[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 7 09:10:25 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0047763e by security tracker role at 2020-09-07T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18517,6 +18517,7 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a mali
CVE-2020-16093
RESERVED
CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...)
+ {DSA-4760-1}
- qemu 1:5.1+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
@@ -19035,7 +19036,7 @@ CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimuls
CVE-2020-15864
RESERVED
CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...)
- {DLA-2288-1}
+ {DSA-4760-1 DLA-2288-1}
- qemu 1:5.0-12
NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
@@ -22940,6 +22941,7 @@ CVE-2020-14365 [dnf module install packages with no GPG signature]
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...)
+ {DSA-4760-1}
- qemu 1:5.1+dfsg-4 (bug #968947)
NOTE: https://xenbits.xen.org/xsa/advisory-335.html
NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3
@@ -26929,6 +26931,7 @@ CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Fre
CVE-2020-12830
RESERVED
CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...)
+ {DSA-4760-1}
- qemu 1:5.0-12 (low; bug #961451)
[stretch] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
@@ -73021,7 +73024,7 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1554
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...)
- {DSA-4712-1 DLA-1968-1}
+ {DSA-4712-1 DLA-2366-1 DLA-1968-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #941670)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
@@ -79903,7 +79906,7 @@ CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses th
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2366-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931633)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
@@ -80122,7 +80125,7 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2366-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931447)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
@@ -80634,7 +80637,7 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerabilit
NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
- {DSA-4712-1 DLA-1888-1}
+ {DSA-4712-1 DLA-2366-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #932079)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d (7.x)
@@ -85033,7 +85036,7 @@ CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 do
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
- {DSA-4712-1 DLA-1785-1}
+ {DSA-4712-1 DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #928206)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e2a21735e3a3f3930bd431585ec36334c4c2eb77
@@ -122078,7 +122081,7 @@ CVE-2018-18027
CVE-2018-18026 (IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower ...)
NOT-FOR-US: IObit Malware Fighter
CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
- {DLA-1574-1}
+ {DLA-2366-1 DLA-1574-1}
- imagemagick 8:6.9.10.14+dfsg-1 (low; bug #911435)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1335
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a22fc0c8837838e60daecc0bf01648f359dd6fd
@@ -125426,7 +125429,7 @@ CVE-2018-16750 (In ImageMagick 7.0.7-29 and earlier, a memory leak in the format
NOTE: https://github.com/ImageMagick/ImageMagick/commit/33d1b9590c401d4aee666ffd10b16868a38cf705
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/359331c61193138ce2b85331df25235b81499cfc
CVE-2018-16749 (In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJN ...)
- {DLA-1530-1}
+ {DLA-2366-1 DLA-1530-1}
- imagemagick 8:6.9.10.2+dfsg-2 (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1119
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4
@@ -125696,7 +125699,7 @@ CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImag
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/01ca29604515fa4ddf3180870827df5c8ec93ada
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1269
CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp ...)
- {DLA-1530-1}
+ {DLA-2366-1 DLA-1530-1}
- imagemagick 8:6.9.10.8+dfsg-1 (low)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c
@@ -140143,7 +140146,7 @@ CVE-2018-11233 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2
CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Swi ...)
NOT-FOR-US: Kubernetes CRI-O
CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
- {DLA-1785-1 DLA-1381-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/910
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d
@@ -140155,7 +140158,7 @@ CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-af
NOTE: https://github.com/ImageMagick/ImageMagick/issues/918
NOTE: https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038
CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
- {DLA-1785-1 DLA-1381-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/911
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
@@ -149823,6 +149826,7 @@ CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expe
CVE-2018-7580
RESERVED
CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...)
+ {DLA-2366-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
@@ -149836,6 +149840,7 @@ CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability w
NOTE: The commit referenced the wrong issue in the upstream issue tracker, but
NOTE: as noted in https://github.com/ImageMagick/ImageMagick/issues/791#issuecomment-334050314
CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in Im ...)
+ {DLA-2366-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
@@ -158509,7 +158514,7 @@ CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scrip
CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
NOT-FOR-US: XMLBundle
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
- {DLA-1785-1 DLA-1229-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3
NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e5dae180b9236bccd73ce93bfce81e99232a8533
@@ -160995,7 +161000,7 @@ CVE-2017-1000449
CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a di ...)
NOT-FOR-US: Structured Data Linter
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer d ...)
- {DLA-1785-1 DLA-1229-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886281)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/775
NOTE: https://github.com/ImageMagick/ImageMagick/commit/441fde32557eb3cec573b0f877ac324173feed7f
@@ -161882,7 +161887,7 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
- {DLA-1785-1 DLA-1227-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886584)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
@@ -167685,7 +167690,7 @@ CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb37
CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...)
NOT-FOR-US: Panda Global Protection
CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in t ...)
- {DLA-1785-1 DLA-1227-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
@@ -178123,7 +178128,7 @@ CVE-2017-15283
CVE-2017-15282
RESERVED
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote atta ...)
- {DLA-1785-1 DLA-1139-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1139-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
@@ -179094,7 +179099,7 @@ CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a ma
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820
@@ -179107,7 +179112,7 @@ CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi
NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
NOTE: emf.c not compiled under Debian
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/724
@@ -179900,7 +179905,7 @@ CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQ
CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to ex ...)
NOT-FOR-US: LabF nfsAxe
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
@@ -179908,7 +179913,7 @@ CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick
CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remo ...)
NOT-FOR-US: GeniXCMS
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-private ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d
@@ -180278,7 +180283,7 @@ CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxL
CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
NOT-FOR-US: CyberLink LabelPrint
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/720
@@ -180286,13 +180291,13 @@ CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/722
@@ -180526,7 +180531,7 @@ CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #878541)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/719
@@ -180616,7 +180621,7 @@ CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline p
CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...)
NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 m ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
@@ -180984,7 +180989,7 @@ CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injec
CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/c ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af
@@ -181112,7 +181117,7 @@ CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in Rea
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
@@ -181372,7 +181377,7 @@ CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in
CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Fir ...)
NOT-FOR-US: TP-LINK Router
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coder ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac
@@ -181584,23 +181589,23 @@ CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from s
CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...)
NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10 ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
@@ -182020,7 +182025,7 @@ CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 be
- libidn <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present i ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
@@ -182710,7 +182715,7 @@ CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageM
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in MagickCore/i ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3
@@ -184298,7 +184303,7 @@ CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904
NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8
@@ -184516,6 +184521,7 @@ CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in
- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/669
CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...)
+ {DLA-2366-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #873131)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -185662,7 +185668,7 @@ CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.
NOTE: https://github.com/ImageMagick/ImageMagick/issues/663
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remot ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e
@@ -185881,6 +185887,7 @@ CVE-2017-12808
CVE-2017-12807
REJECTED
CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
+ {DLA-2366-1}
- imagemagick 8:6.9.9.34+dfsg-3
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/660
@@ -186199,19 +186206,19 @@ CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides
NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allow ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 all ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allow ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d
@@ -186263,7 +186270,7 @@ CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional dat
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7
CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in th ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049
@@ -186668,7 +186675,7 @@ CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b
CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
@@ -187012,7 +187019,7 @@ CVE-2017-12437
CVE-2017-12436
RESERVED
CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/543
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f
@@ -187031,7 +187038,7 @@ CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was fo
NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74
CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DLA-1081-1}
+ {DLA-2366-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/545
@@ -187821,7 +187828,7 @@ CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was f
[wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/50
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has a ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd
@@ -188715,7 +188722,7 @@ CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOn
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJN ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
@@ -188844,13 +188851,13 @@ CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through
NOTE: https://github.com/ImageMagick/ImageMagick/issues/624
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
@@ -189259,7 +189266,7 @@ CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84
CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/546
NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0047763ef5e06add7c72a17ad3547195fc23f6e9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0047763ef5e06add7c72a17ad3547195fc23f6e9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200907/56c22d44/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list