[Secure-testing-commits] r53656 - in data: CVE DSA

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jul 19 09:15:52 UTC 2017


Author: jmm
Date: 2017-07-19 09:15:52 +0000 (Wed, 19 Jul 2017)
New Revision: 53656

Modified:
   data/CVE/list
   data/DSA/list
Log:
imagemagick CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-19 09:14:39 UTC (rev 53655)
+++ data/CVE/list	2017-07-19 09:15:52 UTC (rev 53656)
@@ -22,7 +22,9 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11
 CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...)
-	TODO: check
+	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867897)
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
 CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an ...)
 	TODO: check
 CVE-2017-11445 (Subrion CMS before 4.1.6 has a SQL injection vulnerability in ...)
@@ -289,12 +291,6 @@
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2715
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556
-CVE-2017-XXXX [avoid a memory leak during screenshot]
-	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867897)
-	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
-	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
-	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
-	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
 CVE-2017-XXXX [Avoid heap based overflow for jpeg]
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867894)
 	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2017-07-19 09:14:39 UTC (rev 53655)
+++ data/DSA/list	2017-07-19 09:15:52 UTC (rev 53656)
@@ -1,5 +1,5 @@
 [18 Jul 2017] DSA-3914-1 imagemagick - security update
-	{CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11360 CVE-2017-11352 CVE-2017-11449 CVE-2017-11448}
+	{CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11360 CVE-2017-11352 CVE-2017-11449 CVE-2017-11448 CVE-2017-11447}
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
 	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
 [18 Jul 2017] DSA-3913-1 apache2 - security update




More information about the Secure-testing-commits mailing list