[Secure-testing-commits] r53654 - in data: CVE DSA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Jul 19 09:13:37 UTC 2017
Author: jmm
Date: 2017-07-19 09:13:37 +0000 (Wed, 19 Jul 2017)
New Revision: 53654
Modified:
data/CVE/list
data/DSA/list
Log:
one imagemagick issue CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-19 09:10:15 UTC (rev 53653)
+++ data/CVE/list 2017-07-19 09:13:37 UTC (rev 53654)
@@ -13,7 +13,10 @@
CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...)
TODO: check
CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable ...)
- TODO: check
+ - imagemagick 8:6.9.7.4+dfsg-12 (bug #867896)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before ...)
TODO: check
CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...)
@@ -332,13 +335,6 @@
[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
NOTE: https://github.com/ImageMagick/ImageMagick/issues/506
-CVE-2017-XXXX [enable heap overflow check for stdin for mpc files]
- - imagemagick 8:6.9.7.4+dfsg-12 (bug #867896)
- [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
- [jessie] - imagemagick 8:6.8.9.9-5+deb8u10
- NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
- NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce
- NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
CVE-2017-11334 [exec: oob access during dma operation]
RESERVED
- qemu <unfixed>
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2017-07-19 09:10:15 UTC (rev 53653)
+++ data/DSA/list 2017-07-19 09:13:37 UTC (rev 53654)
@@ -1,5 +1,5 @@
[18 Jul 2017] DSA-3914-1 imagemagick - security update
- {CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11360 CVE-2017-11352}
+ {CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11360 CVE-2017-11352 CVE-2017-11449}
[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
[18 Jul 2017] DSA-3913-1 apache2 - security update
More information about the Secure-testing-commits
mailing list