[Git][security-tracker-team/security-tracker][master] more imagemagick fixes in unstable
Moritz Muehlenhoff
jmm at debian.org
Mon Jul 27 17:12:05 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da2a2759 by Moritz Muehlenhoff at 2020-07-27T18:11:36+02:00
more imagemagick fixes in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -60521,7 +60521,7 @@ CVE-2019-13302 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in Ma
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1597
CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory becau ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
{DSA-4715-1 DSA-4712-1}
@@ -60984,7 +60984,7 @@ CVE-2019-13138
RESERVED
CVE-2019-13137 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant; bug #931342)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931342)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1601
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b
CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerability in t ...)
@@ -60993,7 +60993,7 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerabilit
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
{DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (bug #932079)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #932079)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d (7.x)
@@ -61471,12 +61471,15 @@ CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerab
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant; bug #931192)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931192)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1520
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ff840181f631b1b7f29160cae24d792fcd176bae
CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXIm ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant; bug #931193)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931193)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c01d8b02f3fa912a320ddad07a03212822f267ec
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b9c3aa197020ca091a21145cf46855afd4ddcb07
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196)
@@ -65395,7 +65398,7 @@ CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb
CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
{DSA-4712-1 DLA-1785-1}
- - imagemagick <unfixed> (bug #928207)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #928207)
[stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
@@ -68111,7 +68114,7 @@ CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d8d844c6f23f4d90d8fe893fe9225dd78fc1e6ef
CVE-2019-10649 (In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SV ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1533
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3ae9c19125c8704b4866381f7a064ca2cbdc006
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e3417aebe17cbe274b7361aa92c83226ca5b646b
@@ -77863,22 +77866,23 @@ CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack a
NOT-FOR-US: Amazon Fire OS
CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/20c360e14cd5d70b5bbd0b54afa241eae4aec45d
CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
- graphicsmagick 1.4~hg15896-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1454
CVE-2019-7396 (In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1452
CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChanne ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451
CVE-2019-7394 (A privilege escalation vulnerability in the administrative user interf ...)
@@ -78517,7 +78521,7 @@ CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise Editio
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1450
CVE-2019-7174 (Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Ren ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da2a27597b7a2a1e18cc95578224e884cd2e1acd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da2a27597b7a2a1e18cc95578224e884cd2e1acd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200727/d87c69e6/attachment.html>
More information about the debian-security-tracker-commits
mailing list