[Git][security-tracker-team/security-tracker][master] dla-needed: update imagemagick notes

Hugo Lefeuvre hle at debian.org
Sat Oct 19 16:20:16 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d24f85ca by Hugo Lefeuvre at 2019-10-19T15:19:55Z
dla-needed: update imagemagick notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -33,16 +33,14 @@ ibus (Markus Koschany)
   NOTE: beware of the regression introduced by upstreams first patch
 --
 imagemagick (Hugo Lefeuvre)
-  NOTE: 20190902: several minor postponed issues with simple patch: preparing an update
-  NOTE: just for them would be wasting time, but let's include these patches in a
-  NOTE: future update when new issues appear.
   NOTE: CVE-2019-13391, CVE-2019-13308: patch is large, undocumented and potentially
   NOTE: insufficient. wait for upstream to answer on bug report, or tag <ignored>.
   NOTE: CVE-2019-10131: patch is sufficient, but technically so-so in my opinion:
   NOTE: instead of avoiding off-by-one reads (check length BEFORE reading, not after!)
   NOTE: we allocate one more byte. this works, but does not 'obviously' fix the issue and
   NOTE: can be misleading... DEP3 comments would be nice. (hle)
-  NOTE: 20191015: two new CVEs, check.
+  NOTE: 20191019: preparing an update for the new batch of CVEs.
+  NOTE: CVE-2019-17540: unclear upstream fixes in ImageMagick6, this is very messy.
 --
 imapfilter
   NOTE: 20190910: No patch exists but a possible solution. Note that openssl in



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d24f85ca6fc0382a1664e04b1e4c501b81a82f94

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d24f85ca6fc0382a1664e04b1e4c501b81a82f94
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191019/909f1830/attachment.html>

More information about the debian-security-tracker-commits mailing list