[Git][security-tracker-team/security-tracker][master] CVE-2020-29599: clarify there are two vectors for IM6

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 29 19:50:53 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ab722fd by Salvatore Bonaccorso at 2022-11-29T20:47:51+01:00
CVE-2020-29599: clarify there are two vectors for IM6

52bd38de3f9d ("Remove prefixed whitespaces") or any call trough
writecvelist would have removed the leading whitespaces. But the
intention in the initial formatting was to make clear there are two
vectors for the issue for IM6. Make them two "enumerated" items to
restore the intention.

Thanks: Sylvain Beucler <beuc at beuc.net>
Thanks: Roberto C. Sánchez <roberto at debian.org>
Fixes: 52bd38de3f9d ("Remove prefixed whitespaces")

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -147479,10 +147479,10 @@ CVE-2020-29599 (ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles
 	NOTE: cf 200-disable-ghostscript-formats.patch in 8:6.9.10.23+dfsg-2.1+deb10u1, but opens
 	NOTE: #964090.
 	NOTE: 2 vectors for IM6:
-	NOTE: - stealth (ps:* delegates, hard-coded options)
+	NOTE: 1. stealth (ps:* delegates, hard-coded options)
 	NOTE: broken between 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2) and 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1)
 	NOTE: '-authenticate' replaced by '-define authenticate=' between 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1) and 83ec5b above
-	NOTE: - bimodal ('-define delegate:bimodal=true' + pdf->(e)ps delegates, %a expansion) after 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2)
+	NOTE: 2. bimodal ('-define delegate:bimodal=true' + pdf->(e)ps delegates, %a expansion) after 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2)
 CVE-2020-29598
 	REJECTED
 CVE-2020-29597 (IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab722fdde037cc62759d2b02c0809dcd293b997

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab722fdde037cc62759d2b02c0809dcd293b997
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221129/df81b67b/attachment.htm>

More information about the debian-security-tracker-commits mailing list