Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6fa83c37 by Hugo Lefeuvre at 2019-08-16T14:41:26Z
imagemagick triage for jessie
CVE-2019-14981 is an arithmetic exception, security impact is low. Can
still be fixed along with more important patches later, but no-dsa for
now.
CVE-2019-13391 and CVE-2019-13308 would be nice to fix, but the patch
is badly documented and blindly applying a 50+ lines diff won't do any
good. Wait for upstream to answer questions about the changes.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -468,6 +468,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an
integer overflow vulnerabil
TODO: check
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41,
there is ...)
- imagemagick <unfixed>
+ [jessie] - imagemagick <no-dsa> (minor issue, low security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42,
there is ...)
@@ -5927,6 +5928,7 @@ CVE-2019-13392
RESERVED
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in
MagickCore/fourier.c has ...)
- imagemagick <unfixed> (bug #931633)
+ [jessie] - imagemagick <postponed> (minor, wait for upstream to clear
patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch
@@ -6129,6 +6131,7 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks
at AcquireMagickMemory
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in
MagickCor ...)
- imagemagick <unfixed> (bug #931447)
+ [jessie] - imagemagick <postponed> (minor, wait for upstream to clear
patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at
MagickCor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fa83c375ddad275bffe9aa828674819d3f783f8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fa83c375ddad275bffe9aa828674819d3f783f8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
