[Git][security-tracker-team/security-tracker][master] Track CVE fixes for imagemagick after upload to unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df0dbc18 by Salvatore Bonaccorso at 2023-10-26T07:37:22+02:00
Track CVE fixes for imagemagick after upload to unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17484,7 +17484,7 @@ CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" fie
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2023-3428 (A heap-based buffer overflow vulnerability was found  in coders/tiff.c ...)
 	[experimental] - imagemagick 8:6.9.12.98+dfsg1-1
-	- imagemagick <unfixed>
+	- imagemagick 8:6.9.12.98+dfsg1-2
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13)
 	NOTE: Prerequisite: https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 (6.9.12-55)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5 (6.9.12-91)
@@ -19380,7 +19380,7 @@ CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random
 CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...)
-	- imagemagick <unfixed>
+	- imagemagick 8:6.9.12.98+dfsg1-2
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <no-dsa> (Minor issue)
@@ -24563,7 +24563,7 @@ CVE-2023-2159 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is
 CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user impersonatio ...)
 	NOT-FOR-US: Code Dx
 CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...)
-	- imagemagick <unfixed> (bug #1036476)
+	- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <no-dsa> (Minor issue)
@@ -28448,7 +28448,7 @@ CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile Compari
 CVE-2023-1907
 	RESERVED
 CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick's Imp ...)
-	- imagemagick <unfixed> (bug #1034373)
+	- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <no-dsa> (Minor issue)
@@ -77171,7 +77171,7 @@ CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can
 CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
 	NOT-FOR-US: Delta
 CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
-	- imagemagick <unfixed> (bug #1021141)
+	- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1021141)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <no-dsa> (Minor issue)
@@ -99186,7 +99186,7 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45)
 CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw ouccers a ...)
-	- imagemagick <unfixed> (bug #1036999)
+	- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <no-dsa> (Minor issue)
@@ -112710,7 +112710,7 @@ CVE-2022-1117 (A vulnerability was found in fapolicyd. The vulnerability occurs
 CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of Linux Kern ...)
 	- linux <not-affected> (Vulnerable code not present; introduced in 5.4.24; fixed in 5.4.189)
 CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortP ...)
-	- imagemagick <unfixed> (bug #1013282)
+	- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1013282)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <not-affected> (code is introduced later)
@@ -165645,7 +165645,7 @@ CVE-2021-3611 (A stack overflow vulnerability was found in the Intel HD Audio de
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/79fa99831debc9782087e834382c577215f2f511 (v7.0.0-rc1)
 CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagick in ...)
 	[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
-	- imagemagick <unfixed> (bug #1037090)
+	- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1037090)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0dbc185151bad2d53084a7492e10b7e54b71b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0dbc185151bad2d53084a7492e10b7e54b71b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231026/f58c90e7/attachment.htm>