[Git][security-tracker-team/security-tracker][master] imagemagick DSA
Moritz Muehlenhoff
jmm at debian.org
Tue Jun 30 19:34:07 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
93afa727 by Moritz Muehlenhoff at 2020-06-30T20:33:37+02:00
imagemagick DSA
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29723,7 +29723,6 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
{DLA-2049-1}
- imagemagick <unfixed> (low; bug #947309)
- [buster] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
@@ -29731,7 +29730,6 @@ CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-r
CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in ...)
{DLA-2049-1}
- imagemagick <unfixed> (low; bug #947308)
- [buster] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1562
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x)
@@ -51496,7 +51494,6 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...)
{DLA-1968-1}
- imagemagick <unfixed> (bug #941670)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
@@ -52081,7 +52078,6 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
{DLA-1968-1}
- imagemagick <unfixed> (bug #955025)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
@@ -58211,7 +58207,6 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
- imagemagick <unfixed> (low; bug #931740)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (low impact issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
@@ -58580,7 +58575,6 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
- imagemagick <unfixed> (bug #931447)
- [buster] - imagemagick <postponed> (Needs further clarification on patch)
[stretch] - imagemagick <postponed> (Needs further clarification on patch)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
@@ -59089,7 +59083,6 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerabilit
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
{DLA-1888-1}
- imagemagick <unfixed> (bug #932079)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d (7.x)
@@ -59546,21 +59539,18 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause
NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- imagemagick <unfixed> (bug #931189)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- imagemagick <unfixed> (low; bug #931190)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- imagemagick <unfixed> (low; bug #931191)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
@@ -59574,7 +59564,6 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the Writ
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
{DLA-1888-1}
- imagemagick <unfixed> (low; bug #931196)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
@@ -63831,7 +63820,6 @@ CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...)
- imagemagick <unfixed> (low; bug #927828)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546
@@ -63844,7 +63832,6 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::
CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
{DLA-1968-1}
- imagemagick <unfixed> (low; bug #927830)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jun 2020] DSA-4712-1 imagemagick - security update
+ {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949}
+ [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1
[29 Jun 2020] DSA-4711-1 coturn - security update
{CVE-2020-4067 CVE-2020-6061 CVE-2020-6062}
[stretch] - coturn 4.5.0.5-1+deb9u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93afa7275667a4d4741d87d9a832453db0ac68c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93afa7275667a4d4741d87d9a832453db0ac68c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200630/93f4af10/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list