[Secure-testing-commits] r51787 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun May 21 04:08:44 UTC 2017
Author: carnil
Date: 2017-05-21 04:08:44 +0000 (Sun, 21 May 2017)
New Revision: 51787
Modified:
data/CVE/list
Log:
Add graphicsmagick to CVE-2017-9098 (clarified with MITRE that it is for both products)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-20 21:10:13 UTC (rev 51786)
+++ data/CVE/list 2017-05-21 04:08:44 UTC (rev 51787)
@@ -5,7 +5,9 @@
RESERVED
CVE-2017-9098 (ImageMagick before 7.0.5-2 uses uninitialized memory in the RLE ...)
- imagemagick <unfixed> (bug #862967)
- NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
+ - graphicsmagick 1.3.24-1
+ NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
+ NOTE: GraphicsMagick fix: http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c
NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
CVE-2017-9097
RESERVED
More information about the Secure-testing-commits
mailing list