[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18210/imagemagick

Thu Mar 1 21:50:31 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
baf8578a by Salvatore Bonaccorso at 2018-03-01T22:49:40+01:00
Add CVE-2017-18210/imagemagick

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22,7 +22,11 @@ CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability w
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/96c2fab85e1699c87080271254c5a01387805564
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/22eec833cd72b5abab2627fcacc27d2dfb6aa6e7
 CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was ...)
-	TODO: check
+	- imagemagick <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/791
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d2b87b403059af21db3002db95f4603f32b492ef
+	NOTE: The commit referenced the wrong issue in the upstream issue tracker, but
+	NOTE: as noted in https://github.com/ImageMagick/ImageMagick/issues/791#issuecomment-334050314
 CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ...)
 	TODO: check
 CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baf8578ace2633c123639b04b639f23d8450de98

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baf8578ace2633c123639b04b639f23d8450de98
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180301/f18bb130/attachment.html>
