[Git][security-tracker-team/security-tracker][master] Reserve DLA-1968-1 for imagemagick

Mon, 21 Oct 2019 01:45:08 -0700 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b128825 by Hugo Lefeuvre at 2019-10-21T08:44:03Z
Reserve DLA-1968-1 for imagemagick

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Oct 2019] DLA-1968-1 imagemagick - security update
+       {CVE-2019-11470 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140}
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u18
 [21 Oct 2019] DLA-1967-1 libpcap - security update
        {CVE-2019-15165}
        [jessie] - libpcap 1.6.2-2+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -32,16 +32,6 @@ hdf5
 ibus
   NOTE: 20191020: Fix for regression in KDE apps still not available (apo)
 --
-imagemagick (Hugo Lefeuvre)
-  NOTE: CVE-2019-13391, CVE-2019-13308: patch is large, undocumented and 
potentially
-  NOTE: insufficient. wait for upstream to answer on bug report, or tag 
<ignored>.
-  NOTE: CVE-2019-10131: patch is sufficient, but technically so-so in my 
opinion:
-  NOTE: instead of avoiding off-by-one reads (check length BEFORE reading, not 
after!)
-  NOTE: we allocate one more byte. this works, but does not 'obviously' fix 
the issue and
-  NOTE: can be misleading... DEP3 comments would be nice. (hle)
-  NOTE: 20191019: preparing an update for the new batch of CVEs.
-  NOTE: CVE-2019-17540: unclear upstream fixes in ImageMagick6, this is very 
messy.
---
 imapfilter
   NOTE: 20190910: No patch exists but a possible solution. Note that openssl in
   NOTE: Jessie is < 1.0.2. (apo)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b128825ec0ad730303a944b6d0c446a8d3a9613

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b128825ec0ad730303a944b6d0c446a8d3a9613
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to