[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7470/imagemagick

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a713bd53 by Salvatore Bonaccorso at 2018-02-25T14:08:30+01:00
Add CVE-2018-7470/imagemagick

Mark as unimportant, as imagemagick has no webp support enabled in the
produced binary packages.

Cf. https://bugs.debian.org/806425

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,12 @@ CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of serv
 CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage API read ...)
 	TODO: check
 CVE-2018-7470 (An issue was discovered in ImageMagick 7.0.7-22 Q16. The ...)
-	TODO: check
+	- imagemagick <unfixed> (unimportant)
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/998
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e80713e5132a3bd26702ee0a833306f7e801469
+	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8130e12eb30685ef958f4e62fe624da393920be7
+	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7305dacfcdf5e51c4f8d0ba9f77fa97792f8acf7
+	NOTE: webp support not enabled, see #806425
 CVE-2018-7469
 	RESERVED
 CVE-2018-7468



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a713bd53d913fe9e857d5037199ab98c32d1f57f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a713bd53d913fe9e857d5037199ab98c32d1f57f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180225/c23a34f6/attachment.html>