[Git][security-tracker-team/security-tracker][master] Reserve DLA-3429-1 for imagemagick

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed2d1ded by Bastien Roucariès at 2023-05-21T22:08:26+00:00
Reserve DLA-3429-1 for imagemagick

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -76193,7 +76193,6 @@ CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before
 CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...)
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033
@@ -76203,7 +76202,6 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
 CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...)
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091812
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4985
@@ -76213,7 +76211,6 @@ CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the
 CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...)
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091811
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4962
@@ -88387,7 +88384,6 @@ CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.)
 	{DLA-3007-1}
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
-	[buster] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4988
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680
@@ -132077,7 +132073,6 @@ CVE-2021-39213 (GLPI is a free Asset and IT management software package. Startin
 CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...)
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #996588)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
-	[buster] - imagemagick <no-dsa> (Minor issue)
 	[stretch] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68
@@ -180993,7 +180988,6 @@ CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A pot
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
 	NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
 CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...)
@@ -181001,7 +180995,6 @@ CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an int
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
 CVE-2021-20311 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...)
@@ -181016,7 +181009,6 @@ CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and be
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f
 CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers  ...)
@@ -181310,7 +181302,6 @@ CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An att
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74
@@ -181319,7 +181310,6 @@ CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker wh
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca
@@ -181328,7 +181318,6 @@ CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c.
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02
@@ -181337,7 +181326,6 @@ CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attac
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745	 (resize.c hunk)
@@ -181348,7 +181336,6 @@ CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
 	- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
 	[bullseye] - imagemagick <ignored> (Minor issue)
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
@@ -181688,7 +181675,6 @@ CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string
 CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 ...)
 	{DLA-2602-1}
 	- imagemagick 8:6.9.11.57+dfsg-1
-	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 May 2023] DLA-3429-1 imagemagick - security update
+	{CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547}
+	[buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5
 [20 May 2023] DLA-3428-1 node-nth-check - security update
 	{CVE-2021-3803}
 	[buster] - node-nth-check 1.0.1-1+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed2d1dedb70edc89a09214fcfe3210493e74901b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed2d1dedb70edc89a09214fcfe3210493e74901b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230521/7061c85f/attachment.htm>