[Secure-testing-commits] r56684 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Oct 14 09:22:50 UTC 2017
Author: carnil
Date: 2017-10-14 09:22:49 +0000 (Sat, 14 Oct 2017)
New Revision: 56684
Modified:
data/CVE/list
Log:
Remove todo for CVE-2017-13737/graphicsmagick
Upstream mentioned that this mgiht be an issue in tiff, and fixed in
4.0.8. But retesting with an up-to-date unstable system the issue is
still present. The issue was specifically assigned as well for
graphicsmagick, where at first glance seem to be where the issue is
raised.
Filling a bug report to keep track on the issue.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-14 05:14:14 UTC (rev 56683)
+++ data/CVE/list 2017-10-14 09:22:49 UTC (rev 56684)
@@ -4329,7 +4329,6 @@
CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...)
- graphicsmagick <unfixed> (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196
- TODO: asked MITRE for clarification if 1/ should be for libtiff indeed and/or possibly already a duplicate then.
CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in ...)
- graphicsmagick <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192
More information about the Secure-testing-commits
mailing list