[Secure-testing-commits] r57378 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Mon Nov 6 20:36:58 UTC 2017
Author: opal
Date: 2017-11-06 20:36:58 +0000 (Mon, 06 Nov 2017)
New Revision: 57378
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triaging graphicsmagick.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-06 20:03:20 UTC (rev 57377)
+++ data/CVE/list 2017-11-06 20:36:58 UTC (rev 57378)
@@ -59,6 +59,10 @@
- graphicsmagick 1.3.26-18
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/519/
+ NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this
+ NOTE: the severity of the wheezy version is low even though the vulnerable code is still present.
+ NOTE: The patch is trivial so it may be worth fixing in combination with some other fix.
+ [wheezy] - graphicsmagick <no-dsa> (Not possible to trigger with presented test case)
CVE-2017-16544
RESERVED
CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-06 20:03:20 UTC (rev 57377)
+++ data/dla-needed.txt 2017-11-06 20:36:58 UTC (rev 57378)
@@ -18,6 +18,8 @@
NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155c5a@pbandjelly.org
NOTE: 20171013: anarcat pinged maintainer: https://lists.debian.org/87efpuc95w.fsf@curie.anarc.at
--
+graphicsmagick
+--
irssi (Rhonda D'Vine)
--
jasperreports
More information about the Secure-testing-commits
mailing list