Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4803cef7 by Hugo Lefeuvre at 2019-07-25T14:36:11Z CVE-2019-13391/imagemagick: upstream patch broken This patch is partly reverted by the CVE-2019-13308 patch and the remaining part does not seem to be related to the actual issue (it seems to fix unrelated memory leaks). This should only be applied together with the CVE-2019-13308 patch, https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511e - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2835,6 +2835,8 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier - imagemagick <unfixed> (bug #931633) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984 + NOTE: Patch is insufficient, and most likely broken. It is partly reverted by + NOTE: the CVE-2019-13308 patch, which seems to be the actual patch for this issue. CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...) - ffmpeg <unfixed> (low; bug #932535) [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4803cef7ae2236a496fab0ec13e91a62945e310d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4803cef7ae2236a496fab0ec13e91a62945e310d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
