Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: d24f85ca by Hugo Lefeuvre at 2019-10-19T15:19:55Z dla-needed: update imagemagick notes - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -33,16 +33,14 @@ ibus (Markus Koschany) NOTE: beware of the regression introduced by upstreams first patch -- imagemagick (Hugo Lefeuvre) - NOTE: 20190902: several minor postponed issues with simple patch: preparing an update - NOTE: just for them would be wasting time, but let's include these patches in a - NOTE: future update when new issues appear. NOTE: CVE-2019-13391, CVE-2019-13308: patch is large, undocumented and potentially NOTE: insufficient. wait for upstream to answer on bug report, or tag <ignored>. NOTE: CVE-2019-10131: patch is sufficient, but technically so-so in my opinion: NOTE: instead of avoiding off-by-one reads (check length BEFORE reading, not after!) NOTE: we allocate one more byte. this works, but does not 'obviously' fix the issue and NOTE: can be misleading... DEP3 comments would be nice. (hle) - NOTE: 20191015: two new CVEs, check. + NOTE: 20191019: preparing an update for the new batch of CVEs. + NOTE: CVE-2019-17540: unclear upstream fixes in ImageMagick6, this is very messy. -- imapfilter NOTE: 20190910: No patch exists but a possible solution. Note that openssl in View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d24f85ca6fc0382a1664e04b1e4c501b81a82f94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d24f85ca6fc0382a1664e04b1e4c501b81a82f94 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
