[Secure-testing-commits] r44730 - data/CVE

[Markus Koschany]

Author: apo
Date: 2016-09-18 21:14:07 +0000 (Sun, 18 Sep 2016)
New Revision: 44730

Modified:
   data/CVE/list
Log:
Add graphicsmagick, CVE-2016-{7446,7447,7448,7449) patches


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-18 21:10:21 UTC (rev 44729)
+++ data/CVE/list	2016-09-18 21:14:07 UTC (rev 44730)
@@ -2186,17 +2186,22 @@
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5
 	NOTE: https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/
 	NOTE: https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/
+	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/eb58028dacf5
 CVE-2016-7448 [Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU]
 	RESERVED
 	- graphicsmagick 1.3.25-1
+	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/30043afadb10
+	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d972c761b55d
 CVE-2016-7447 [heap overflow of the EscapeParenthesis() function]
 	RESERVED
 	- graphicsmagick 1.3.25-1
+	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d580e3c3c034
 CVE-2016-7446 [heap buffer overflow issue in MVG/SVG rendering]
 	RESERVED
 	- graphicsmagick 1.3.25-1
 	NOTE: For the http://www.graphicsmagick.org/NEWS.html#september-5-2016 case
 	NOTE: which remained present in the 1.3.24 release (and was not fixed until 1.3.25)
+	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215
 CVE-2016-7445 [openjpeg null ptr dereference]
 	RESERVED
 	- openjpeg2 <unfixed>