[Git][security-tracker-team/security-tracker][master] imagemagick triage

Moritz Muehlenhoff jmm at debian.org
Thu Apr 22 12:35:07 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e3fe4a4 by Moritz Muehlenhoff at 2021-04-22T13:34:38+02:00
imagemagick triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27005,9 +27005,10 @@ CVE-2021-20314
 	RESERVED
 CVE-2021-20313 [Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c]
 	RESERVED
-	- imagemagick <undetermined>
+	- imagemagick <unfixed>
+	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
-	TODO: check if specific to IM7
+	NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
 CVE-2021-20312 [Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c]
 	RESERVED
 	- imagemagick <unfixed>
@@ -27021,9 +27022,9 @@ CVE-2021-20311 [Division by zero in sRGBTransformImage() in MagickCore/colorspac
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
 CVE-2021-20310 [Division by zero in ConvertXYZToJzazbz() of MagickCore/colorspace.c]
 	RESERVED
+	- imagemagick <not-affected> (Specific to IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3295
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5
-	TODO: Check whether specific to IM7
 CVE-2021-20309 [Division by zero in WaveImage() of MagickCore/visual-effects.c]
 	RESERVED
 	- imagemagick <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e3fe4a4ee9c22592329ca50abe1d8e781cf5201

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e3fe4a4ee9c22592329ca50abe1d8e781cf5201
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210422/6dddaa6f/attachment.htm>

More information about the debian-security-tracker-commits mailing list