[Git][security-tracker-team/security-tracker][master] Add information on CVE-2019-15141/imagemagick
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 18 22:05:55 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
123e49c3 by Salvatore Bonaccorso at 2019-08-18T21:04:34Z
Add information on CVE-2019-15141/imagemagick
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,9 @@ CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component al
NOTE: https://sourceforge.net/p/djvu/bugs/296/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...)
- TODO: check
+ - imagemagick <not-affected> (Incomplete fix for CVE-2019-11597 not applied)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1560
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...)
TODO: check
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...)
@@ -10818,6 +10820,8 @@ CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c979b348d64a25a04f12ea7fe7888b2b23f230a7
NOTE: fix appears to be insufficient: https://github.com/ImageMagick/ImageMagick/issues/1560
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
+ NOTE: The followup-fix got assigned CVE-2019-15141 (which is only applicable if incomplete
+ NOTE: fix is applied). Make sure to fix issue completely when addressing this issue.
CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found in th ...)
- memcached 1.5.6-1.1 (bug #928205)
[stretch] - memcached <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/123e49c30367aa4aecd434e9716bcc47246af094
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/123e49c30367aa4aecd434e9716bcc47246af094
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190818/dcbe601a/attachment.html>
More information about the debian-security-tracker-commits
mailing list