[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-10714/imagemagick

Salvatore Bonaccorso carnil at debian.org
Sun Jul 14 20:50:45 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24ee5a44 by Salvatore Bonaccorso at 2019-07-14T19:48:01Z
Update information on CVE-2019-10714/imagemagick

The issue is not present up to the current version in unstable as the
issue was introduced while fixing upstrema issue 1455, which is only in
6.9.10-25 upstream. The fix for that introduced the problematic code in
magick/locale.c triggering the issue as reported for CVE-2019-10714.

Unless for unstable imagemagick will be updated to something between
6.9.10-25 and 6.9.10-32 the issue will not be present in Debian.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7467,13 +7467,10 @@ CVE-2019-10716
 CVE-2019-10715
 	RESERVED
 CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32  ...)
-	- imagemagick <unfixed>
-	[buster] - imagemagick <ignored> (Minor issue)
-	[stretch] - imagemagick <ignored> (Minor issue)
-	[jessie] - imagemagick <ignored> (Minor issue)
+	- imagemagick <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1495
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/aa6a769bd85f6750c26e53e53dcd8a2678745501
-	TODO: check, potentially only introduced in later versions than present in unstable as LocaleLowercase not present, but check if present before refactoring
+	NOTE: Issue introduced while fixing https://github.com/ImageMagick/ImageMagick/issues/1455
 CVE-2019-10713
 	RESERVED
 CVE-2019-10712 (The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24ee5a443327daf3ea329a39f765f00550ac0f0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24ee5a443327daf3ea329a39f765f00550ac0f0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190714/5cb932b3/attachment.html>

More information about the debian-security-tracker-commits mailing list