[Git][security-tracker-team/security-tracker][master] imagemagick DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 22 18:53:20 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7be9fc49 by Moritz Mühlenhoff at 2024-02-22T19:52:46+01:00
imagemagick DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -50948,8 +50948,6 @@ CVE-2023-1907
RESERVED
CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick's Imp ...)
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373)
- [bookworm] - imagemagick <no-dsa> (Minor issue)
- [bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d (ImageMagick 6.9.12-84)
@@ -56193,8 +56191,6 @@ CVE-2023-1290 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially create ...)
- imagemagick 8:6.9.12.98+dfsg1-2
- [bookworm] - imagemagick <no-dsa> (Minor issue)
- [bullseye] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4 (7.1.1-0)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368 (6.9.12-78)
@@ -121847,8 +121843,6 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45)
CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw ouccers a ...)
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999)
- [bookworm] - imagemagick <no-dsa> (Minor issue)
- [bullseye] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/6341
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158 (7.1.1-10)
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/133089f716f23ce0b80d89ccc1fd680960235512 (6.9.12-88)
@@ -135373,8 +135367,6 @@ CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of Linux
- linux <not-affected> (Vulnerable code not present; introduced in 5.4.24; fixed in 5.4.189)
CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortP ...)
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1013282)
- [bookworm] - imagemagick <no-dsa> (Minor issue)
- [bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <not-affected> (code is introduced later)
[stretch] - imagemagick <not-affected> (code is introduced later)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974
@@ -188329,8 +188321,6 @@ CVE-2021-3611 (A stack overflow vulnerability was found in the Intel HD Audio de
CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagick in ...)
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1037090)
- [bookworm] - imagemagick <no-dsa> (Minor issue)
- [bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
NOTE: ImageMagick6 prerequisite for <= 6.9.10-92: https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[22 Feb 2024] DSA-5628-1 imagemagick - security update
+ {CVE-2021-3610 CVE-2022-1115 CVE-2023-1289 CVE-2023-1906 CVE-2023-3428 CVE-2023-5341 CVE-2023-34151}
+ [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u3
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u1
[21 Feb 2024] DSA-5627-1 firefox-esr - security update
{CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549 CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553}
[bullseye] - firefox-esr 115.8.0esr-1~deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -35,8 +35,6 @@ gtkwave
--
h2o (jmm)
--
-imagemagick (jmm)
---
iwd (carnil)
--
libreswan (jmm)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be9fc498323335ae74a8e9f3bbdfbc5a499680c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be9fc498323335ae74a8e9f3bbdfbc5a499680c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240222/1b5b6b10/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list