[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-27752,CVE-2020-25664,imagemagick: Mark as ignored for Stretch.
Markus Koschany
apo at debian.org
Wed Mar 10 22:45:49 GMT 2021
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8859535 by Markus Koschany at 2021-03-10T23:41:03+01:00
CVE-2020-27752,CVE-2020-25664,imagemagick: Mark as ignored for Stretch.
Minor issue. Not reproducible by upstream for now.
- - - - -
434ea99a by Markus Koschany at 2021-03-10T23:44:08+01:00
Claim imagemagick in dla-needed.txt.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -30146,9 +30146,13 @@ CVE-2020-27753 (There are several memory leaks in the MIFF coder in /coders/miff
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6f5d3d2cd94eb8361e07546c4bf72cb60681b984
CVE-2020-27752 (A flaw was found in ImageMagick in MagickCore/quantum-private.h. An at ...)
- imagemagick 8:6.9.11.24+dfsg-1
+ [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1752
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a9d563d3d73874312080d30dc4ba07cecad56192
- NOTE: ImageMagick6 commit provided by upstream pre-dates the vulnerable version and is the same as CVE-2020-25664, clarification on-going
+ NOTE: CVE-2020-27752 and CVE-2020-25664 were not reproducible by upstream.
+ NOTE: Previous patch was reverted. Original POC no longer available. It is
+ NOTE: impossible to determine whether there was a possible security vulnerability
+ NOTE: in the first place.
CVE-2020-27751 (A flaw was found in ImageMagick in MagickCore/quantum-export.c. An att ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
@@ -35451,6 +35455,7 @@ CVE-2020-25665 (The PALM image coder at coders/palm.c makes an improper call to
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ca80e93cc887fb8971ceba2eead2c74e2b927df4
CVE-2020-25664 (In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper ca ...)
- imagemagick 8:6.9.11.24+dfsg-1
+ [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1716
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/1f450bb5ba53d275de6d1cd086c98a0b549ad393
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/27d3ddedb73f63fa984ff5b4d66e07eef654070f
=====================================
data/dla-needed.txt
=====================================
@@ -64,6 +64,8 @@ golang-gogoprotobuf (Ola Lundqvist)
--
gsoap
--
+imagemagick (Markus Koschany)
+--
libebml (Thorsten Alteholz)
NOTE: 20210307: testing package (not yet finished)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97831b35c34327411a2aaa081f5c26b80eda67b9...434ea99a4b37d2b1ff30ec1a54d66fba8863e1e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97831b35c34327411a2aaa081f5c26b80eda67b9...434ea99a4b37d2b1ff30ec1a54d66fba8863e1e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210310/89f907dd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list