[Secure-testing-commits] r56599 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Oct 11 09:17:30 UTC 2017


Author: carnil
Date: 2017-10-11 09:17:30 +0000 (Wed, 11 Oct 2017)
New Revision: 56599

Modified:
   data/CVE/list
Log:
Add two imagemagick issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-11 09:14:53 UTC (rev 56598)
+++ data/CVE/list	2017-10-11 09:17:30 UTC (rev 56599)
@@ -100,9 +100,15 @@
 CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...)
 	TODO: check
 CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in ...)
-	TODO: check
+	- imagemagick <unfixed> (unimportant)
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/760
+	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/698c09d05a749664288281012f319cd51da664ee
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6387479aa974709d5c329c8efbde38175f386844
 CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...)
-	TODO: check
+	- imagemagick <unfixed> (unimportant)
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/759
+	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9bad9cd6752bf8dc5825f555fd1117855bd2fc47
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8fa3c10977f668c92688272a4802f4477df61076
 CVE-2016-10514 (url_check_format in include/functions.inc.php in Piwigo before 2.8.3 ...)
 	- piwigo <removed>
 CVE-2016-10513 (Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted ...)




More information about the Secure-testing-commits mailing list