[Git][security-tracker-team/security-tracker][master] add commit refs for yubikey-val

Moritz Muehlenhoff jmm at debian.org
Fri Mar 6 18:51:29 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70f30597 by Moritz Muehlenhoff at 2020-03-06T19:51:04+01:00
add commit refs for yubikey-val
imagemagick triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,11 @@ CVE-2020-10186
 CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...)
 	- yubikey-val <removed>
 	NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/
+	NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286
 CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not  ...)
 	- yubikey-val <removed>
 	NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/
+	NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286
 CVE-2020-10183
 	RESERVED
 CVE-2020-10182
@@ -35963,6 +35965,8 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers
 CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component  ...)
 	{DLA-1968-1}
 	- imagemagick <unfixed> (bug #941670)
+	[buster] - imagemagick <ignored> (Minor issue)
+	[stretch] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
 	NOTE: ImageMagick6: followup, partly reverts previous patch:
@@ -36541,6 +36545,8 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is  ...)
 	{DLA-1968-1}
 	- imagemagick <unfixed>
+	[buster] - imagemagick <ignored> (Minor issue)
+	[stretch] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
 CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is  ...)
@@ -43016,6 +43022,8 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
 CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
 	- imagemagick <unfixed> (bug #931447)
+	[buster] - imagemagick <postponed> (Needs further clarification on patch)
+	[stretch] - imagemagick <postponed> (Needs further clarification on patch)
 	[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
@@ -43984,11 +43992,15 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause
 	NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
 CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability  ...)
 	- imagemagick <unfixed> (bug #931189)
+	[buster] - imagemagick <ignored> (Minor issue)
+	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <ignored> (minor security impact)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
 CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability  ...)
-	- imagemagick <unfixed> (bug #931190)
+	- imagemagick <unfixed> (low; bug #931190)
+	[buster] - imagemagick <ignored> (Minor issue)
+	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <ignored> (minor security impact)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70f305972a917bf1a6b70bee7ad757facfdd16ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70f305972a917bf1a6b70bee7ad757facfdd16ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200306/c83a1a8b/attachment.html>

More information about the debian-security-tracker-commits mailing list