[Secure-testing-commits] r54097 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-07-30 19:08:36 +0000 (Sun, 30 Jul 2017)
New Revision: 54097

Modified:
   data/CVE/list
Log:
Update status for CVE-2017-11538/imagemagick

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-30 19:06:40 UTC (rev 54096)
+++ data/CVE/list	2017-07-30 19:08:36 UTC (rev 54097)
@@ -596,9 +596,10 @@
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870120)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/582
 CVE-2017-11538 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
-	- imagemagick <unfixed> (bug #870110)
+	- imagemagick <not-affected> (Vulnerable code introduced later, cf bug #870110)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/569
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0a80c9e5f293a8de51011ac784ac52b96932c08f
+	NOTE: Introduced after: https://github.com/ImageMagick/ImageMagick/commit/0bf18387ae1336475631284854b664d0e2d89697
 CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
 	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869712)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/560