[Git][security-tracker-team/security-tracker][master] 2 commits: imagemagick fixed in experimental

Moritz Muehlenhoff jmm at debian.org
Mon Jul 2 16:15:46 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91073695 by Moritz Muehlenhoff at 2018-07-02T17:14:55+02:00
imagemagick fixed in experimental

- - - - -
be07d31b by Moritz Muehlenhoff at 2018-07-02T17:15:29+02:00
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1179,12 +1179,14 @@ CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in input-tga.
 	NOTE: https://github.com/pts/sam2p/issues/41
 CVE-2018-12600 (In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in ...)
 	{DLA-1394-1}
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed> (bug #902728)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1178
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/921f208c2ea3cc45847f380257f270ff424adfff
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ae71c12bbaa34d942e036824ff389c22b7dacade
 CVE-2018-12599 (In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in ...)
 	{DLA-1394-1}
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed> (bug #902727)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1177
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ae04fa4be910255e5d363edebd77adeee99a525d
@@ -3673,6 +3675,7 @@ CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that o
 CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
 	NOT-FOR-US: SELA
 CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file ...)
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed>
 	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
@@ -3680,6 +3683,7 @@ CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/406ebfe09b62858b17ab3ee11f67171d43d9a76e
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1156
 CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c ...)
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed>
 	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
@@ -5789,9 +5793,11 @@ CVE-2018-10807
 CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross ...)
 	NOT-FOR-US: Frog CMS
 CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...)
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed> (unimportant; bug #898218)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1054
 CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...)
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed> (unimportant; bug #898217)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
@@ -7411,6 +7417,7 @@ CVE-2018-10179
 CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allows ...)
 	NOT-FOR-US: FromDocToPDF extension for Ghrome
 CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ...)
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed> (bug #896018)
 	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <ignored> (Minor issue)
@@ -9931,6 +9938,7 @@ CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-re
 CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename ...)
 	NOT-FOR-US: DedeCMS
 CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed> (low; bug #894848)
 	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <ignored> (Minor issue)
@@ -43958,6 +43966,7 @@ CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Des
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582
 CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...)
+	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
 	- imagemagick <unfixed> (bug #878544)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
 	[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bc937c07eacd81df64d476dbcfa0eb764dfbfd2e...be07d31b6d855f4bf4c9a7daf0a3e3751f290cb7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bc937c07eacd81df64d476dbcfa0eb764dfbfd2e...be07d31b6d855f4bf4c9a7daf0a3e3751f290cb7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180702/fe8e28eb/attachment.html>

More information about the debian-security-tracker-commits mailing list