[Secure-testing-commits] r50628 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 13 19:11:57 UTC 2017
Author: carnil
Date: 2017-04-13 19:11:57 +0000 (Thu, 13 Apr 2017)
New Revision: 50628
Modified:
data/CVE/list
Log:
Two CVEs fixed in imagemagick, #859769, #859771
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-13 18:36:49 UTC (rev 50627)
+++ data/CVE/list 2017-04-13 19:11:57 UTC (rev 50628)
@@ -628,11 +628,11 @@
[wheezy] - asterisk <not-affected> (Vulnerable code not present)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-001.html
CVE-2017-7619 (In ImageMagick 7.0.4-9, an infinite loop can occur because of a ...)
- - imagemagick <unfixed> (bug #859769)
+ - imagemagick 8:6.9.7.4+dfsg-4 (bug #859769)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506
NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f
CVE-2017-7606 (coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of ...)
- - imagemagick <unfixed> (bug #859771)
+ - imagemagick 8:6.9.7.4+dfsg-4 (bug #859771)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/415
NOTE: https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
CVE-2017-7591 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site ...)
More information about the Secure-testing-commits
mailing list