[Secure-testing-commits] r45354 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 16 06:06:22 UTC 2016
Author: carnil
Date: 2016-10-16 06:06:21 +0000 (Sun, 16 Oct 2016)
New Revision: 45354
Modified:
data/CVE/list
Log:
Add CVE-2016-8677/imagemagick
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-16 05:59:14 UTC (rev 45353)
+++ data/CVE/list 2016-10-16 06:06:21 UTC (rev 45354)
@@ -70,6 +70,11 @@
NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
NOTE: https://github.com/libarchive/libarchive/issues/767
+CVE-2016-8677 [memory allocate failure in AcquireQuantumPixels]
+ - imagemagick <unfixed>
+ NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
+ NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
+ TODO: check
CVE-2016-8676 [Issue that remains after addressing CVE-2016-8675 with e5b019725f53b79159931d3a7317107cbbfd0860]
- libav <removed>
NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
More information about the Secure-testing-commits
mailing list