[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-19667/imagemagick as <postponed> for stretch

Roberto C. Sánchez roberto at debian.org
Mon Nov 23 01:48:37 GMT 2020 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b15046b by Roberto C. Sánchez at 2020-11-22T20:46:33-05:00
Mark CVE-2020-19667/imagemagick as <postponed> for stretch

After consulting with Emilio (who performed the ELTS triage for jessie),
it is clear that this issue can wait to be fixed along with future
issues in order to prevent proliferation of small updates.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22956,6 +22956,7 @@ CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in
 	NOTE: https://github.com/saitoha/libsixel/issues/136
 CVE-2020-19667 (Stack-based buffer overflow and unconditional jump in ReadXPMImage in  ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
+	[stretch] - imagemagick <postponed> (Minor issue, can be fixed with later issues)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1895
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/26538669546730c5b2dc36e7d48850f1f6928f94
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5462fd4725018567764c8f66bed98b7ee3e23006


=====================================
data/dla-needed.txt
=====================================
@@ -54,8 +54,6 @@ golang-github-dgrijalva-jwt-go
 --
 golang-golang-x-net-dev
 --
-imagemagick (Roberto C. Sánchez)
---
 influxdb
 --
 intel-microcode



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b15046b2b9022aaa8dec7208629bc8ab49cc9c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b15046b2b9022aaa8dec7208629bc8ab49cc9c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201123/3f9e5a41/attachment.html>

More information about the debian-security-tracker-commits mailing list