[Git][security-tracker-team/security-tracker][master] imagemagick triage for jessie
Hugo Lefeuvre
hle at debian.org
Sat Aug 31 23:10:38 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
743cfa0f by Hugo Lefeuvre at 2019-08-31T22:10:18Z
imagemagick triage for jessie
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2443,7 +2443,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
TODO: check
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
- imagemagick <unfixed>
- [jessie] - imagemagick <no-dsa> (minor issue, low security impact)
+ [jessie] - imagemagick <postponed> (can be fixed along with more important issues)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is ...)
@@ -8223,7 +8223,7 @@ CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in Mag
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
- imagemagick <unfixed> (bug #931448)
- [jessie] - imagemagick <no-dsa> (Low tier issue, patch fairly intrusive)
+ [jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe
NOTE: incomplete, introduces a memory leak, follow-up patches:
@@ -8261,7 +8261,7 @@ CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
- imagemagick <unfixed> (bug #931454)
- [jessie] - imagemagick <no-dsa> (Low tier issue, patch fairly intrusive)
+ [jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450
CVE-2019-13299 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
@@ -9164,17 +9164,17 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause
NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- imagemagick <unfixed> (bug #931189)
- [jessie] - imagemagick <no-dsa> (minor security impact)
+ [jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- imagemagick <unfixed> (bug #931190)
- [jessie] - imagemagick <no-dsa> (minor security impact)
+ [jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- imagemagick <unfixed> (bug #931191)
- [jessie] - imagemagick <no-dsa> (minor security impact)
+ [jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...)
@@ -13171,7 +13171,7 @@ CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows
- imagemagick <unfixed> (low; bug #927830)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <no-dsa> (Minor issue)
+ [jessie] - imagemagick <postponed> (can be fixed along with more important issues)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/743cfa0f2fccd37aaa6729cd2f5472205b618632
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/743cfa0f2fccd37aaa6729cd2f5472205b618632
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190831/e7e7c549/attachment.html>
More information about the debian-security-tracker-commits
mailing list