[Secure-testing-commits] r46587 - in data: . CVE DSA
Luciano Bello
luciano at moszumanska.debian.org
Sun Nov 27 04:32:26 UTC 2016
Author: luciano
Date: 2016-11-27 04:32:26 +0000 (Sun, 27 Nov 2016)
New Revision: 46587
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
DSA imagemagick
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-26 21:47:15 UTC (rev 46586)
+++ data/CVE/list 2016-11-27 04:32:26 UTC (rev 46587)
@@ -629,24 +629,26 @@
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
CVE-2016-XXXX [mat file out of bound]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
- TODO: check
CVE-2016-XXXX [Add check for invalid mat file]
- imagemagick <unfixed> (bug #845244)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
- TODO: check
CVE-2016-9559 [null pointer passed as argument 2, which is declared to never be null]
RESERVED
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
RESERVED
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845242)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master)
@@ -659,23 +661,25 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
CVE-2016-XXXX [Suspend exception processing if there are too many exceptions]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
CVE-2016-XXXX [Fix out of bound read in viff file handling]
- imagemagick <unfixed> (bug #845212)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
- TODO: check
CVE-2016-XXXX [Better check for bufferoverflow for TIFF handling]
- imagemagick <unfixed> (bug #845202)
- TODO: check
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
CVE-2016-XXXX [Check validity of extend during TIFF file reading]
- imagemagick <unfixed> (bug #845198)
- TODO: check
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
CVE-2016-XXXX [Check return of write function]
- imagemagick <unfixed> (bug #845196)
- TODO: check
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
CVE-2016-XXXX [Imagemagick (jessie and older) buffer overflow]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
RESERVED
@@ -2921,6 +2925,7 @@
CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)]
RESERVED
- imagemagick 8:6.9.6.6+dfsg-1 (bug #845634)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc
NOTE: The initial patch was initiall meant to be incomplete and resulted in CVE-2016-8866. So when fixing
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-11-26 21:47:15 UTC (rev 46586)
+++ data/DSA/list 2016-11-27 04:32:26 UTC (rev 46587)
@@ -1,3 +1,6 @@
+[26 Nov 2016] DSA-3725-1 imagemagick - security update
+ {CVE-2016-7799 CVE-2016-7906 CVE-2016-8677}
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
[24 Nov 2016] DSA-3724-1 gst-plugins-good0.10 - security update
{CVE-2016-9634 CVE-2016-9635 CVE-2016-9636}
[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-11-26 21:47:15 UTC (rev 46586)
+++ data/dsa-needed.txt 2016-11-27 04:32:26 UTC (rev 46587)
@@ -23,9 +23,6 @@
have been unable to reproduce the crash as described in the PHP bug report
gcs proposed debdiff to review for upload
--
-imagemagick (luciano)
- Needs to be sponsored.
---
jasper (jmm)
--
libical
More information about the Secure-testing-commits
mailing list