[Git][security-tracker-team/security-tracker][master] CVE-2017-12670/imagemagick: stretch ignored

Sylvain Beucler beuc at debian.org
Fri Jan 8 14:36:30 GMT 2021 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1e30afe by Sylvain Beucler at 2021-01-08T15:33:30+01:00
CVE-2017-12670/imagemagick: stretch ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -182739,6 +182739,7 @@ CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was fou
 	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/77fcc8d92a602299a23be9ac76887ba6cfe50bd3
 CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was foun ...)
 	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/736
@@ -214630,11 +214631,13 @@ CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through
 CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c,  ...)
 	{DLA-1785-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
-	[stretch] - imagemagick <postponed> (Minor issue)
+	[stretch] - imagemagick <ignored> (Minor issue, PoC triggers earlier assertion, fix reverted upstream)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
-	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
-	NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
-	NOTE: Upstream patch is apparently incomplete. POC still triggers segfault.
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9f1a91d93871cc6a5c0b99e8bacad4d730acf36
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/de8cdeceafdc7bbdfcc55cd08e6a8b0cc979c91c
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/75db34b6a4d642cb6f88c792942de27490c900e0
+	NOTE: fix reverted with CVE-2017-18029
 CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...)
 	{DLA-2366-1 DLA-1785-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1e30afe1724787b599a8a425e9ce247fed292f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1e30afe1724787b599a8a425e9ce247fed292f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210108/0b68d583/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list