[Git][security-tracker-team/security-tracker][master] Track CVE fixes for imagemagick after upload to unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 26 06:41:50 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df0dbc18 by Salvatore Bonaccorso at 2023-10-26T07:37:22+02:00
Track CVE fixes for imagemagick after upload to unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17484,7 +17484,7 @@ CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" fie
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2023-3428 (A heap-based buffer overflow vulnerability was found in coders/tiff.c ...)
[experimental] - imagemagick 8:6.9.12.98+dfsg1-1
- - imagemagick <unfixed>
+ - imagemagick 8:6.9.12.98+dfsg1-2
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13)
NOTE: Prerequisite: https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 (6.9.12-55)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5 (6.9.12-91)
@@ -19380,7 +19380,7 @@ CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random
CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...)
- - imagemagick <unfixed>
+ - imagemagick 8:6.9.12.98+dfsg1-2
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -24563,7 +24563,7 @@ CVE-2023-2159 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is
CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user impersonatio ...)
NOT-FOR-US: Code Dx
CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...)
- - imagemagick <unfixed> (bug #1036476)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -28448,7 +28448,7 @@ CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile Compari
CVE-2023-1907
RESERVED
CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick's Imp ...)
- - imagemagick <unfixed> (bug #1034373)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -77171,7 +77171,7 @@ CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can
CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
NOT-FOR-US: Delta
CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
- - imagemagick <unfixed> (bug #1021141)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1021141)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -99186,7 +99186,7 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45)
CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw ouccers a ...)
- - imagemagick <unfixed> (bug #1036999)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -112710,7 +112710,7 @@ CVE-2022-1117 (A vulnerability was found in fapolicyd. The vulnerability occurs
CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of Linux Kern ...)
- linux <not-affected> (Vulnerable code not present; introduced in 5.4.24; fixed in 5.4.189)
CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortP ...)
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1013282)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <not-affected> (code is introduced later)
@@ -165645,7 +165645,7 @@ CVE-2021-3611 (A stack overflow vulnerability was found in the Intel HD Audio de
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/79fa99831debc9782087e834382c577215f2f511 (v7.0.0-rc1)
CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagick in ...)
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1037090)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1037090)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0dbc185151bad2d53084a7492e10b7e54b71b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0dbc185151bad2d53084a7492e10b7e54b71b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231026/f58c90e7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list