[Git][security-tracker-team/security-tracker][master] Track new CVE-2019-167{08,09,10,11,12,13}/imagemagick
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 23 21:54:06 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0eae5cd9 by Salvatore Bonaccorso at 2019-09-23T20:52:01Z
Track new CVE-2019-167{08,09,10,11,12,13}/imagemagick
New ImageMagick issues, but mark them for this round staight to
unimportant as they consist only of memory leak issues.
It has not properly checked though if they affect the ImageMagick6
version at all. But better mark those as unfixed (wrongly) as
not-affected (possibly wrongly).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,17 +26,23 @@ CVE-2019-16716
CVE-2019-16715
RESERVED
CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...)
- TODO: check
+ - imagemagick <unfixed> (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1558
CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...)
- TODO: check
+ - imagemagick <unfixed> (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1557
CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...)
- TODO: check
+ - imagemagick <unfixed> (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1542
CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...)
- TODO: check
+ - imagemagick <unfixed> (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1528
CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...)
- TODO: check
+ - imagemagick <unfixed> (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...)
- TODO: check
+ - imagemagick <unfixed> (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...)
TODO: check
CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account via ad ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eae5cd99befa4f3145d453ccb4b8e9cee895cda
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eae5cd99befa4f3145d453ccb4b8e9cee895cda
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190923/819ac931/attachment.html>
More information about the debian-security-tracker-commits
mailing list