imagemagick

Salvatore Bonaccorso Fri, 05 Jul 2019 04:29:02 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cebe3d91 by Salvatore Bonaccorso at 2019-07-05T11:23:48Z
Add CVE-2019-13295/imagemagick

- - - - -
fe517422 by Salvatore Bonaccorso at 2019-07-05T11:24:09Z
Add relation note of CVE-2019-13297 with CVE-2019-13295

- - - - -
ac058e26 by Salvatore Bonaccorso at 2019-07-05T11:27:21Z
Add Debian bug reference for CVE-2019-13297/imagemagick

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,15 +49,17 @@ CVE-2019-13299 (ImageMagick 7.0.8-50 Q16 has a heap-based 
buffer over-read at Ma
 CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at 
MagickCor ...)
        TODO: check
 CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at 
MagickCo ...)
-       - imagemagick <unfixed>
+       - imagemagick <unfixed> (bug #931455)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
        NOTE: Some older version before the fixing commit did as well not check 
for
-       NOTE: width size.
+       NOTE: width size (cf. CVE-2019-13295).
 CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in 
AcquireMagickMemor ...)
        TODO: check
 CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at 
MagickCo ...)
-       TODO: check
+       - imagemagick <unfixed>
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
 CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. 
import_stud ...)
        NOT-FOR-US: AROX School-ERP Pro
 CVE-2019-13293



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fe4aa7075e8d8e74b2dc1410b338cc127c3a2772...ac058e26eb94ba3efc4c1ef646a2503e2d827379

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fe4aa7075e8d8e74b2dc1410b338cc127c3a2772...ac058e26eb94ba3efc4c1ef646a2503e2d827379
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2019-13295/imagemagick

Reply via email to