[Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-3610

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 30 20:01:46 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2209b23 by Salvatore Bonaccorso at 2023-05-30T20:57:47+02:00
Update information for CVE-2021-3610

Bastien clarified offlist what the intention was with 35d5f19cddcd
("Mark CVE-2021-3610 not for buster"), that is that those commits needs
to be applied first before able to address the CVEs with the two
identified commits. While we do not necessarily to this keep this
information in the tracker now.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -143467,12 +143467,12 @@ CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagi
 	- imagemagick <unfixed>
 	[buster] - imagemagick <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
-	NOTE: Imagemagick6 <= 6.9.10-92 https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a
-	NOTE: Imagemagick6 <= 6.9.11-10 https://github.com/ImageMagick/ImageMagick6/commit/7374894385161859ffbb84e280fcc89e7ae257e4
-	NOTE: ImageMagick6 <= 6.9.11-54 https://github.com/ImageMagick/ImageMagick6/commit/cdb67005376bcc8cbb0b743fb22787794cd30eb
+	NOTE: ImageMagick6 prerequisite for <= 6.9.10-92: https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a
+	NOTE: ImageMagick6 prerequisite for <= 6.9.11-10: https://github.com/ImageMagick/ImageMagick6/commit/7374894385161859ffbb84e280fcc89e7ae257e4
+	NOTE: ImageMagick6 prerequisite for <= 6.9.11-54: https://github.com/ImageMagick/ImageMagick6/commit/cdb67005376bcc8cbb0b743fb22787794cd30ebc
 	NOTE: ImageMagick6 [1/2]: https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6
 	NOTE: ImageMagick6 [2/2]: https://github.com/ImageMagick/ImageMagick6/commit/c75ae771a00c38b757c5ef4b424b51e761b02552
-	NOTE: Introduced by 6.9.10.88 (Support 32-bit tiles TIFF images) by https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef4769af583dd2
+	NOTE: Introduced by (Support 32-bit tiles TIFF images): https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef4769af583dd2 (6.9.10-88)
 CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...)
 	NOT-FOR-US: Kaspersky
 CVE-2021-35052 (A component in Kaspersky Password Manager could allow an attacker to e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2209b23995d2d18ac36ef42b3dcde0f967e3151

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2209b23995d2d18ac36ef42b3dcde0f967e3151
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230530/d0b6aaf5/attachment.htm>

More information about the debian-security-tracker-commits mailing list