[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-{14981,11470}: remove <postponed> triage

Mon Oct 21 09:53:21 BST 2019


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84b9f3a7 by Hugo Lefeuvre at 2019-10-21T08:47:57Z
CVE-2019-{14981,11470}: remove <postponed> triage

fixed via DLA-1968-1

- - - - -
785616ac by Hugo Lefeuvre at 2019-10-21T08:52:05Z
dsa-needed: add python-reportlab, take it

CVE-2019-17626, remote code execution

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9605,7 +9605,6 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
 	NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is  ...)
 	- imagemagick <unfixed>
-	[jessie] - imagemagick <postponed> (can be fixed along with more important issues)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
 CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is  ...)
@@ -20721,7 +20720,6 @@ CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows
 	- imagemagick <unfixed> (low; bug #927830)
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <ignored> (Minor issue)
-	[jessie] - imagemagick <postponed> (can be fixed along with more important issues)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
 CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -53,6 +53,8 @@ poppler (jmm)
 --
 python3.5 (jmm)
 --
+python-reportlab (hle)
+--
 simplesamlphp/oldstable
 --
 slurm-llnl (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0b128825ec0ad730303a944b6d0c446a8d3a9613...785616ac9bdcc615cf3514f61acaebf7881ddc74

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0b128825ec0ad730303a944b6d0c446a8d3a9613...785616ac9bdcc615cf3514f61acaebf7881ddc74
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191021/bdecadbd/attachment-0001.html>
