[Git][security-tracker-team/security-tracker][master] CVE-2019-11597/imagemagick: add followup fix

Sun May 12 10:13:22 BST 2019


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d48d724 by Hugo Lefeuvre at 2019-05-12T09:10:47Z
CVE-2019-11597/imagemagick: add followup fix

Upstream fix appears to be (still!) insufficient, issue is still present.
Add followup fix.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -663,6 +663,8 @@ CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-r
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c979b348d64a25a04f12ea7fe7888b2b23f230a7
+	NOTE: fix appears to be insufficient: https://github.com/ImageMagick/ImageMagick/issues/1560
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
 CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found in th ...)
 	- memcached 1.5.6-1.1 (bug #928205)
 	[stretch] - memcached <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d48d724ff1a6b7c9276fb5ff4a0590701e29f72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d48d724ff1a6b7c9276fb5ff4a0590701e29f72
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190512/68ff118b/attachment.html>
