[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-19952,imagemagick: Jessie is not affected.

Thu Dec 26 21:14:46 GMT 2019


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
40aac991 by Markus Koschany at 2019-12-26T21:14:32Z
CVE-2019-19952,imagemagick: Jessie is not affected.

Instead of freeing mng_info, in Jessie an exception is thrown.

- - - - -
13d399b4 by Markus Koschany at 2019-12-26T21:14:32Z
Add imagemagick to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -120,6 +120,7 @@ CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the fun
 	- imagemagick <unfixed> (low)
 	[buster] - imagemagick <no-dsa> (Minor issue)
 	[stretch] - imagemagick <no-dsa> (Minor issue)
+	[jessie] - imagemagick <not-affected> (vulnerable code is not present)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1791
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x)


=====================================
data/dla-needed.txt
=====================================
@@ -31,6 +31,8 @@ ibus (Emilio)
   NOTE: 20191210: See https://bugs.debian.org/941018
   NOTE: 20191210: See https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
 --
+imagemagick
+--
 intel-microcode (Markus Koschany)
   NOTE: 20191218: Should be based on DSA-4565-2
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f4934e12ab281de2d2830564583f4adf7ededf19...13d399b4dc59c1f3d5294b821f1de8613de2106f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f4934e12ab281de2d2830564583f4adf7ededf19...13d399b4dc59c1f3d5294b821f1de8613de2106f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191226/13666661/attachment.html>
