[Secure-testing-commits] r54074 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Sun Jul 30 13:50:27 UTC 2017
Author: apo
Date: 2017-07-30 13:50:27 +0000 (Sun, 30 Jul 2017)
New Revision: 54074
Modified:
data/CVE/list
Log:
CVE-2017-11139,graphicsmagick: Wheezy is not affected
The vulnerable code was introduced to fix CVE-2017-11102. Since we don't
refactor the code because the DestroyJNGInfo function does not exist, we also
don't need to apply the patch to fix the double free.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-30 13:33:41 UTC (rev 54073)
+++ data/CVE/list 2017-07-30 13:50:27 UTC (rev 54074)
@@ -1811,6 +1811,7 @@
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a
CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ...)
- graphicsmagick 1.3.26-2 (low)
+ [wheezy] - graphicsmagick <not-affected> (vulnerable code for CVE-2017-11102 not applied in Wheezy)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b
CVE-2017-11138
RESERVED
More information about the Secure-testing-commits
mailing list