[Secure-testing-commits] r51392 - in data: . CVE

Markus Koschany apo at moszumanska.debian.org
Sun May 7 20:26:16 UTC 2017 

Author: apo
Date: 2017-05-07 20:26:16 +0000 (Sun, 07 May 2017)
New Revision: 51392

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Update status of imagemagick in dla-needed.txt


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-07 20:18:52 UTC (rev 51391)
+++ data/CVE/list	2017-05-07 20:26:16 UTC (rev 51392)
@@ -123,7 +123,6 @@
 CVE-2017-8765 (The function named ReadICONImage in coders\icon.c in ImageMagick ...)
 	- imagemagick <unfixed> (low)
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/466
 CVE-2017-8764
 	RESERVED
@@ -1049,77 +1048,62 @@
 CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/453
 CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/449
 CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/450
 CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/451
 CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/454
 CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/452
 CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/448
 CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/447
 CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/443
 CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/445
 CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/441
 CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/440
 CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/442
 CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/446
 CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows ...)
 	- imagemagick <unfixed>
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
-	[wheezy] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/444
 CVE-2017-8341
 	RESERVED

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-05-07 20:18:52 UTC (rev 51391)
+++ data/dla-needed.txt	2017-05-07 20:26:16 UTC (rev 51392)
@@ -25,6 +25,11 @@
 --
 icu (Thorsten Alteholz)
 --
+imagemagick
+  NOTE: No need to wait for more serious issues. Imagemagick is an important
+  NOTE: and widespread tool on production systems. CVEs should be fixed rather
+  NOTE: sooner than later.
+--
 jasper (Thorsten Alteholz)
   NOTE: 20170430, not patch for the remaining CVEs yet
 --

More information about the Secure-testing-commits mailing list