[Git][security-tracker-team/security-tracker][master] CVE-2019-13307/imagemagick: follow-up patches
Hugo Lefeuvre
hle at debian.org
Fri Aug 9 08:12:15 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
31c5bb95 by Hugo Lefeuvre at 2019-08-09T07:07:35Z
CVE-2019-13307/imagemagick: follow-up patches
e6d26d4 introduces a memory leak by modifying AcquirePixelThreadSet
without according changes to DestroyPixelThreadSet. Fixed in e6d26d4.
These patches are quite obscure. Upstream did an additional change
which I can't really understand and might also be relevant (643921c).
Asked for more information on the bug report.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5063,6 +5063,10 @@ CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
- imagemagick <unfixed> (bug #931448)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe
+ NOTE: introduces a memory leak, follow-up patches:
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6d26d4e2f07375ddbf46a857d309d51eeff7ee1
+ NOTE: following patch might also be relevant, asked upstream for more details:
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d
CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
- imagemagick <unfixed> (bug #931449)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31c5bb9587a473211f8363b59863af62d3e911e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31c5bb9587a473211f8363b59863af62d3e911e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/5ae63c24/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list