[Git][security-tracker-team/security-tracker][master] Remove no-dsa entries for upcoming imagemagick release.
Markus Koschany
apo at debian.org
Mon Aug 17 23:36:44 BST 2020
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6aaba24 by Markus Koschany at 2020-08-18T00:35:56+02:00
Remove no-dsa entries for upcoming imagemagick release.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -48972,7 +48972,6 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
{DSA-4712-1 DLA-2049-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947309)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x)
@@ -71402,7 +71401,6 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
{DSA-4712-1 DLA-1968-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #955025)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is ...)
@@ -77547,7 +77545,6 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (low impact issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
@@ -77981,7 +77978,6 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931455)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
NOTE: Some older version before the fixing commit did as well not check for
@@ -77993,7 +77989,6 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagic
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931457)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. import_stud ...)
@@ -78892,21 +78887,18 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #931189)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931190)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931191)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
@@ -78924,7 +78916,6 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the Writ
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
@@ -82846,7 +82837,6 @@ CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-r
CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
{DSA-4712-1 DLA-1785-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #928207)
- [stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c979b348d64a25a04f12ea7fe7888b2b23f230a7
@@ -83186,7 +83176,6 @@ CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause
CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927828)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4
@@ -83198,7 +83187,6 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::
CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
{DSA-4712-1 DLA-1968-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927830)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...)
@@ -86908,7 +86896,6 @@ CVE-2019-10132 (A vulnerability was found in libvirt >= 4.1.0 in the virtlock
CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2
- [stretch] - imagemagick <no-dsa> (Minor issue)
[jessie] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1704762
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
@@ -105705,7 +105692,6 @@ CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0
NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can resu ...)
- imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1408
NOTE: https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb
@@ -119896,7 +119882,6 @@ CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-r
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/394b3e6edf74d1337ce338927da053bb40c00ae9
CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPI ...)
- imagemagick 8:6.9.10.14+dfsg-1 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337
NOTE: https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82
@@ -129004,7 +128989,6 @@ CVE-2018-14552
RESERVED
CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 use ...)
- imagemagick 8:6.9.10.8+dfsg-1 (bug #904713)
- [stretch] - imagemagick <postponed> (Can be fixed along in a future DSA)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1221
NOTE: https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101
@@ -140951,7 +140935,6 @@ CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allo
CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGIm ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2 (bug #896018)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095
@@ -143557,7 +143540,6 @@ CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename
CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2 (low; bug #894848)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1072
@@ -143812,7 +143794,6 @@ CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer der
NOTE: https://github.com/ImageMagick/ImageMagick/commit/de5deab202c340162b65f65bafbbe17b1eda2c1a
CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList fun ...)
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/802
@@ -143985,7 +143966,6 @@ CVE-2018-8961 (In libming 0.4.8, the decompilePUSHPARAM function of decompile.c
NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q1 ...)
- imagemagick 8:6.9.9.39+dfsg-1 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1020
@@ -144435,7 +144415,6 @@ CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via
NOT-FOR-US: Yxcms
CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remot ...)
- imagemagick 8:6.9.9.39+dfsg-1 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f55d3a622d234e940fb99325b92c6d3df578fa9b
@@ -148182,7 +148161,6 @@ CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXP
CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q1 ...)
{DLA-1293-1}
- imagemagick 8:6.9.9.39+dfsg-1 (low; bug #891291)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/999
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1f7c6b153882896e7a569a6e8a362ce2a11a8b1f
@@ -165514,7 +165492,6 @@ CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was foun
NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found ...)
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885941)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (vulnerable code not present, unreproducible)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/869
@@ -183734,7 +183711,6 @@ CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was fo
NOTE: https://github.com/ImageMagick/ImageMagick/issues/660
CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
- imagemagick 8:6.9.9.34+dfsg-3
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/664
CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6aaba2424f05bb28e8b0cfb253ee067799f5ad2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6aaba2424f05bb28e8b0cfb253ee067799f5ad2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200817/24a7b87d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list