[Git][security-tracker-team/security-tracker][master] Track fixed version for various imagemagick issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Feb 5 14:37:36 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a66c09cd by Salvatore Bonaccorso at 2023-02-05T15:37:15+01:00
Track fixed version for various imagemagick issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55482,7 +55482,7 @@ CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been de
CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before July 2 ...)
NOT-FOR-US: DrayTek Vigor router
CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...)
- - imagemagick <unfixed> (bug #1016442)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -55492,7 +55492,7 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45)
CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...)
- - imagemagick <unfixed> (bug #1016442)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -55502,7 +55502,7 @@ CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23 (7.1.0-29)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943 (6.9.12-44)
CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...)
- - imagemagick <unfixed> (bug #1016442)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -67664,7 +67664,7 @@ CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS)
NOT-FOR-US: Apifox
CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. ...)
{DLA-3007-1}
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f
@@ -68968,7 +68968,7 @@ CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick’s Push
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
CVE-2022-1114 (A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInf ...)
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <not-affected> (Vulnerable code not present)
@@ -77230,7 +77230,7 @@ CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs pri
CVE-2021-4220
REJECTED
CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due to impro ...)
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <not-affected> (Vulnerable code introduced later)
[stretch] - imagemagick <postponed> (Minor issue, DoS)
@@ -111141,7 +111141,7 @@ CVE-2021-39213 (GLPI is a free Asset and IT management software package. Startin
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777
NOTE: Only supported behind an authenticated HTTP zone
CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...)
- - imagemagick <unfixed> (bug #996588)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #996588)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
@@ -124425,7 +124425,7 @@ CVE-2021-3575 (A heap-based buffer overflow was found in OpenJPEG. This flaw all
NOTE: https://github.com/uclouvain/openjpeg/issues/1347
CVE-2021-3574 (A vulnerability was found in ImageMagick-7.0.11-5, where executing a c ...)
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1027164)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1027164)
[bullseye] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3540
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9
@@ -159937,7 +159937,7 @@ CVE-2021-20314 (Stack buffer overflow in libspf2 versions below 1.2.11 when proc
CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A potential ...)
{DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
@@ -159945,7 +159945,7 @@ CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A pot
CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...)
{DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
@@ -159960,7 +159960,7 @@ CVE-2021-20310 (A flaw was found in ImageMagick in versions before 7.0.11, where
CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and before 6 ...)
{DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311
@@ -160254,7 +160254,7 @@ CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations
CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...)
{DLA-2602-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
@@ -160263,7 +160263,7 @@ CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An att
CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker who subm ...)
{DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176
@@ -160272,7 +160272,7 @@ CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker wh
CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...)
{DLA-2602-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
@@ -160281,7 +160281,7 @@ CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c.
CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...)
{DLA-2672-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193
@@ -160292,7 +160292,7 @@ CVE-2021-20242
CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...)
{DLA-2602-1}
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a66c09cda2ff46872ec6b3ea0412b037e3d9eba2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a66c09cda2ff46872ec6b3ea0412b037e3d9eba2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230205/7b08fc40/attachment.htm>
More information about the debian-security-tracker-commits
mailing list