[Secure-testing-commits] r54203 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Aug 2 13:30:15 UTC 2017
Author: carnil
Date: 2017-08-02 13:30:15 +0000 (Wed, 02 Aug 2017)
New Revision: 54203
Modified:
data/CVE/list
Log:
Update status for CVE-2017-11750
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-02 13:25:26 UTC (rev 54202)
+++ data/CVE/list 2017-08-02 13:30:15 UTC (rev 54203)
@@ -926,6 +926,8 @@
CVE-2017-XXXX [memory leak in ReadOneJNGImage #618]
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870118)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/618
+ NOTE: When fixing this issue make sure to not open CVE-2017-11750
+ NOTE: apply the complete patch from the CVE-2017-11750 entry
CVE-2017-XXXX [memory leak in ReadOneMNGImage #619]
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870117)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/619
@@ -977,11 +979,14 @@
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b04e9c949d917a4a603f1a9bfe09737246229323
CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and ...)
- imagemagick <unfixed> (bug #870478)
+ [stretch] - imagemagick <not-affected> (Incomplete patch for upstream issues/618 not applied)
+ [jessie] - imagemagick <not-affected> (Incomplete patch for upstream issues/618 not applied)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/632
NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8cc53f1d8946bad2a2c62e084aaf956d4d889f08
NOTE: Introduced by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/3cba1bb43acf5b3cba7388f67bf87b6f192138f0
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680
NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7
+ NOTE: Issue introduced by the original patch for https://github.com/ImageMagick/ImageMagick/issues/618
TODO: check if patch simplifying patch applied in any suite
CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted search path, ...)
NOT-FOR-US: InternetSoft FTP Commander
More information about the Secure-testing-commits
mailing list