[Git][security-tracker-team/security-tracker][master] one imagemagick issue confirmed for IM6

Moritz Muehlenhoff jmm at debian.org
Wed Apr 14 17:30:57 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
644544b8 by Moritz Muehlenhoff at 2021-04-14T18:20:39+02:00
one imagemagick issue confirmed for IM6
NFUs
two n/a for solr

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2682,7 +2682,7 @@ CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668
 	NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/337587
 CVE-2021-29943 (When using ConfigurableInternodeAuthHadoopPlugin for authentication, A ...)
-	TODO: check
+	- lucene-solr <not-affected> (Vulnerable functionality not yet present)
 CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
 	NOT-FOR-US: reorder crate
 CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
@@ -3771,13 +3771,13 @@ CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static pag
 CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not correctly veri ...)
 	NOT-FOR-US: Grav admin plugin
 CVE-2021-29438 (The Nextcloud dialogs library (npm package @nextcloud/dialogs) before  ...)
-	TODO: check
+	NOT-FOR-US: Node @nextcloud/dialogs
 CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth ...)
-	TODO: check
+	NOT-FOR-US: ScratchOAuth2
 CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
 	NOT-FOR-US: Anuko Time Tracker
 CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...)
-	TODO: check
+	NOT-FOR-US: trestle-auth
 CVE-2021-29434
 	RESERVED
 CVE-2021-29433
@@ -4205,7 +4205,7 @@ CVE-2021-3468 [Local DoS by event-busy-loop from writing long lines to /run/avah
 	NOTE: https://github.com/lathiat/avahi/pull/330
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
 CVE-2021-29262 (When starting Apache Solr versions prior to 8.8.2, configured with the ...)
-	TODO: check
+	- lucene-solr <not-affected> (Vulnerable code not yet present)
 CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual Studio Code  ...)
 	NOT-FOR-US: vscode extension Svelte
 CVE-2021-29260
@@ -23327,7 +23327,7 @@ CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in a
 CVE-2021-21400 (wire-webapp is an open-source front end for Wire, a secure collaborati ...)
 	NOT-FOR-US: wire-webapp
 CVE-2021-21399 (Ampache is a web based audio/video streaming application and file mana ...)
-	TODO: check
+	- ampache <removed>
 CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
 	NOT-FOR-US: PrestaShop
 CVE-2021-21397
@@ -25987,8 +25987,11 @@ CVE-2021-20313
 	RESERVED
 CVE-2021-20312 [Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c]
 	RESERVED
+	- imagemagick <unfixed>
+	[bullseye] - imagemagick <ignored> (Minor issue)
+	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
-	TODO: Check whether specific to IM7
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
 CVE-2021-20311 [Division by zero in sRGBTransformImage() in MagickCore/colorspace.c]
 	RESERVED
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644544b8bc31bf52d281e07c4f35a3041917331e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/644544b8bc31bf52d281e07c4f35a3041917331e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210414/bd39d965/attachment.htm>

More information about the debian-security-tracker-commits mailing list