[Git][security-tracker-team/security-tracker][master] imagemagick fixing several CVEs uploaded to unstable
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 9 05:56:08 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32a59de2 by Salvatore Bonaccorso at 2018-07-09T06:55:43+02:00
imagemagick fixing several CVEs uploaded to unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2080,14 +2080,14 @@ CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in input-tga.
CVE-2018-12600 (In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in ...)
{DLA-1394-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed> (bug #902728)
+ - imagemagick 8:6.9.10.2+dfsg-2 (bug #902728)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1178
NOTE: https://github.com/ImageMagick/ImageMagick/commit/921f208c2ea3cc45847f380257f270ff424adfff
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ae71c12bbaa34d942e036824ff389c22b7dacade
CVE-2018-12599 (In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in ...)
{DLA-1394-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed> (bug #902727)
+ - imagemagick 8:6.9.10.2+dfsg-2 (bug #902727)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1177
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ae04fa4be910255e5d363edebd77adeee99a525d
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/081f518eb9cb38e683b8b9ccb9e4ab5c52f82c2f
@@ -4620,7 +4620,7 @@ CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based
NOT-FOR-US: SELA
CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed>
+ - imagemagick 8:6.9.10.2+dfsg-2
[stretch] - imagemagick <not-affected> (Vulnerable code not present)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5294966898532a6bd54699fbf04edf18902513ac
@@ -4628,7 +4628,7 @@ CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1156
CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed>
+ - imagemagick 8:6.9.10.2+dfsg-2
[stretch] - imagemagick <not-affected> (Vulnerable code not present)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/172d82afe89d3499ef0cab06dc58d380cc1ab946
@@ -6755,11 +6755,11 @@ CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a reflected
NOT-FOR-US: Frog CMS
CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed> (unimportant; bug #898218)
+ - imagemagick 8:6.9.10.2+dfsg-2 (unimportant; bug #898218)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1054
CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed> (unimportant; bug #898217)
+ - imagemagick 8:6.9.10.2+dfsg-2 (unimportant; bug #898217)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials ...)
@@ -8381,7 +8381,7 @@ CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allo
NOT-FOR-US: FromDocToPDF extension for Ghrome
CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed> (bug #896018)
+ - imagemagick 8:6.9.10.2+dfsg-2 (bug #896018)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
@@ -10930,7 +10930,7 @@ CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename
NOT-FOR-US: DedeCMS
CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed> (low; bug #894848)
+ - imagemagick 8:6.9.10.2+dfsg-2 (low; bug #894848)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
@@ -44964,7 +44964,7 @@ CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Des
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582
CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- - imagemagick <unfixed> (bug #878544)
+ - imagemagick 8:6.9.10.2+dfsg-2 (bug #878544)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2730
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32a59de26e41d8adf5a07054c801555b405d7fe1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32a59de26e41d8adf5a07054c801555b405d7fe1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180709/63633b9a/attachment.html>
More information about the debian-security-tracker-commits
mailing list