[Git][security-tracker-team/security-tracker][master] imagemagick fixed (a few more need a closer look)
Moritz Muehlenhoff
jmm at debian.org
Mon Jul 27 12:19:34 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
27f5c295 by Moritz Muehlenhoff at 2020-07-27T13:19:10+02:00
imagemagick fixed (a few more need a closer look)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5067,7 +5067,7 @@ CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration
CVE-2020-13903
RESERVED
CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...)
- - imagemagick <unfixed>
+ - imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
[stretch] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
[jessie] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
@@ -15766,7 +15766,7 @@ CVE-2020-10253
CVE-2020-10252
RESERVED
CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...)
- - imagemagick <unfixed> (low; bug #953741)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
[jessie] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
@@ -31552,14 +31552,14 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
{DSA-4712-1 DLA-2049-1}
- - imagemagick <unfixed> (low; bug #947309)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947309)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x)
CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in ...)
{DSA-4715-1 DSA-4712-1 DLA-2049-1}
- - imagemagick <unfixed> (low; bug #947308)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947308)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1562
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x)
@@ -53363,7 +53363,7 @@ CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allo
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...)
{DSA-4715-1 DSA-4712-1 DLA-1968-1}
- - imagemagick <unfixed> (bug #941671)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #941671)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
NOTE: followup, previous patch introduced compiler warnings
@@ -53371,7 +53371,7 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1554
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...)
{DSA-4712-1 DLA-1968-1}
- - imagemagick <unfixed> (bug #941670)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #941670)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
@@ -60097,7 +60097,7 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
{DSA-4712-1}
- - imagemagick <unfixed> (low; bug #931740)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (low impact issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
@@ -60250,7 +60250,7 @@ CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPale
NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
{DSA-4712-1}
- - imagemagick <unfixed> (low; bug #931633)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931633)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
@@ -60469,14 +60469,14 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
{DSA-4712-1}
- - imagemagick <unfixed> (low; bug #931447)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931447)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
{DSA-4715-1 DSA-4712-1}
- - imagemagick <unfixed> (bug #931448)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931448)
[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe
@@ -60485,7 +60485,7 @@ CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d
CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
{DSA-4715-1 DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (bug #931449)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931449)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612
NOTE: initial fix:
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa
@@ -60493,12 +60493,12 @@ CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at co
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
{DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (bug #931452)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931452)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
{DSA-4715-1 DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (bug #931453)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931453)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1614
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a2f84f23d064e98f423aa0d050ff98838cf0a1b1
@@ -60516,7 +60516,7 @@ CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
{DSA-4715-1 DSA-4712-1}
- - imagemagick <unfixed> (bug #931454)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931454)
[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450
@@ -60530,7 +60530,7 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
{DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (low; bug #931455)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931455)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
@@ -60542,7 +60542,7 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagic
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
{DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (low; bug #931457)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931457)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
@@ -61441,21 +61441,21 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause
NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
{DSA-4712-1}
- - imagemagick <unfixed> (bug #931189)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931189)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
{DSA-4712-1}
- - imagemagick <unfixed> (low; bug #931190)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931190)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
{DSA-4712-1}
- - imagemagick <unfixed> (low; bug #931191)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931191)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
@@ -61470,7 +61470,7 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the Writ
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
{DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (low; bug #931196)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
@@ -65377,7 +65377,7 @@ CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 do
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
{DSA-4712-1 DLA-1785-1}
- - imagemagick <unfixed> (bug #928206)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #928206)
[stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e2a21735e3a3f3930bd431585ec36334c4c2eb77
@@ -65725,7 +65725,7 @@ CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...)
{DSA-4712-1}
- - imagemagick <unfixed> (low; bug #927828)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927828)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546
@@ -65737,7 +65737,7 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::
NOTE: https://github.com/strukturag/libheif/issues/123
CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
{DSA-4712-1 DLA-1968-1}
- - imagemagick <unfixed> (low; bug #927830)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927830)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27f5c2950de22f1ce5adba733a0908fbe8d647cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27f5c2950de22f1ce5adba733a0908fbe8d647cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200727/96447b84/attachment.html>
More information about the debian-security-tracker-commits
mailing list