[Secure-testing-commits] r45489 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Oct 21 11:00:58 UTC 2016
Author: carnil
Date: 2016-10-21 11:00:58 +0000 (Fri, 21 Oct 2016)
New Revision: 45489
Modified:
data/CVE/list
Log:
Add CVE-2016-8866, and andd information for CVE-2016-8862
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-21 07:53:05 UTC (rev 45488)
+++ data/CVE/list 2016-10-21 11:00:58 UTC (rev 45489)
@@ -1,3 +1,7 @@
+CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)]
+ - imagemagick <not-affected>
+ NOTE: For incomplete fix of CVE-2016-8862
+ NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
CVE-2016-8859
- tre <unfixed>
- musl <unfixed>
@@ -10,6 +14,8 @@
CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)]
- imagemagick <unfixed>
NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
+ NOTE: that the initial patch was incomplete and resulted in CVE-2016-8866. So when fixing
+ NOTE: this CVE make sure to fix it completely to not open up CVE-2016-8866.
NOTE: http://www.openwall.com/lists/oss-security/2016/10/17/4
CVE-2016-8860 [tor DoS]
{DSA-3694-1 DLA-663-1}
More information about the Secure-testing-commits
mailing list