[Git][security-tracker-team/security-tracker][master] graphicsmagick DSA

Sun Mar 15 22:08:59 GMT 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
937062b6 by Moritz Muehlenhoff at 2020-03-15T23:08:32+01:00
graphicsmagick DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -49194,11 +49194,13 @@ CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1
 CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, the ...)
 	{DLA-1795-1}
 	- graphicsmagick 1.4~hg15968-1
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/604/
 CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, ther ...)
 	{DLA-1795-1}
 	- graphicsmagick 1.4~hg15968-1
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/605/
 CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
@@ -49303,12 +49305,14 @@ CVE-2019-11475
 CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
 	{DLA-1795-1}
 	- graphicsmagick 1.4~hg15976-1
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
 CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
 	{DLA-1795-1}
 	- graphicsmagick 1.4~hg15976-1
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
@@ -50632,31 +50636,37 @@ CVE-2019-11011 (Akamai CloudTest before 58.30 allows remote code execution. ...)
 CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in  ...)
 	{DLA-1755-1}
 	- graphicsmagick 1.4~hg15968-1 (bug #927029)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/601/
 CVE-2019-11009 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
 	{DLA-1755-1}
 	- graphicsmagick 1.4~hg15968-1 (bug #927029)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/597/
 CVE-2019-11008 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
 	{DLA-1755-1}
 	- graphicsmagick 1.4~hg15968-1 (bug #927029)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/599/
 CVE-2019-11007 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
 	{DLA-1755-1}
 	- graphicsmagick 1.4~hg15968-1 (bug #927029)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/596/
 CVE-2019-11006 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
 	{DLA-1755-1}
 	- graphicsmagick 1.4~hg15968-1 (bug #927029)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/598/
 CVE-2019-11005 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buf ...)
 	- graphicsmagick 1.4~hg15968-1 (bug #927029)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	[jessie] - graphicsmagick <not-affected> (The vulnerable code is not present)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/600/
@@ -72642,6 +72652,7 @@ CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sas
 CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c ha ...)
 	{DLA-1619-1}
 	- graphicsmagick 1.4~hg15873-1 (bug #916752)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/585/
 CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator acco ...)
@@ -72657,6 +72668,7 @@ CVE-2018-20186 (An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadDat
 CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there  ...)
 	{DLA-1619-1}
 	- graphicsmagick 1.4~hg15880-1 (bug #916719)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: Partial fix: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/582/
 	NOTE: Partial fix adressed in 1.4~hg15873-1, but according to maintainer not yet
@@ -72666,6 +72678,7 @@ CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms,
 CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buff ...)
 	{DLA-1619-1}
 	- graphicsmagick 1.4~hg15873-1 (bug #916721)
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b
 	NOTE: Upstream patch contains unrelated refactoring, trimmed down version available on
 	NOTE: the Debian bug report: https://bugs.debian.org/916721#15


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[15 Mar 2020] DSA-4640-1 graphicsmagick - security update
+	{CVE-2019-19950 CVE-2019-19951 CVE-2019-19953}
+	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
+	[buster] - graphicsmagick 1.4~hg15978-1+deb10u1
 [11 Mar 2020] DSA-4639-1 firefox-esr - security update
 	{CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814}
 	[stretch] - firefox-esr 68.6.0esr-1~deb9u1


=====================================
data/dsa-needed.txt
=====================================
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 bluez (carnil)
 --
-graphicsmagick (jmm)
---
 jruby/oldstable
 --
 libopenmpt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/937062b6ddc856ebe33155b967bb9f6f183bf655

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/937062b6ddc856ebe33155b967bb9f6f183bf655
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200315/06b8f44c/attachment-0001.html>
