 UTC (rev 41546)
+++ data/CVE/list 2016-05-09 04:27:32 UTC (rev 41547)
@@ -2344,12 +2344,20 @@
RESERVED
CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...)
- imagemagick <unfixed>
+ - graphicsmagick <unfixed>
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
- imagemagick <unfixed>
+ - graphicsmagick <unfixed>
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
- imagemagick <unfixed>
+ - graphicsmagick <unfixed>
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...)
- imagemagick <unfixed>
+ - graphicsmagick <unfixed>
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...)
- imagemagick <unfixed>
NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
@@ -2357,6 +2365,8 @@
NOTE: Original upstream applied patches are incomplete and still to be finished
NOTE: https://imagetragick.com/
NOTE: notice how the workaround differs between the three refs above
+ - graphicsmagick <unfixed>
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
TODO: check if other packages are affected
CVE-2016-3713
RESERVED
More information about the Secure-testing-commits
mailing list