[Secure-testing-commits] r54407 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-08-07 21:20:36 +0000 (Mon, 07 Aug 2017)
New Revision: 54407

Modified:
   data/CVE/list
Log:
Two more imagemagick issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-07 21:17:04 UTC (rev 54406)
+++ data/CVE/list	2017-08-07 21:20:36 UTC (rev 54407)
@@ -34,9 +34,9 @@
 CVE-2017-12645 (XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid ...)
 	TODO: check
 CVE-2017-12644 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...)
-	TODO: check
-CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/551
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0
 CVE-2017-12642 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...)
 	TODO: check
 CVE-2017-12641 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...)
@@ -1982,9 +1982,10 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/596
 CVE-2017-XXXX [out-of-bounds read with the MNG CLIP chunk]
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
-CVE-2017-XXXX [memory exhaustion in ReadOneJNGImage in png.c]
+CVE-2017-12643 [memory exhaustion in ReadOneJNGImage in png.c]
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870107)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
 CVE-2017-XXXX [heap buffer overflow in ReadOneMNGImage]
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/542