Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
937062b6 by Moritz Muehlenhoff at 2020-03-15T23:08:32+01:00
graphicsmagick DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -49194,11 +49194,13 @@ CVE-2019-11507 (In Pulse Secure Pulse Connect Secure
(PCS) 8.3.x before 8.3R7.1
CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403
Q8, the ...)
{DLA-1795-1}
- graphicsmagick 1.4~hg15968-1
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/604/
CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403
Q8, ther ...)
{DLA-1795-1}
- graphicsmagick 1.4~hg15968-1
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/605/
CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
@@ -49303,12 +49305,14 @@ CVE-2019-11475
CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to
cause a deni ...)
{DLA-1795-1}
- graphicsmagick 1.4~hg15976-1
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to
cause a deni ...)
{DLA-1795-1}
- graphicsmagick 1.4~hg15976-1
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
@@ -50632,31 +50636,37 @@ CVE-2019-11011 (Akamai CloudTest before 58.30 allows
remote code execution. ...)
CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory
leak in ...)
{DLA-1755-1}
- graphicsmagick 1.4~hg15968-1 (bug #927029)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/601/
CVE-2019-11009 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a
heap-based buff ...)
{DLA-1755-1}
- graphicsmagick 1.4~hg15968-1 (bug #927029)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/597/
CVE-2019-11008 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a
heap-based buff ...)
{DLA-1755-1}
- graphicsmagick 1.4~hg15968-1 (bug #927029)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/599/
CVE-2019-11007 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a
heap-based buff ...)
{DLA-1755-1}
- graphicsmagick 1.4~hg15968-1 (bug #927029)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/596/
CVE-2019-11006 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a
heap-based buff ...)
{DLA-1755-1}
- graphicsmagick 1.4~hg15968-1 (bug #927029)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/598/
CVE-2019-11005 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a
stack-based buf ...)
- graphicsmagick 1.4~hg15968-1 (bug #927029)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
[jessie] - graphicsmagick <not-affected> (The vulnerable code is not
present)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/600/
@@ -72642,6 +72652,7 @@ CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer
Dereference in the function Sas
CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of
coders/dib.c ha ...)
{DLA-1619-1}
- graphicsmagick 1.4~hg15873-1 (bug #916752)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/585/
CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an
administrator acco ...)
@@ -72657,6 +72668,7 @@ CVE-2018-20186 (An issue was discovered in Bento4
1.5.1-627. AP4_Sample::ReadDat
CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit
platforms, there ...)
{DLA-1619-1}
- graphicsmagick 1.4~hg15880-1 (bug #916719)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: Partial fix:
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/582/
NOTE: Partial fix adressed in 1.4~hg15873-1, but according to
maintainer not yet
@@ -72666,6 +72678,7 @@ CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209
Q8 on 32-bit platforms,
CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a
heap-based buff ...)
{DLA-1619-1}
- graphicsmagick 1.4~hg15873-1 (bug #916721)
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b
NOTE: Upstream patch contains unrelated refactoring, trimmed down
version available on
NOTE: the Debian bug report: https://bugs.debian.org/916721#15
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[15 Mar 2020] DSA-4640-1 graphicsmagick - security update
+ {CVE-2019-19950 CVE-2019-19951 CVE-2019-19953}
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
+ [buster] - graphicsmagick 1.4~hg15978-1+deb10u1
[11 Mar 2020] DSA-4639-1 firefox-esr - security update
{CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811
CVE-2020-6812 CVE-2020-6814}
[stretch] - firefox-esr 68.6.0esr-1~deb9u1
=====================================
data/dsa-needed.txt
=====================================
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the
name of the source pa
--
bluez (carnil)
--
-graphicsmagick (jmm)
---
jruby/oldstable
--
libopenmpt
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/937062b6ddc856ebe33155b967bb9f6f183bf655
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/937062b6ddc856ebe33155b967bb9f6f183bf655
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
