[Git][security-tracker-team/security-tracker][master] imagemagick triage for jessie

Hugo Lefeuvre Sat, 31 Aug 2019 15:11:29 -0700


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
743cfa0f by Hugo Lefeuvre at 2019-08-31T22:10:18Z
imagemagick triage for jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2443,7 +2443,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an 
integer overflow vulnerabil
        TODO: check
 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, 
there is  ...)
        - imagemagick <unfixed>
-       [jessie] - imagemagick <no-dsa> (minor issue, low security impact)
+       [jessie] - imagemagick <postponed> (can be fixed along with more 
important issues)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
 CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, 
there is  ...)
@@ -8223,7 +8223,7 @@ CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based 
buffer overflow in Mag
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
 CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at 
MagickCor ...)
        - imagemagick <unfixed> (bug #931448)
-       [jessie] - imagemagick <no-dsa> (Low tier issue, patch fairly intrusive)
+       [jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe
        NOTE: incomplete, introduces a memory leak, follow-up patches:
@@ -8261,7 +8261,7 @@ CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks 
in AcquireMagickMemory
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
 CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at 
MagickCor ...)
        - imagemagick <unfixed> (bug #931454)
-       [jessie] - imagemagick <no-dsa> (Low tier issue, patch fairly intrusive)
+       [jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450
 CVE-2019-13299 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at 
MagickCo ...)
@@ -9164,17 +9164,17 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is 
an integer overflow (cause
        NOTE: 
https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
 CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
        - imagemagick <unfixed> (bug #931189)
-       [jessie] - imagemagick <no-dsa> (minor security impact)
+       [jessie] - imagemagick <ignored> (minor security impact)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
 CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
        - imagemagick <unfixed> (bug #931190)
-       [jessie] - imagemagick <no-dsa> (minor security impact)
+       [jessie] - imagemagick <ignored> (minor security impact)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
 CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
        - imagemagick <unfixed> (bug #931191)
-       [jessie] - imagemagick <no-dsa> (minor security impact)
+       [jessie] - imagemagick <ignored> (minor security impact)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
 CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage 
function in ...)
@@ -13171,7 +13171,7 @@ CVE-2019-11470 (The cineon parsing component in 
ImageMagick 7.0.8-26 Q16 allows
        - imagemagick <unfixed> (low; bug #927830)
        [buster] - imagemagick <ignored> (Minor issue)
        [stretch] - imagemagick <ignored> (Minor issue)
-       [jessie] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <postponed> (can be fixed along with more 
important issues)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
 CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service 
(uncontrol ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/743cfa0f2fccd37aaa6729cd2f5472205b618632

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/743cfa0f2fccd37aaa6729cd2f5472205b618632
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] imagemagick triage for jessie

Reply via email to