[Git][security-tracker-team/security-tracker][master] Track imagemagick fixes via unstable upload

Salvatore Bonaccorso carnil at debian.org
Mon Oct 29 20:19:36 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70ae8f62 by Salvatore Bonaccorso at 2018-10-29T20:19:09Z
Track imagemagick fixes via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -638,7 +638,7 @@ CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter because
 CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name ...)
 	NOT-FOR-US: Fiyo CMS
 CVE-2018-18544 (There is a memory leak in the function WriteMSLImage of coders/msl.c in ...)
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1360
 CVE-2018-18543
 	RESERVED
@@ -2026,14 +2026,14 @@ CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-r
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1335
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a22fc0c8837838e60daecc0bf01648f359dd6fd
 CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ...)
-	- imagemagick <unfixed> (low)
+	- imagemagick 8:6.9.10.14+dfsg-1 (low)
 	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/b268ce7a59440972f4476b9fd98104b6a836d971
 CVE-2018-18023 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
-	- imagemagick <unfixed>
+	- imagemagick 8:6.9.10.14+dfsg-1
 	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1336
@@ -2057,7 +2057,7 @@ CVE-2018-18018
 CVE-2018-18017
 	RESERVED
 CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage ...)
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1049
 CVE-2018-18015
 	RESERVED
@@ -2175,13 +2175,13 @@ CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote .
 CVE-2018-17968 (A gambling smart contract implementation for RuletkaIo, an Ethereum ...)
 	NOT-FOR-US: RuletkaIo
 CVE-2018-17967 (ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in ...)
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1051
 CVE-2018-17966 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage ...)
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1050
 CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage ...)
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1052
 CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
 	NOT-FOR-US: Aryanic HighPortal
@@ -5240,12 +5240,12 @@ CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc ma
 	NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67
 CVE-2018-16645 (There is an excessive memory allocation issue in the functions ...)
 	{DSA-4316-1 DLA-1530-1}
-	- imagemagick <unfixed> (bug #910889)
+	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910889)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1268
 CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImage of ...)
 	{DSA-4316-1 DLA-1530-1}
-	- imagemagick <unfixed> (bug #910888)
+	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910888)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/00ef0f1bbf9eb1efdf0f38f51c72ecb26cc9a306
@@ -5854,14 +5854,14 @@ CVE-2018-16414
 	RESERVED
 CVE-2018-16413 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the ...)
 	{DSA-4316-1 DLA-1530-1}
-	- imagemagick <unfixed> (bug #910887)
+	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910887)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1249
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1251
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12
 CVE-2018-16412 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the ...)
 	{DSA-4316-1 DLA-1530-1}
-	- imagemagick <unfixed> (bug #910887)
+	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910887)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250
 	NOTE: Fixed with same patch as for issue #1249, as per upstream discussion at
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250#issuecomment-422361868
@@ -6111,7 +6111,7 @@ CVE-2018-16325 (There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php tit
 CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ ...)
 	NOT-FOR-US: IceWarp Server
 CVE-2018-16323 (ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data ...)
-	- imagemagick <unfixed> (bug #907776)
+	- imagemagick 8:6.9.10.14+dfsg-1 (bug #907776)
 	[stretch] - imagemagick <postponed> (Can be fixed along in next DSA)
 	[jessie] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70ae8f6222042ae9660f0f03d6e4b6fb227e1b89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70ae8f6222042ae9660f0f03d6e4b6fb227e1b89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181029/97c9122d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list