[Git][security-tracker-team/security-tracker][master] According to bd44f3fa4db9 ("Update note about CVE-2020-27776")

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 2 20:47:15 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19858c79 by Salvatore Bonaccorso at 2021-06-02T21:44:28+02:00
According to bd44f3fa4db9 ("Update note about CVE-2020-27776")
CVE-2020-27776 was fixed together with the fix for CVE-2020-27764.

Thus the ignored state would be in fract be "wrong" but rather marked as
fixed in the respective version. Given there was DLA 2602-1 covering
those sets of CVEs move the listing of the CVE there.

Alternatively a [stretch] - imagemagick entry with the fixed version
would have been a viable (and practiced) alternative when one does not
want to modify the CVE list of a D[LS]A.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44391,7 +44391,6 @@ CVE-2020-27777 (A flaw was found in the way RTAS handled memory accesses in user
 CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
-	[stretch] - imagemagick <ignored> (Fixed already together with CVE-2020-27764)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1736
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/0c92913ec5705300943703f1795f34c0cc25164e
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5


=====================================
data/DLA/list
=====================================
@@ -210,7 +210,7 @@
 	{CVE-2019-11372 CVE-2019-11373 CVE-2020-15395 CVE-2020-26797}
 	[stretch] - libmediainfo 0.7.91-1+deb9u1
 [22 Mar 2021] DLA-2602-1 imagemagick - security update
-	{CVE-2020-25666 CVE-2020-25675 CVE-2020-25676 CVE-2020-27754 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27761 CVE-2020-27762 CVE-2020-27764 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27774 CVE-2020-27775 CVE-2021-20176 CVE-2021-20241 CVE-2021-20244 CVE-2021-20246}
+	{CVE-2020-25666 CVE-2020-25675 CVE-2020-25676 CVE-2020-27754 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27761 CVE-2020-27762 CVE-2020-27764 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2021-20176 CVE-2021-20241 CVE-2021-20244 CVE-2021-20246}
 	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u12
 [21 Mar 2021] DLA-2558-2 xterm - regression update
 	[stretch] - xterm 327-2+deb9u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19858c7934dc3ffee8bf09727b9b4d99c3867aa9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19858c7934dc3ffee8bf09727b9b4d99c3867aa9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210602/b3249570/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list