[Git][security-tracker-team/security-tracker][master] 2 commits: Triage imagemagick for Jessie. Remove no-dsa/ignored tags for upcoming DLA
Markus Koschany
apo at debian.org
Mon May 13 18:55:50 BST 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb266560 by Markus Koschany at 2019-05-13T17:55:32Z
Triage imagemagick for Jessie. Remove no-dsa/ignored tags for upcoming DLA
- - - - -
14ba241c by Markus Koschany at 2019-05-13T17:55:32Z
Reserve DLA-1785-1 for imagemagick
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -53310,7 +53310,6 @@ CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop
{DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/910
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d
CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-fr ...)
@@ -53324,7 +53323,6 @@ CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop
{DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/911
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 ...)
@@ -71658,7 +71656,6 @@ CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was f
{DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e5dae180b9236bccd73ce93bfce81e99232a8533
CVE-2017-1000473 (Linux Dash up to version v2 is vulnerable to multiple command injectio ...)
@@ -74145,7 +74142,6 @@ CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null p
{DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886281)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/775
NOTE: https://github.com/ImageMagick/ImageMagick/commit/441fde32557eb3cec573b0f877ac324173feed7f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/839a14e43d0c88db7b3fffe8aa4ec57d80c93623
@@ -75031,7 +75027,6 @@ CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the fu
{DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886584)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
@@ -80839,7 +80834,6 @@ CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was foun
{DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
@@ -91269,7 +91263,6 @@ CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remot
{DLA-1139-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
NOTE: https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb
@@ -92235,7 +92228,6 @@ CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
@@ -92249,7 +92241,6 @@ CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/724
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4
@@ -93068,7 +93059,6 @@ CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
@@ -93078,7 +93068,6 @@ CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-p
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089
@@ -93450,7 +93439,6 @@ CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow r
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/720
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
@@ -93459,14 +93447,12 @@ CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/722
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97
@@ -93702,7 +93688,6 @@ CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...)
- imagemagick 8:6.9.9.34+dfsg-3 (bug #878541)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/719
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
@@ -93794,7 +93779,6 @@ CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
@@ -94164,7 +94148,6 @@ CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in ma
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af
NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/44a55580ac8c01d8cff1e6e0063820af113f8591
@@ -94294,7 +94277,6 @@ CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGIma
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
@@ -94556,7 +94538,6 @@ CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/66112b7a7b64f688efe6fec53a829874a74dea04
@@ -94770,14 +94751,12 @@ CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImag
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...)
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
@@ -94785,14 +94764,12 @@ CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...)
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_heade ...)
@@ -95213,7 +95190,6 @@ CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is pre
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48
@@ -95905,7 +95881,6 @@ CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in Magick
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
@@ -97493,7 +97468,6 @@ CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c
{DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/fad03699658d2607562a8487c944c300d59a1ca5
@@ -98869,7 +98843,6 @@ CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d96b55ea41e71de43663818ccd17c6af3fa6c4fd
@@ -99407,7 +99380,6 @@ CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
@@ -99415,7 +99387,6 @@ CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
@@ -99423,7 +99394,6 @@ CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/68bbe7b8b226ed79e339296793f68f1b2bebc519
@@ -99477,7 +99447,6 @@ CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found
{DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a91708c6b70bd4e3d2b931465307e0aeababb3c
@@ -99808,7 +99777,6 @@ CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 inter
CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...)
{DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870526)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/535
NOTE: https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d4192df5eb03892089806d52a317cc3101856726
@@ -99877,7 +99845,6 @@ CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was fo
{DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a
@@ -100223,7 +100190,6 @@ CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was fo
{DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/543
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088
@@ -100237,7 +100203,6 @@ CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was fo
{DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870491)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/536
NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74
@@ -101035,7 +101000,6 @@ CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1
{DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6bf56fbe1fc551f198c3491ed58d56bb5efea23c
@@ -101931,13 +101895,11 @@ CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in Rea
{DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG fi ...)
{DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870105)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote authenticated u ...)
@@ -102063,7 +102025,6 @@ CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/m
{DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
@@ -102071,7 +102032,6 @@ CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a
{DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found i ...)
@@ -102279,7 +102239,6 @@ CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet function
CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image ...)
{DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869830)
- [jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/501
NOTE: https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa
@@ -102482,7 +102441,6 @@ CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was fo
{DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727)
[stretch] - imagemagick <ignored> (Minor issue)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/546
NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8d537f6d778675e08ef9d238606d05101bf471b9
@@ -102792,7 +102750,6 @@ CVE-2017-11538 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
{DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869712)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/560
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bac384563f557d1ac7413d2eaec00dd59c3cc29b
@@ -102892,7 +102849,6 @@ CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for
CVE-2017-11523 (The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9 ...)
{DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #869210)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/591
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78
@@ -103055,7 +103011,6 @@ CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in Image
CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has a ...)
{DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #868950)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/537
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/787ee25e9fb0e4e0509121342371d925fe5044f8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/96182884778bfc43d6a9a0abd90cedb5d8cf8977
@@ -108720,7 +108675,6 @@ CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the
CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the func ...)
{DSA-4019-1 DLA-1000-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778)
- [jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/500
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d
NOTE: Fixed by (6.x): https://github.com/ImageMagick/ImageMagick/commit/837085e7725f6eb591eb019e299c1ddcf34b9a79
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 May 2019] DLA-1785-1 imagemagick - security update
+ {CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11537 CVE-2017-12140 CVE-2017-12430 CVE-2017-12432 CVE-2017-12435 CVE-2017-12563 CVE-2017-12587 CVE-2017-12643 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875 CVE-2017-13133 CVE-2017-13142 CVE-2017-13145 CVE-2017-13658 CVE-2017-13768 CVE-2017-14060 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400 CVE-2017-14505 CVE-2017-14532 CVE-2017-14624 CVE-2017-14625 CVE-2017-14626 CVE-2017-14739 CVE-2017-14741 CVE-2017-15015 CVE-2017-15017 CVE-2017-15281 CVE-2017-17682 CVE-2017-17914 CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445 CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650 CVE-2019-11597 CVE-2019-11598}
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u16
[09 May 2019] DLA-1784-1 postgresql-9.4 - new upstream version
[jessie] - postgresql-9.4 9.4.22-0+deb8u1
[12 May 2019] DLA-1783-1 atftp - security update
=====================================
data/dla-needed.txt
=====================================
@@ -46,11 +46,6 @@ hdf5 (Hugo Lefeuvre)
NOTE: 20190511: upstream was not aware of our undetermined issues. They have assigned
NOTE: a Jira issue for this: https://jira.hdfgroup.org/browse/HDFFV-10755 (hle)
--
-imagemagick (Hugo Lefeuvre, Markus Koschany)
- NOTE: many open issues, but most of them are minor. This is not enough to justify
- NOTE: full backport of a more recent version -> handle vulnerabilities on a case by
- NOTE: case basis (hle)
---
jruby
--
kdepim
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d5f0ce8f2ddb285245cc8d226e7fa6fe6646bb92...14ba241cd14685684166e1f1a31728582b90c640
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d5f0ce8f2ddb285245cc8d226e7fa6fe6646bb92...14ba241cd14685684166e1f1a31728582b90c640
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190513/48c55f43/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list