[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Imagemagick uploaded to unstable including many security fixes
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 18 10:26:33 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c68f1153 by Salvatore Bonaccorso at 2018-02-18T11:26:11+01:00
Imagemagick uploaded to unstable including many security fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2224,8 +2224,7 @@ CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in
NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/964
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
@@ -4887,19 +4886,16 @@ CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_uplo
CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php ...)
NOT-FOR-US: Discuz! DiscuzX
CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398
CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/736
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/740985d9bd3f1c50d622c3496bb2e75d44b65a91
NOTE: https://github.com/ImageMagick/ImageMagick/commit/32a3eeb9e0da083cbc05909e4935efdbf9846df9
CVE-2017-18027 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/734
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a43f4155ee916fbed080acd534232a9d2396b5b5
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6a88a234cbb88a06fcb7e7ebe6668267b72fa787
@@ -4955,14 +4951,12 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...
CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be ...)
NOT-FOR-US: Flexense SysGauge
CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/939
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e72d445220287727d7886a5f17a10caf944a802
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed80c93e4cbf2727ead75fd8bd5e5d9ecbe762f9
CVE-2018-5357 (ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/941
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4b60459202805cb4c9a96cdeeb70db594b1d3c72
NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/152d81b91fc83d72da1989518685b1d70fc5e60a
@@ -5300,21 +5294,18 @@ CVE-2018-5250
CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and ...)
- shaarli <itp> (bug #864559)
CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #886588)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #886588)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/927
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c76434c16b5ac8861ee0c5d5c3ab8974fae3d624
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0272305f91763b5ce119a2c7a0e0084d8241a58d
CVE-2018-5247 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/928
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0ecb22aa909e52d86b4545aa7a51f7a0922147e6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d85c34f8bd699c31b94118babc6c0445eecc9920
CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/929
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c3dd700bbb17837ee6f540aff3eafc76262accf
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e59dc85e6ce58fd7618c3680b2a8def62050582f
@@ -5341,8 +5332,7 @@ CVE-2018-5235
CVE-2018-5234
RESERVED
CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/904
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8cf0676455929a067257400e8020dea6ca94c1a4
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e7649e96a7730dd116afb629b372c5772be0b900
@@ -6300,8 +6290,7 @@ CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can
NOT-FOR-US: XMLBundle
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
{DLA-1229-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed>
+ - imagemagick 8:6.9.9.34+dfsg-3
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
@@ -8526,8 +8515,7 @@ CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable
NOT-FOR-US: Structured Data Linter
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer ...)
{DLA-1229-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #886281)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #886281)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/775
@@ -8617,8 +8605,7 @@ CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the fun
NOTE: https://github.com/opencv/opencv/issues/10479
NOTE: Introduced after: https://github.com/opencv/opencv/commit/7469c935f3ec8e9fe4f56b7eed07b284b7b7b5df
CVE-2017-18008 (In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/921
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a5f95fc018a5667de5a9448aee9d7251b2eb952
CVE-2017-18007
@@ -9253,8 +9240,7 @@ CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wiresh
NOTE: https://code.wireshark.org/review/#/c/24997/
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/920
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2
@@ -9309,8 +9295,7 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
{DLA-1227-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #886584)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #886584)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
@@ -9389,44 +9374,37 @@ CVE-2017-17889
CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...)
NOT-FOR-US: Anti-Web
CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a42f63927e7f2e26846b7ed4560e9cb4984af7b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dddce3e790b5b0f5dad91a7960de67af5bdea789
CVE-2017-17886 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/874
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8204599ef0e85324876459e5d45db00660920482
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4a71d71f4ae289b6672102efaef6543643e8efb8
CVE-2017-17885 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/879
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba085736fd49ad89c1937d1ee2b80ae4e11ab97
NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/5e863ae629010110772321fd181bac34c4b57345
CVE-2017-17884 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/902
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4d6accd355119d54429a86a1859b8329f0130f30
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/82f20a898107a9c1ef6ad2024c4b191719b294ea
CVE-2017-17883 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/877
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0a7241df0f889cc3158ba82774ff21fa1da87ec
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2a1ec7d97f356e9fb6dbc328da17d93ab7a8167c
CVE-2017-17882 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/880
NOTE: https://github.com/ImageMagick/ImageMagick/commit/903f14eb94521aa6dca9d9ac55d3d9a6c7676a63
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/92fbef516b94ed96fa2a672831acd5dafb242ac5
CVE-2017-17881 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/878
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ece953bbe14e8514afc23e05e4030eea872e29da
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/aa601d79a630f6de0694fadbeee31456a357fa73
@@ -9438,8 +9416,7 @@ CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-
NOTE: webp support not enabled, see #806425
CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based ...)
{DSA-4074-1 DLA-1227-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #885125)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #885125)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
NOTE: https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e41f18ecccbdd1c38e1382057718e91e8f8d6d80
@@ -14685,16 +14662,14 @@ CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb37
NOT-FOR-US: Panda Global Protection
CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in ...)
{DLA-1227-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #885942)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #885941)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885941)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (vulnerable code not present, unreproducible)
@@ -14706,8 +14681,7 @@ CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was
NOTE: The fix involves all done changes on the relevant part of coders/psd.c between
NOTE: (and including) edf1b9408492b97cd08111a0a9cb123f6391dc5b and cae42160e5ab6de4b2a9433267e143ce295ae957 .
CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/873
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/69601843684dd038a8397e1a12dd15777d2513bf
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b97357e7f8d6ae848a4c699fe17db6fcf4bd7a9
@@ -15241,8 +15215,7 @@ CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the funct
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
{DSA-4074-1 DLA-1227-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #885340)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #885340)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/59c49559e302e06bfba46cb6feb4e39adbe675b6
@@ -15269,8 +15242,7 @@ CVE-2017-17500 (ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a ...)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a ...)
{DSA-4074-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #885339)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #885339)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc
@@ -20791,8 +20763,7 @@ CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...)
{DSA-4074-1 DSA-4040-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #881392)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #881392)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
@@ -24433,8 +24404,7 @@ CVE-2017-15282
RESERVED
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote ...)
{DLA-1139-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878579)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
@@ -24448,8 +24418,7 @@ CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1
NOT-FOR-US: TeamPass
CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...)
{DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #878578)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #878578)
- graphicsmagick 1.3.26-14
NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
NOTE: https://github.com/ImageMagick/ImageMagick/issues/592
@@ -24635,14 +24604,13 @@ CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer
CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: dotCMS
CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/760
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/698c09d05a749664288281012f319cd51da664ee
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6387479aa974709d5c329c8efbde38175f386844
CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...)
[experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/759
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9bad9cd6752bf8dc5825f555fd1117855bd2fc47
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8fa3c10977f668c92688272a4802f4477df61076
@@ -25299,13 +25267,11 @@ CVE-2017-15035 (EmTec PyroBatchFTP before 3.18 allows remote servers to cause a
CVE-2017-15034
RESERVED
CVE-2017-15033 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/756
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683
CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/752
NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
CVE-2017-15031
@@ -25390,8 +25356,7 @@ CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a ma
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878554)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
@@ -25399,15 +25364,13 @@ CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/725
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457
NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
NOTE: emf.c not compiled under Debian
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878555)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -25523,8 +25486,7 @@ CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key value
NOTE: https://core.trac.wordpress.org/ticket/38474
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #878562)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #878562)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/28bad01242898d7f863deedbfa8502c348293093
@@ -26227,8 +26189,7 @@ CVE-2017-14742
RESERVED
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878548)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
@@ -26238,8 +26199,7 @@ CVE-2017-14740
RESERVED
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878547)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
@@ -26434,8 +26394,7 @@ CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539
NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant; bug #876487)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #876487)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/770
NOTE: https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a25142f284384a10306f14393d9bfd7af95ddfff
@@ -26443,8 +26402,7 @@ CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstr
NOT-FOR-US: geminabox
CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #876488)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #876488)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
CVE-2017-14681 (The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file ...)
@@ -26611,8 +26569,7 @@ CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the ...)
CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
NOT-FOR-US: CyberLink LabelPrint
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878524)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -26621,16 +26578,14 @@ CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #877355)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #877354)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -26695,8 +26650,7 @@ CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to
NOTE: https://github.com/LibRaw/LibRaw/issues/101
CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878527)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878527)
NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
CVE-2017-14606
@@ -26863,14 +26817,12 @@ CVE-2017-14535 (trixbox 2.8.0.4 has OS command injection via shell metacharacter
CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via ...)
NOT-FOR-US: NexusPHP
CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/648
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #878541)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #878541)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -26878,8 +26830,7 @@ CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnore
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c55fb18c3f78445d100a378ab8b3c0acd53c6590
CVE-2017-14531 (ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/718
NOTE: https://github.com/ImageMagick/ImageMagick/commit/69967f4161bd14d8e03ea463d6545da442a6ea78
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1385a09732c261f1f403a9af6700979ca56c76d3
@@ -26961,8 +26912,7 @@ CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstra
NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878545)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
@@ -27299,8 +27249,7 @@ CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injec
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878546)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
@@ -27421,19 +27370,16 @@ CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via the
CVE-2017-14344 (This vulnerability allows local attackers to escalate privileges on ...)
NOT-FOR-US: Jungo WinDriver
CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/649
CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/650
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #876105)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
@@ -27485,18 +27431,15 @@ CVE-2017-14328 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers
CVE-2017-14327 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read ...)
NOT-FOR-US: Extreme EXOS
CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/740
NOTE: https://github.com/ImageMagick/ImageMagick/commit/dfefe8de5068a547ae4097c69456f02f93935164
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a542c9f9a53327b623333150874d4e5a5b3bcbd0
CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/741
CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/739
NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
CVE-2017-14323
@@ -27698,8 +27641,7 @@ CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router wi
NOT-FOR-US: TP-LINK Router
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #876099)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
@@ -27811,8 +27753,7 @@ CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in F
NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #876097)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #876097)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b
@@ -27920,16 +27861,14 @@ CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc
NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #875502)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #875503)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
@@ -27937,16 +27876,14 @@ CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...)
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #875504)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #875506)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
@@ -28108,20 +28045,17 @@ CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel b
- linux 4.12.12-1
NOTE: Fixed by: https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9
CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/578
NOTE: https://github.com/ImageMagick/ImageMagick/commit/955bd1008a5371bbd1b8db0a1e41e333ebfc63ef
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dbe0008c6fa225d01085ca86f3e425c306ee6240
NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/d426a1dc84cfdafdac67bdb2a1ecc6e1798053e6
NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/0dfce0579c881245e495aa2d8d114e63b96a860e
CVE-2017-14138 (ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/639
CVE-2017-14137 (ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/641
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb63560ba25e4a6c51ab282538c24877fff7d471
@@ -28367,8 +28301,7 @@ CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 be
NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878506)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
@@ -29047,8 +28980,7 @@ CVE-2017-13770
RESERVED
CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #878507)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878507)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/457e63263de6f732785608504b6e607799ad3dd5
@@ -29057,8 +28989,7 @@ CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageM
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #875352)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
@@ -29111,8 +29042,7 @@ CVE-2017-13759
RESERVED
CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...)
{DSA-4040-1 DSA-4032-1 DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #878508)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #878508)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/57eced684ad0660fe580800d977ba94623ec67ac
@@ -30620,8 +30550,7 @@ CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in l
NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw
CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...)
{DSA-4040-1 DSA-4032-1 DLA-1170-1 DLA-1081-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #873099)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #873099)
- graphicsmagick 1.3.26-19 (bug #881524)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5304ae14655a67b9a3db00563fe44d9abd6de4f0
@@ -30629,8 +30558,7 @@ CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based b
NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
{DLA-1081-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #873100)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
@@ -30640,8 +30568,7 @@ CVE-2017-13132 (In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf
- imagemagick <not-affected> (Vulnerable code not present, introduced in 7.0.1-0)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/674
CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/676
CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via a crafted ...)
NOT-FOR-US: BMC Patrol
@@ -30832,12 +30759,10 @@ CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerabi
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/669
CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #873131)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #873131)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -30845,16 +30770,13 @@ CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was fo
NOTE: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
CVE-2017-13060 (In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/644
CVE-2017-13059 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/667
CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/666
CVE-2017-13057
RESERVED
@@ -31077,8 +30999,7 @@ CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.ph
NOT-FOR-US: PHPMyWind
CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c ...)
{DSA-4040-1 DSA-4032-1 DLA-1081-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #873134)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #873134)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/682
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/26078285f49c361ad8ddc8e14bd1d4aab7ed5682
@@ -31986,8 +31907,7 @@ CVE-2014-10039
RESERVED
CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c ...)
{DSA-4074-1 DSA-4040-1 DLA-1081-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (bug #872373)
+ - imagemagick 8:6.9.9.34+dfsg-3 (bug #872373)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890
@@ -31998,8 +31918,7 @@ CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #873871)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
@@ -32520,8 +32439,7 @@ CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides
NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #875341)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
@@ -32529,8 +32447,7 @@ CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #875339)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
@@ -32538,8 +32455,7 @@ CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 ...)
{DLA-1131-1}
- [experimental] - imagemagick 8:6.9.9.34+dfsg-1
- - imagemagick <unfixed> (low; bug #875338)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
@@ -32593,8 +32509,7 @@ CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional dat
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7
CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the ...)
{DLA-1081-1}
- [experimental] - imagemagick 8:6.9.9.6+dfsg-1
- - imagemagick <unfixed> (low; bug #872609)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
@@ -32680,8 +32595,7 @@ CVE-2017-12646 (XSS exists in Liferay Portal before 7.0 CE GA4 via a login name,
CVE-2017-12645 (XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid ...)
NOT-FOR-US: Liferay Portal
CVE-2017-12644 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...)
- [experimental] - imagemagick 8:6.9.9.6+dfsg-1
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/551
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a33f7498f9052b50e8fe8c8422a11ba84474cb42
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0
@@ -33315,8 +33229,7 @@ CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was fo
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088
CVE-2017-12433 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the ...)
{DLA-1081-1}
- [experimental] - imagemagick 8:6.9.9.6+dfsg-1
- - imagemagick <unfixed> (unimportant; bug #872481)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872481)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/548
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620
@@ -33371,8 +33284,7 @@ CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on .
NOTE: https://mantisbt.org/bugs/view.php?id=23173
CVE-2017-12418 (ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM ...)
{DLA-1081-1}
- [experimental] - imagemagick 8:6.9.9.6+dfsg-1
- - imagemagick <unfixed> (unimportant; bug #872498)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872498)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/643
NOTE: https://github.com/ImageMagick/ImageMagick/commit/46382526a3f09cebf9f2af680fc55b2a668fcbef
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bfd93888beccf2eff49cc9abfa6b5167c9c9109d
@@ -34117,8 +34029,7 @@ CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was f
NOTE: https://github.com/Yeraze/ytnef/issues/50
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an ...)
{DLA-1081-1}
- [experimental] - imagemagick 8:6.9.9.6+dfsg-1
- - imagemagick <unfixed> (low; bug #873059)
+ - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
@@ -51372,8 +51283,7 @@ CVE-2017-6503 (WebUI in qBittorrent before 3.3.11 did not escape many values, wh
NOTE: https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16
NOTE: Fixed upstream in 3.3.11
CVE-2017-6502 (An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...)
- [experimental] - imagemagick 8:6.9.9.6+dfsg-1
- - imagemagick <unfixed> (unimportant; bug #856883)
+ - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #856883)
NOTE: webp is disable under Debian, cf. https://bugs.debian.org/856883#14
NOTE: https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df
CVE-2017-6501 (An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c68f1153c18048ba80bcdd214d3d00c14c926e92
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c68f1153c18048ba80bcdd214d3d00c14c926e92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180218/8a2e58f9/attachment-0001.html>
More information about the Secure-testing-commits
mailing list