[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-13297/imagemagick

Fri, 05 Jul 2019 04:22:58 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
972bfdd9 by Salvatore Bonaccorso at 2019-07-05T11:20:35Z
Add CVE-2019-13297/imagemagick

- - - - -
fe4aa707 by Salvatore Bonaccorso at 2019-07-05T11:22:08Z
Add Debian bug reference for CVE-2019-13300/imagemagick

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2019-13302 (ImageMagick 7.0.8-50 Q16 has a heap-based 
buffer over-read in Ma
 CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in 
AcquireMagickMemory becau ...)
        TODO: check
 CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at 
MagickCor ...)
-       - imagemagick <unfixed>
+       - imagemagick <unfixed> (bug #931454)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450
 CVE-2019-13299 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at 
MagickCo ...)
@@ -49,7 +49,11 @@ CVE-2019-13299 (ImageMagick 7.0.8-50 Q16 has a heap-based 
buffer over-read at Ma
 CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at 
MagickCor ...)
        TODO: check
 CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at 
MagickCo ...)
-       TODO: check
+       - imagemagick <unfixed>
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
+       NOTE: Some older version before the fixing commit did as well not check 
for
+       NOTE: width size.
 CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in 
AcquireMagickMemor ...)
        TODO: check
 CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at 
MagickCo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/873d178011842dab5c7ff6068f1bfad0b84d4cf4...fe4aa7075e8d8e74b2dc1410b338cc127c3a2772

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/873d178011842dab5c7ff6068f1bfad0b84d4cf4...fe4aa7075e8d8e74b2dc1410b338cc127c3a2772
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to