[Git][security-tracker-team/security-tracker][master] more imagemagick fixes in sid

Mon Jul 27 16:45:03 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf910d03 by Moritz Muehlenhoff at 2020-07-27T17:44:39+02:00
more imagemagick fixes in sid
qemu postponed

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -223,6 +223,7 @@ CVE-2020-15863 [stack-based overflow in  xgmac_enet_send() in hw/net/xgmac.c]
 	RESERVED
 	{DLA-2288-1}
 	- qemu 1:5.0-12
+	[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
 CVE-2020-15862
@@ -233,6 +234,7 @@ CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business
 	NOT-FOR-US: Parallels
 CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...)
 	- qemu <unfixed> (bug #965978)
+	[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
 CVE-2020-15858
@@ -48680,27 +48682,34 @@ CVE-2019-16715
 	RESERVED
 CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...)
 	{DSA-4712-1}
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1558
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/6954a3f7f1bf1dad417260c5965f2c30a64fa25e
 CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...)
-	- imagemagick <unfixed> (unimportant)
+	{DSA-4712-1}
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1557
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/451d0e4aadb17f16d15006aed379b71714d04a5d
 CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...)
 	{DSA-4712-1}
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1542
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/448f301a781405a45717bb53578475de06df973a
 CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...)
 	{DSA-4712-1}
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1528
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/80deac0626d2d69e1da836d7d893db1e022b10fc
 CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...)
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	- graphicsmagick 1.4+really1.3.33+hg16117-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/13801f5d0bd7a6fdb119682d34946636afdb2629
 CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...)
 	{DSA-4712-1}
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/13801f5d0bd7a6fdb119682d34946636afdb2629
 CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...)
 	- hunspell 1.7.0-3 (unimportant; bug #941185)
 	NOTE: Negligible security impact
@@ -53955,7 +53964,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
 	NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is  ...)
 	{DSA-4712-1 DLA-1968-1}
-	- imagemagick <unfixed> (bug #955025)
+	- imagemagick 8:6.9.11.24+dfsg-1 (bug #955025)
 	[stretch] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
@@ -60455,16 +60464,16 @@ CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-b
 	NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4
 CVE-2019-13311 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
 	{DSA-4712-1}
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1623
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91
 CVE-2019-13310 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
 CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
 	{DSA-4712-1}
-	- imagemagick <unfixed> (unimportant)
+	- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
 CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)


=====================================
data/DSA/list
=====================================
@@ -64,7 +64,7 @@
 	{CVE-2019-13300 CVE-2019-13304 CVE-2019-13306 CVE-2019-13307 CVE-2019-15140 CVE-2019-19948}
 	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u8
 [01 Jul 2020] DSA-4714-1 chromium - security update
-	{CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831}
+	{CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831 CVE-2019-16712}
 	[buster] - chromium 83.0.4103.116-1~deb10u1
 [01 Jul 2020] DSA-4713-1 firefox-esr - security update
 	{CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf910d032516406742ed58ceec950e1fd1f4a5da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf910d032516406742ed58ceec950e1fd1f4a5da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200727/3c728e02/attachment.html>
