[Secure-testing-commits] r57602 - in data: . CVE
Roberto C. Sanchez
roberto at moszumanska.debian.org
Mon Nov 13 14:58:14 UTC 2017
Author: roberto
Date: 2017-11-13 14:58:14 +0000 (Mon, 13 Nov 2017)
New Revision: 57602
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Annotate CVE-2017-16546 as not affecting wheezy; remove imagemagick from dla-needed.txt as no open CVEs affect it
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-13 13:57:10 UTC (rev 57601)
+++ data/CVE/list 2017-11-13 14:58:14 UTC (rev 57602)
@@ -584,6 +584,7 @@
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...)
- imagemagick <unfixed> (bug #881392)
+ [wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
NOTE: https://github.com/ImageMagick/ImageMagick/issues/851
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-13 13:57:10 UTC (rev 57601)
+++ data/dla-needed.txt 2017-11-13 14:58:14 UTC (rev 57602)
@@ -18,8 +18,6 @@
--
graphicsmagick (Roberto C. Sánchez)
--
-imagemagick (Roberto C. Sánchez)
---
irssi (Rhonda D'Vine)
--
jasperreports
More information about the Secure-testing-commits
mailing list