[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3254{5,6,7}/imagemagick

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38afd978 by Salvatore Bonaccorso at 2022-06-16T22:33:58+02:00
Add CVE-2022-3254{5,6,7}/imagemagick

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2883,11 +2883,26 @@ CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been de
 CVE-2022-32548
 	RESERVED
 CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033
+	NOTE: https://github.com/ImageMagick/ImageMagick/pull/5034
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45)
 CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091812
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4985
+	NOTE: https://github.com/ImageMagick/ImageMagick/pull/4986
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23 (7.1.0-29)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943 (6.9.12-44)
 CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091811
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4962
+	NOTE: https://github.com/ImageMagick/ImageMagick/pull/4963
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512 (7.1.0-28)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa (6.9.12-43)
 CVE-2022-32543
 	RESERVED
 CVE-2022-32542



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38afd978611b6e924656de40d91d7755203495e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38afd978611b6e924656de40d91d7755203495e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220616/fc7e03d4/attachment.htm>