[Git][security-tracker-team/security-tracker][master] CVE-2020-29599/imagemagick: fix IM6 patch list
Sylvain Beucler
beuc at debian.org
Mon Jan 4 16:19:57 GMT 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe47b172 by Sylvain Beucler at 2021-01-04T17:16:35+01:00
CVE-2020-29599/imagemagick: fix IM6 patch list
- missing delegates.xml %a sanitization
- https://github.com/ImageMagick/ImageMagick6/commit/226804980651bb4eb5f3ba3b9d7e992f2eda4710
reverted by
https://github.com/ImageMagick/ImageMagick6/commit/875fdf773d6e822364f876bed14c1785a01b45a7
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6646,11 +6646,13 @@ CVE-2020-29599 (ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a9e63436aa04c805fe3f9e2ed242dfa4621df823
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/68154c05cf40a80b6f2e2dd9fdc4428570f875f0
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/89a1c73ee2693ded91a72d00bdf3aba410f349f1
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a7b2d8328c539da6e79a118a0b8e97462c7daa77
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/2eead004825d31e8f49022f0bc4ca0d3457b0bb1
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/20f520ed5c8541ae6646bc38d9d3b480785be6c3
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a2b3dd8455da2f17849b55e6b6ddcce587e4a323
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7b0cce080345e5b7ef26d122f18809c93a19a80e
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/869e38717fa91325da87c2a4cedc148a770a07ec
- NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/226804980651bb4eb5f3ba3b9d7e992f2eda4710
NOTE: ImageMagick6 (bugfix): https://github.com/ImageMagick/ImageMagick6/commit/83ec5b5b8ee7cae891fff59340be207b513a030d (6.9.11-41)
NOTE: Issue mitigated by disabling ghostscript handled formats based on -SAFER insecurity,
NOTE: cf 200-disable-ghostscript-formats.patch in 8:6.9.10.23+dfsg-2.1+deb10u1, but opens
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe47b172f7460dae754a9047d5e6de13ecf5bfad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe47b172f7460dae754a9047d5e6de13ecf5bfad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210104/5185e042/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list