[Secure-testing-commits] r46525 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Nov 25 06:18:55 UTC 2016
Author: carnil
Date: 2016-11-25 06:18:54 +0000 (Fri, 25 Nov 2016)
New Revision: 46525
Modified:
data/CVE/list
Log:
Add note for CVE-2016-8866
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-25 05:21:33 UTC (rev 46524)
+++ data/CVE/list 2016-11-25 06:18:54 UTC (rev 46525)
@@ -2437,6 +2437,8 @@
- imagemagick <not-affected>
NOTE: For incomplete fix of CVE-2016-8862
NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
+ NOTE: This is not a real problem in imagemagick but caused by the "observer" (the address sanitizer), cf.
+ NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255 .
CVE-2016-8859 [Regex integer overflow in buffer size computations]
RESERVED
{DLA-687-1}
@@ -2460,6 +2462,7 @@
NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
NOTE: that the initial patch was incomplete and resulted in CVE-2016-8866. So when fixing
NOTE: this CVE make sure to fix it completely to not open up CVE-2016-8866.
+ NOTE: The "incomplete fix" though is not a real problem, cf. https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255
NOTE: http://www.openwall.com/lists/oss-security/2016/10/17/4
CVE-2016-8860 [tor DoS]
RESERVED
More information about the Secure-testing-commits
mailing list