[Git][security-tracker-team/security-tracker][master] imagemagick triage for jessie
Hugo Lefeuvre
hle at debian.org
Fri Aug 16 15:48:36 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6fa83c37 by Hugo Lefeuvre at 2019-08-16T14:41:26Z
imagemagick triage for jessie
CVE-2019-14981 is an arithmetic exception, security impact is low. Can
still be fixed along with more important patches later, but no-dsa for
now.
CVE-2019-13391 and CVE-2019-13308 would be nice to fix, but the patch
is badly documented and blindly applying a 50+ lines diff won't do any
good. Wait for upstream to answer questions about the changes.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -468,6 +468,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
TODO: check
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
- imagemagick <unfixed>
+ [jessie] - imagemagick <no-dsa> (minor issue, low security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is ...)
@@ -5927,6 +5928,7 @@ CVE-2019-13392
RESERVED
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
- imagemagick <unfixed> (bug #931633)
+ [jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch
@@ -6129,6 +6131,7 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
- imagemagick <unfixed> (bug #931447)
+ [jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fa83c375ddad275bffe9aa828674819d3f783f8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fa83c375ddad275bffe9aa828674819d3f783f8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190816/b6d9c97c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list