[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Various imagemagick issues fixed via experimental upload
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 10 07:11:48 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f7f454e1 by Salvatore Bonaccorso at 2018-02-10T08:11:04+01:00
Various imagemagick issues fixed via experimental upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1373,6 +1373,7 @@ CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in
NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
TODO: check
CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/964
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
@@ -3995,15 +3996,18 @@ CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_uplo
CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php ...)
NOT-FOR-US: Discuz! DiscuzX
CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398
CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/736
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/740985d9bd3f1c50d622c3496bb2e75d44b65a91
NOTE: https://github.com/ImageMagick/ImageMagick/commit/32a3eeb9e0da083cbc05909e4935efdbf9846df9
CVE-2017-18027 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/734
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a43f4155ee916fbed080acd534232a9d2396b5b5
@@ -4060,11 +4064,13 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...
CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be ...)
NOT-FOR-US: Flexense SysGauge
CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/939
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e72d445220287727d7886a5f17a10caf944a802
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed80c93e4cbf2727ead75fd8bd5e5d9ecbe762f9
CVE-2018-5357 (ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/941
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4b60459202805cb4c9a96cdeeb70db594b1d3c72
@@ -4406,17 +4412,20 @@ CVE-2018-5250
CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and ...)
- shaarli <itp> (bug #864559)
CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #886588)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/927
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c76434c16b5ac8861ee0c5d5c3ab8974fae3d624
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0272305f91763b5ce119a2c7a0e0084d8241a58d
CVE-2018-5247 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/928
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0ecb22aa909e52d86b4545aa7a51f7a0922147e6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d85c34f8bd699c31b94118babc6c0445eecc9920
CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/929
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c3dd700bbb17837ee6f540aff3eafc76262accf
@@ -4444,6 +4453,7 @@ CVE-2018-5235
CVE-2018-5234
RESERVED
CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/904
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8cf0676455929a067257400e8020dea6ca94c1a4
@@ -5402,6 +5412,7 @@ CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can
NOT-FOR-US: XMLBundle
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
{DLA-1229-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed>
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -7625,6 +7636,7 @@ CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable
NOT-FOR-US: Structured Data Linter
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer ...)
{DLA-1229-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #886281)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -7715,6 +7727,7 @@ CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the fun
NOTE: https://github.com/opencv/opencv/issues/10479
NOTE: Introduced after: https://github.com/opencv/opencv/commit/7469c935f3ec8e9fe4f56b7eed07b284b7b7b5df
CVE-2017-18008 (In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/921
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a5f95fc018a5667de5a9448aee9d7251b2eb952
@@ -8343,6 +8356,7 @@ CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wiresh
NOTE: https://code.wireshark.org/review/#/c/24997/
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/920
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
@@ -8398,6 +8412,7 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
{DLA-1227-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #886584)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -8477,36 +8492,43 @@ CVE-2017-17889
CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...)
NOT-FOR-US: Anti-Web
CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a42f63927e7f2e26846b7ed4560e9cb4984af7b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dddce3e790b5b0f5dad91a7960de67af5bdea789
CVE-2017-17886 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/874
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8204599ef0e85324876459e5d45db00660920482
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4a71d71f4ae289b6672102efaef6543643e8efb8
CVE-2017-17885 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/879
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba085736fd49ad89c1937d1ee2b80ae4e11ab97
NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/5e863ae629010110772321fd181bac34c4b57345
CVE-2017-17884 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/902
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4d6accd355119d54429a86a1859b8329f0130f30
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/82f20a898107a9c1ef6ad2024c4b191719b294ea
CVE-2017-17883 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/877
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0a7241df0f889cc3158ba82774ff21fa1da87ec
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2a1ec7d97f356e9fb6dbc328da17d93ab7a8167c
CVE-2017-17882 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/880
NOTE: https://github.com/ImageMagick/ImageMagick/commit/903f14eb94521aa6dca9d9ac55d3d9a6c7676a63
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/92fbef516b94ed96fa2a672831acd5dafb242ac5
CVE-2017-17881 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/878
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ece953bbe14e8514afc23e05e4030eea872e29da
@@ -8519,6 +8541,7 @@ CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-
NOTE: webp support not enabled, see #806425
CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based ...)
{DSA-4074-1 DLA-1227-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #885125)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
NOTE: https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
@@ -13751,6 +13774,7 @@ CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb37
NOT-FOR-US: Panda Global Protection
CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in ...)
{DLA-1227-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #885942)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -13758,6 +13782,7 @@ CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was foun
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #885941)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -13770,6 +13795,7 @@ CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was
NOTE: The fix involves all done changes on the relevant part of coders/psd.c between
NOTE: (and including) edf1b9408492b97cd08111a0a9cb123f6391dc5b and cae42160e5ab6de4b2a9433267e143ce295ae957 .
CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/873
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/69601843684dd038a8397e1a12dd15777d2513bf
@@ -14302,6 +14328,7 @@ CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the funct
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
{DSA-4074-1 DLA-1227-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #885340)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
@@ -14329,6 +14356,7 @@ CVE-2017-17500 (ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a ...)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a ...)
{DSA-4074-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #885339)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
@@ -19838,6 +19866,7 @@ CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...)
{DSA-4074-1 DSA-4040-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #881392)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
@@ -23474,6 +23503,7 @@ CVE-2017-15282
RESERVED
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote ...)
{DLA-1139-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878579)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -23488,6 +23518,7 @@ CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1
NOT-FOR-US: TeamPass
CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...)
{DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #878578)
- graphicsmagick 1.3.26-14
NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
@@ -23674,11 +23705,13 @@ CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer
CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: dotCMS
CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/760
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/698c09d05a749664288281012f319cd51da664ee
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6387479aa974709d5c329c8efbde38175f386844
CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/759
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9bad9cd6752bf8dc5825f555fd1117855bd2fc47
@@ -24336,10 +24369,12 @@ CVE-2017-15035 (EmTec PyroBatchFTP before 3.18 allows remote servers to cause a
CVE-2017-15034
RESERVED
CVE-2017-15033 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/756
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683
CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/752
NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
@@ -24425,6 +24460,7 @@ CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a ma
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878554)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -24433,12 +24469,14 @@ CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/725
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457
NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
NOTE: emf.c not compiled under Debian
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878555)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -24555,6 +24593,7 @@ CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key value
NOTE: https://core.trac.wordpress.org/ticket/38474
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #878562)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
@@ -25258,6 +25297,7 @@ CVE-2017-14742
RESERVED
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878548)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -25268,6 +25308,7 @@ CVE-2017-14740
RESERVED
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878547)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -25463,6 +25504,7 @@ CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539
NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant; bug #876487)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/770
NOTE: https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2
@@ -25471,6 +25513,7 @@ CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstr
NOT-FOR-US: geminabox
CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #876488)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
@@ -25636,6 +25679,7 @@ CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the ...)
CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
NOT-FOR-US: CyberLink LabelPrint
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878524)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -25645,6 +25689,7 @@ CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #877355)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -25652,6 +25697,7 @@ CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #877354)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -25717,6 +25763,7 @@ CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to
NOTE: https://github.com/LibRaw/LibRaw/issues/101
CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878527)
NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
@@ -25884,11 +25931,13 @@ CVE-2017-14535
CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via ...)
NOT-FOR-US: NexusPHP
CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/648
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #878541)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -25897,6 +25946,7 @@ CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnore
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c55fb18c3f78445d100a378ab8b3c0acd53c6590
CVE-2017-14531 (ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/718
NOTE: https://github.com/ImageMagick/ImageMagick/commit/69967f4161bd14d8e03ea463d6545da442a6ea78
@@ -25979,6 +26029,7 @@ CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstra
NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878545)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -26316,6 +26367,7 @@ CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injec
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878546)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -26437,15 +26489,18 @@ CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via the
CVE-2017-14344 (This vulnerability allows local attackers to escalate privileges on ...)
NOT-FOR-US: Jungo WinDriver
CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/649
CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/650
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #876105)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -26498,14 +26553,17 @@ CVE-2017-14328 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers
CVE-2017-14327 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read ...)
NOT-FOR-US: Extreme EXOS
CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/740
NOTE: https://github.com/ImageMagick/ImageMagick/commit/dfefe8de5068a547ae4097c69456f02f93935164
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a542c9f9a53327b623333150874d4e5a5b3bcbd0
CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/741
CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/739
NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
@@ -26708,6 +26766,7 @@ CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router wi
NOT-FOR-US: TP-LINK Router
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #876099)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -26820,6 +26879,7 @@ CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in F
NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #876097)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
@@ -26926,6 +26986,7 @@ CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc
NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #875502)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -26933,6 +26994,7 @@ CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImag
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #875503)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -26941,6 +27003,7 @@ CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...)
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #875504)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -26948,6 +27011,7 @@ CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #875506)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -27110,6 +27174,7 @@ CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel b
- linux 4.12.12-1
NOTE: Fixed by: https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9
CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/578
NOTE: https://github.com/ImageMagick/ImageMagick/commit/955bd1008a5371bbd1b8db0a1e41e333ebfc63ef
@@ -27117,9 +27182,11 @@ CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLI
NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/d426a1dc84cfdafdac67bdb2a1ecc6e1798053e6
NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/0dfce0579c881245e495aa2d8d114e63b96a860e
CVE-2017-14138 (ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/639
CVE-2017-14137 (ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/641
@@ -27366,6 +27433,7 @@ CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 be
NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878506)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -28045,6 +28113,7 @@ CVE-2017-13770
RESERVED
CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #878507)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
@@ -28054,6 +28123,7 @@ CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageM
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #875352)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -28107,6 +28177,7 @@ CVE-2017-13759
RESERVED
CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #878508)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
@@ -29632,6 +29703,7 @@ CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in l
NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw
CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...)
{DSA-4040-1 DSA-4032-1 DLA-1170-1 DLA-1081-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #873099)
- graphicsmagick 1.3.26-19 (bug #881524)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
@@ -29640,6 +29712,7 @@ CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based b
NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
{DLA-1081-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #873100)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -29650,6 +29723,7 @@ CVE-2017-13132 (In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf
- imagemagick <not-affected> (Vulnerable code not present, introduced in 7.0.1-0)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/674
CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/676
CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via a crafted ...)
@@ -29841,9 +29915,11 @@ CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerabi
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/669
CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #873131)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
@@ -29852,12 +29928,15 @@ CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was fo
NOTE: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
CVE-2017-13060 (In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/644
CVE-2017-13059 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/667
CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/666
CVE-2017-13057
@@ -30081,6 +30160,7 @@ CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.ph
NOT-FOR-US: PHPMyWind
CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c ...)
{DSA-4040-1 DSA-4032-1 DLA-1081-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #873134)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/682
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5
@@ -30989,6 +31069,7 @@ CVE-2014-10039
RESERVED
CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c ...)
{DSA-4074-1 DSA-4040-1 DLA-1081-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (bug #872373)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
@@ -31000,6 +31081,7 @@ CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #873871)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -31521,6 +31603,7 @@ CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides
NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #875341)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -31529,6 +31612,7 @@ CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #875339)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -31537,6 +31621,7 @@ CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 ...)
{DLA-1131-1}
+ [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (low; bug #875338)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7f454e1d315417ada30af25fc04643a741fc914
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7f454e1d315417ada30af25fc04643a741fc914
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180210/d36ad69a/attachment-0001.html>
More information about the Secure-testing-commits
mailing list