[Secure-testing-commits] r57378 - in data: . CVE

Ola Lundqvist opal at moszumanska.debian.org
Mon Nov 6 20:36:58 UTC 2017


Author: opal
Date: 2017-11-06 20:36:58 +0000 (Mon, 06 Nov 2017)
New Revision: 57378

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triaging graphicsmagick.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-06 20:03:20 UTC (rev 57377)
+++ data/CVE/list	2017-11-06 20:36:58 UTC (rev 57378)
@@ -59,6 +59,10 @@
 	- graphicsmagick 1.3.26-18
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/519/
+	NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this
+	NOTE: the severity of the wheezy version is low even though the vulnerable code is still present.
+	NOTE: The patch is trivial so it may be worth fixing in combination with some other fix.
+	[wheezy] - graphicsmagick <no-dsa> (Not possible to trigger with presented test case)
 CVE-2017-16544
 	RESERVED
 CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-11-06 20:03:20 UTC (rev 57377)
+++ data/dla-needed.txt	2017-11-06 20:36:58 UTC (rev 57378)
@@ -18,6 +18,8 @@
   NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155c5a@pbandjelly.org
   NOTE: 20171013: anarcat pinged maintainer: https://lists.debian.org/87efpuc95w.fsf@curie.anarc.at
 --
+graphicsmagick
+--
 irssi (Rhonda D'Vine)
 --
 jasperreports




More information about the Secure-testing-commits mailing list