[Secure-testing-commits] r56699 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Oct 14 15:22:38 UTC 2017


Author: carnil
Date: 2017-10-14 15:22:38 +0000 (Sat, 14 Oct 2017)
New Revision: 56699

Modified:
   data/CVE/list
Log:
mark CVE-2017-15016/imagemagick as unimportant

Although vulnerable source present we do not compile emf.c.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-14 15:17:17 UTC (rev 56698)
+++ data/CVE/list	2017-10-14 15:22:38 UTC (rev 56699)
@@ -760,10 +760,11 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
 CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
 	{DLA-1131-1}
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/725
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
+	NOTE: emf.c not compiled under Debian
 CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
 	- imagemagick <unfixed>
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)




More information about the Secure-testing-commits mailing list