[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-14980/imagemagick

Salvatore Bonaccorso carnil at debian.org
Wed Aug 14 06:59:30 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b4b4d82 by Salvatore Bonaccorso at 2019-08-14T05:59:01Z
Add CVE-2019-14980/imagemagick

- - - - -
1959c752 by Salvatore Bonaccorso at 2019-08-14T05:59:08Z
Add CVE-2019-14981/imagemagick

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85,9 +85,14 @@ CVE-2019-14983
 CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...)
 	TODO: check
 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is  ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
 CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is  ...)
-	TODO: check
+	- imagemagick <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/issues/43
+	NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4 (6.9.10-24)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 (6.9.10-42)
 CVE-2019-14979
 	RESERVED
 CVE-2019-14978



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6ff3b2cf262f68405e77be5b093075dc38698538...1959c7521e72d1e777bd150c0f9fe6af1b0880a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6ff3b2cf262f68405e77be5b093075dc38698538...1959c7521e72d1e777bd150c0f9fe6af1b0880a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190814/81ed49a3/attachment.html>

More information about the debian-security-tracker-commits mailing list