[Git][security-tracker-team/security-tracker][master] CVE-2023-1289/imagemagick

Bastien Roucariès (@rouca) rouca at debian.org
Fri Jul 19 22:18:44 BST 2024 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17a7eb6f by Bastien Roucariès at 2024-07-19T21:17:49+00:00
CVE-2023-1289/imagemagick

Add more information about incomplete fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -103237,7 +103237,16 @@ CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially c
 	- imagemagick 8:6.9.12.98+dfsg1-2
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4 (7.1.1-0)
-	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368 (6.9.12-78)
+	NOTE: Multiple regression or incomplete fixes were identified, and a few upstream version are incomplete
+	NOTE: [1/9] https://github.com/ImageMagick/ImageMagick6/commit/e8c0090c6d2df7b1553053dca2008e96724204bf
+	NOTE: [2/9] https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368
+	NOTE: [3/9] https://github.com/ImageMagick/ImageMagick6/commit/ddc718eaa93767ceae286e171296b5fbb0bbd812
+	NOTE: [4/9] https://github.com/ImageMagick/ImageMagick6/commit/1485a4c2cba8ca32981016fa25e7a15ef84f06f6
+	NOTE: [5/9] https://github.com/ImageMagick/ImageMagick6/commit/84ec30550c3146f525383f18a786a6bbd5028a93
+	NOTE: [6/9] https://github.com/ImageMagick/ImageMagick6/commit/4dd4d0df449acb13fb859041b4996af58243e352
+	NOTE: [7/9] https://github.com/ImageMagick/ImageMagick6/commit/f4529c0dcf3a8f96c438086b28fbef8338cda0b1
+	NOTE: [8/9] https://github.com/ImageMagick/ImageMagick6/commit/75aac79108af0c0b0d7fc88b1f09c340b0d62c85
+	NOTE: [9/9] https://github.com/ImageMagick/ImageMagick6/commit/060660bf45e0771cf0431e5c2749aa51fabf23f8
 CVE-2023-1288 (An XML External Entity injection (XXE) vulnerability in ENOVIA Live Co ...)
 	NOT-FOR-US: ENOVIA Live Collaboration V6R2013xE
 CVE-2023-1287 (An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a7eb6f17e52add682e0e8fed792b12eb5d938f

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a7eb6f17e52add682e0e8fed792b12eb5d938f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240719/9422af7d/attachment.htm>

More information about the debian-security-tracker-commits mailing list