[Secure-testing-commits] r54114 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jul 31 04:28:01 UTC 2017
Author: carnil
Date: 2017-07-31 04:28:00 +0000 (Mon, 31 Jul 2017)
New Revision: 54114
Modified:
data/CVE/list
Log:
Track more imagemagick issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-31 04:19:48 UTC (rev 54113)
+++ data/CVE/list 2017-07-31 04:28:00 UTC (rev 54114)
@@ -5,15 +5,31 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/634
TODO: check, possibly fixed by same commit as issue #631 upstream
CVE-2017-11754 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
- TODO: check
+ - imagemagick <unfixed>
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/633
+ TODO: check, possibly fixed by same commit as issue #631 upstream
CVE-2017-11753 (The GetImageDepth function in MagickCore/attribute.c in ImageMagick ...)
+ - imagemagick <unfixed>
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/629
TODO: check
CVE-2017-11752 (The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...)
- TODO: check
+ - imagemagick <unfixed>
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/628
+ NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/21d19d0c64ff070dbf37279432837bf425c0d5dd
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eccfd52199616da66c93b6d627d4d4126f5a5f0
CVE-2017-11751 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
- TODO: check
+ - imagemagick <unfixed>
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/631
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb713211bad3fa4f0c535255fa043917482fc964
+ NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b04e9c949d917a4a603f1a9bfe09737246229323
CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and ...)
- TODO: check
+ - imagemagick <unfixed>
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/632
+ NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8cc53f1d8946bad2a2c62e084aaf956d4d889f08
+ NOTE: Introduced by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/3cba1bb43acf5b3cba7388f67bf87b6f192138f0
+ NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680
+ NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7
+ TODO: check if patch simplifying patch applied in any suite
CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted search path, ...)
TODO: check
CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL ...)
More information about the Secure-testing-commits
mailing list