[Git][security-tracker-team/security-tracker][master] Remove no-dsa tags from imagemagick for upcoming update.
Markus Koschany
apo at debian.org
Sun Sep 6 23:17:50 BST 2020
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
242ebfe7 by Markus Koschany at 2020-09-07T00:17:38+02:00
Remove no-dsa tags from imagemagick for upcoming update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73023,7 +73023,6 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...)
{DSA-4712-1 DLA-1968-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #941670)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
NOTE: ImageMagick6: followup, partly reverts previous patch:
@@ -79906,7 +79905,6 @@ CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPale
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931633)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
@@ -80126,7 +80124,6 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931447)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
@@ -80639,7 +80636,6 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerabilit
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #932079)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d (6.x)
@@ -85039,7 +85035,6 @@ CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 do
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
{DSA-4712-1 DLA-1785-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #928206)
- [stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e2a21735e3a3f3930bd431585ec36334c4c2eb77
NOTE: patch introduces new (potentially security relevant) bugs, see:
@@ -122085,7 +122080,6 @@ CVE-2018-18026 (IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly
CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
{DLA-1574-1}
- imagemagick 8:6.9.10.14+dfsg-1 (low; bug #911435)
- [stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1335
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a22fc0c8837838e60daecc0bf01648f359dd6fd
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/394b3e6edf74d1337ce338927da053bb40c00ae9
@@ -125705,7 +125699,6 @@ CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImag
CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp ...)
{DLA-1530-1}
- imagemagick 8:6.9.10.8+dfsg-1 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1199
@@ -140153,7 +140146,6 @@ CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Con
CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
{DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/910
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d
CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-fr ...)
@@ -140166,7 +140158,6 @@ CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-af
CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
{DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/911
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 ...)
@@ -149834,7 +149825,6 @@ CVE-2018-7580
RESERVED
CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...)
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/792
@@ -149848,7 +149838,6 @@ CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability w
NOTE: as noted in https://github.com/ImageMagick/ImageMagick/issues/791#issuecomment-334050314
CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in Im ...)
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/790
@@ -158523,7 +158512,6 @@ CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
{DLA-1785-1 DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e5dae180b9236bccd73ce93bfce81e99232a8533
CVE-2017-1000473 (Linux Dash up to version v2 is vulnerable to multiple command injectio ...)
@@ -161010,7 +160998,6 @@ CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer d ...)
{DLA-1785-1 DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886281)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/775
NOTE: https://github.com/ImageMagick/ImageMagick/commit/441fde32557eb3cec573b0f877ac324173feed7f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/839a14e43d0c88db7b3fffe8aa4ec57d80c93623
@@ -161898,7 +161885,6 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base
CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
{DLA-1785-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886584)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
@@ -167702,7 +167688,6 @@ CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb37
CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in t ...)
{DLA-1785-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
@@ -178141,7 +178126,6 @@ CVE-2017-15282
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote atta ...)
{DLA-1785-1 DLA-1139-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
NOTE: https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb
@@ -179113,7 +179097,6 @@ CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a ma
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
@@ -179127,7 +179110,6 @@ CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
{DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/724
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4
@@ -179921,7 +179903,6 @@ CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
@@ -179930,7 +179911,6 @@ CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allow
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-private ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089
@@ -180301,7 +180281,6 @@ CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow r
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
{DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/720
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
@@ -180310,14 +180289,12 @@ CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
{DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
{DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/722
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97
@@ -180552,7 +180529,6 @@ CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...)
{DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #878541)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/719
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
@@ -180643,7 +180619,6 @@ CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstra
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 m ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
@@ -181012,7 +180987,6 @@ CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injec
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/c ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af
NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/44a55580ac8c01d8cff1e6e0063820af113f8591
@@ -181402,7 +181376,6 @@ CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router wi
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coder ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/66112b7a7b64f688efe6fec53a829874a74dea04
@@ -181615,26 +181588,22 @@ CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10 ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_heade ...)
@@ -182055,7 +182024,6 @@ CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 be
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present i ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48
@@ -182746,7 +182714,6 @@ CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageM
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in MagickCore/i ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
@@ -184335,7 +184302,6 @@ CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based b
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/fad03699658d2607562a8487c944c300d59a1ca5
@@ -184553,7 +184519,6 @@ CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in
NOTE: https://github.com/ImageMagick/ImageMagick/issues/669
CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...)
- imagemagick 8:6.9.9.34+dfsg-3 (bug #873131)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/645
@@ -185701,7 +185666,6 @@ CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remot ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d96b55ea41e71de43663818ccd17c6af3fa6c4fd
@@ -185920,7 +185884,6 @@ CVE-2017-12807
REJECTED
CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
- imagemagick 8:6.9.9.34+dfsg-3
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/660
CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
@@ -186240,21 +186203,18 @@ CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allow ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 all ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allow ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/68bbe7b8b226ed79e339296793f68f1b2bebc519
@@ -186307,7 +186267,6 @@ CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional dat
CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in th ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a91708c6b70bd4e3d2b931465307e0aeababb3c
@@ -186713,7 +186672,6 @@ CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in
CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a
@@ -187058,7 +187016,6 @@ CVE-2017-12436
CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/543
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088
@@ -187078,7 +187035,6 @@ CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was fo
CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
{DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/545
NOTE: https://github.com/ImageMagick/ImageMagick/commit/30a74ed25a4890acfa94f452d653d54c9628c87e
@@ -187869,7 +187825,6 @@ CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was f
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has a ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6bf56fbe1fc551f198c3491ed58d56bb5efea23c
@@ -188764,7 +188719,6 @@ CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOn
CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJN ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG fi ...)
@@ -189311,7 +189265,6 @@ CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a
CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/546
NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8d537f6d778675e08ef9d238606d05101bf471b9
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/242ebfe7fd85c6bfe050c8b17f8af33964ab45f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/242ebfe7fd85c6bfe050c8b17f8af33964ab45f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200906/4b477e80/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list