[Git][security-tracker-team/security-tracker][master] new imagemagick issues

Moritz Muehlenhoff jmm at debian.org
Tue Dec 24 08:37:07 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf03c00d by Moritz Muehlenhoff at 2019-12-24T08:36:38Z
new imagemagick issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,30 @@
 CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...)
 	TODO: check
 CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function  ...)
-	TODO: check
+	- imagemagick <unfixed> (low)
+	[buster] - imagemagick <no-dsa> (Minor issue)
+	[stretch] - imagemagick <no-dsa> (Minor issue)
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1791
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x)
 CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buff ...)
 	TODO: check
 CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free  ...)
 	TODO: check
 CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
-	TODO: check
+	- imagemagick <unfixed> (low)
+	[buster] - imagemagick <no-dsa> (Minor issue)
+	[stretch] - imagemagick <no-dsa> (Minor issue)
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x)
 CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in  ...)
-	TODO: check
+	- imagemagick <unfixed> (low)
+	[buster] - imagemagick <no-dsa> (Minor issue)
+	[stretch] - imagemagick <no-dsa> (Minor issue)
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1562
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54 (6.x)	
 CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks of unin ...)
 	TODO: check
 CVE-2019-19946



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf03c00d3d137a9ee9c7b46f681dfdfc7dc722b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf03c00d3d137a9ee9c7b46f681dfdfc7dc722b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191224/342167d1/attachment.html>

More information about the debian-security-tracker-commits mailing list