[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags for upcoming imagemagick update.
Markus Koschany
apo at debian.org
Mon Mar 22 06:18:53 GMT 2021
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
070fb7be by Markus Koschany at 2021-03-22T07:17:10+01:00
Remove no-dsa tags for upcoming imagemagick update.
- - - - -
8574a397 by Markus Koschany at 2021-03-22T07:18:41+01:00
Reserve DLA-2602-1 for imagemagick
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21095,7 +21095,6 @@ CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations
CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...)
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74
@@ -21109,7 +21108,6 @@ CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker wh
CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...)
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
NOTE: In IM6 the code seems to be in magick/fx.c
@@ -21124,7 +21122,6 @@ CVE-2021-20242
CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...)
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
@@ -31989,14 +31986,12 @@ CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An at
CVE-2020-27775 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1737
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a2166bfb1049bac4c0f7b8b5d3ef86a1f48470b2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/78d9987ae80a95865c9f139afde0dcf3fd832ddc
CVE-2020-27774 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN shift exponent warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1743
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d
@@ -32010,14 +32005,12 @@ CVE-2020-27773 (A flaw was found in ImageMagick in MagickCore/gem-private.h. An
CVE-2020-27772 (A flaw was found in ImageMagick in coders/bmp.c. An attacker who submi ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1749
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a1142af44f61c038ad3eccc099c5b9548b507846
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7f819ef8855608d9cb1ded5e4f30cdfff1da7c11
CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas where ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1753
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/872ffe6d0131beec8b47568a4874ffaca91a872e
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62
@@ -32025,7 +32018,6 @@ CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas
CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is possible ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN offset overflowed warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1721
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/be90a5395695f0d19479a5d46b06c678be7f7927
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c01495f91ac71c5205f52713430b68e80d851149
@@ -32033,28 +32025,24 @@ CVE-2020-27769
RESERVED
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d
CVE-2020-27768 (In ImageMagick, there is an outside the range of representable values ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1751
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/95d4e94e0353e503b71a53f5e6fad173c7c70c90
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/8c6e86f81968fab1710317d87b00c608108e6a2a
CVE-2020-27767 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1741
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/564f2a35e523e2b6cce9485018157f03ec05a947
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c2f66e7fc9189a652f77a021bd047c4146d634d1
CVE-2020-27766 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1734
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d
@@ -32069,7 +32057,6 @@ CVE-2020-27765 (A flaw was found in ImageMagick in MagickCore/segment.c. An atta
CVE-2020-27764 (In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOp ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1735
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5
CVE-2020-27763 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...)
@@ -32082,14 +32069,12 @@ CVE-2020-27763 (A flaw was found in ImageMagick in MagickCore/resize.c. An attac
CVE-2020-27762 (A flaw was found in ImageMagick in coders/hdr.c. An attacker who submi ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1713
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7db3fa20893d557259da6e99e111954de83d2495
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e10f7c3c9f0394dfd6ebd372bc34a172dabc8ff
CVE-2020-27761 (WritePALMImage() in /coders/palm.c used size_t casts in several areas ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1726
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/db5e12e24f1378ce8c93a5c35991dcdd23a67bb0
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/14c90fb315eb3666a4cf6d784cbde74c69c934ec
@@ -32103,21 +32088,18 @@ CVE-2020-27760 (In `GammaImage()` of /MagickCore/enhance.c, depending on the `ga
CVE-2020-27759 (In IntensityCompare() of /MagickCore/quantize.c, a double value was be ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1720
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/d44f8a35558951a21367d306a42e5a097f3a43fe
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/460dea07066e2001bc4671fcd8d53233f0fc29b3
CVE-2020-27758 (A flaw was found in ImageMagick in coders/txt.c. An attacker who submi ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1719
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f0a8d407b2801174fd8923941a9e7822f7f9a506
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e5e15b4456c825f78554e2ef1cc6344fa1218448
CVE-2020-27757 (A floating point math calculation in ScaleAnyToQuantum() of /MagickCor ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1712
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/e88532bd4418e95b70cbc415fe911d22ab27a5fd
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ded073520c133421f842160d3a9e207788f55a90
@@ -32137,7 +32119,6 @@ CVE-2020-27755 (in SetImageExtent() of /MagickCore/image.c, an incorrect image d
CVE-2020-27754 (In IntensityCompare() of /magick/quantize.c, there are calls to PixelP ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1754
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233
@@ -37406,14 +37387,12 @@ CVE-2020-25677 (A flaw was found in Ceph-ansible v4.0.41 where it creates an /et
NOT-FOR-US: ceph Ansible module
CVE-2020-25676 (In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), Inte ...)
- imagemagick 8:6.9.11.24+dfsg-1
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1732
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/406da3af9e09649cda152663c179902edf5ab3ac
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/94aeb3c40d25aee1051ba8eb3a31601558ef2506
CVE-2020-25675 (In the CropImage() and CropImageToTiles() routines of MagickCore/trans ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1731
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/64dc80b2e1907f7f20bf34d4df9483f938b0de71
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6b169173585127299f4724f7880b575879c7f033
@@ -37468,7 +37447,6 @@ CVE-2020-25667 (TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes
CVE-2020-25666 (There are 4 places in HistogramCompare() in MagickCore/histogram.c whe ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1750
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94691f00839dbdf43edb1508af945ab19b388573
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/91ae12c57f3b9b23f2072462c27a8378b59f395e
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Mar 2021] DLA-2602-1 imagemagick - security update
+ {CVE-2020-25666 CVE-2020-25675 CVE-2020-25676 CVE-2020-27754 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27761 CVE-2020-27762 CVE-2020-27764 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27774 CVE-2020-27775 CVE-2021-20176 CVE-2021-20241 CVE-2021-20244 CVE-2021-20246}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u12
[21 Mar 2021] DLA-2558-2 xterm - regression update
[stretch] - xterm 327-2+deb9u2
[20 Mar 2021] DLA-2601-1 cloud-init - security update
=====================================
data/dla-needed.txt
=====================================
@@ -67,8 +67,6 @@ golang-gogoprotobuf
--
gsoap
--
-imagemagick (Markus Koschany)
---
libebml (Thorsten Alteholz)
NOTE: 20210307: testing package
NOTE: 20210321: preparing buster debdiff as well
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd9f2a2c075bf9faabc5dfbbe1a878744994cf08...8574a397c7919e8c6de071830361ded75874e105
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd9f2a2c075bf9faabc5dfbbe1a878744994cf08...8574a397c7919e8c6de071830361ded75874e105
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210322/08c107c1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list