imagemagick

Salvatore Bonaccorso Mon, 23 Sep 2019 13:54:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0eae5cd9 by Salvatore Bonaccorso at 2019-09-23T20:52:01Z
Track new CVE-2019-167{08,09,10,11,12,13}/imagemagick

New ImageMagick issues, but mark them for this round staight to
unimportant as they consist only of memory leak issues.

It has not properly checked though if they affect the ImageMagick6
version at all. But better mark those as unfixed (wrongly) as
not-affected (possibly wrongly).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,17 +26,23 @@ CVE-2019-16716
 CVE-2019-16715
        RESERVED
 CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as 
demonstrate ...)
-       TODO: check
+       - imagemagick <unfixed> (unimportant)
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/1558
 CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage 
in code ...)
-       TODO: check
+       - imagemagick <unfixed> (unimportant)
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/1557
 CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage 
in code ...)
-       TODO: check
+       - imagemagick <unfixed> (unimportant)
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/1542
 CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as 
demonstrate ...)
-       TODO: check
+       - imagemagick <unfixed> (unimportant)
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/1528
 CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as 
demonstrate ...)
-       TODO: check
+       - imagemagick <unfixed> (unimportant)
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
 CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, 
related to ...)
-       TODO: check
+       - imagemagick <unfixed> (unimportant)
+       NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
 CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in 
SuggestMgr::leftcommon ...)
        TODO: check
 CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user 
account via ad ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eae5cd99befa4f3145d453ccb4b8e9cee895cda

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eae5cd99befa4f3145d453ccb4b8e9cee895cda
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track new CVE-2019-167{08,09,10,11,12,13}/imagemagick

Reply via email to