[Git][security-tracker-team/security-tracker][master] more imagemagick fixes in sid

Moritz Muehlenhoff Mon, 27 Jul 2020 08:45:41 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cf910d03 by Moritz Muehlenhoff at 2020-07-27T17:44:39+02:00
more imagemagick fixes in sid
qemu postponed

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -223,6 +223,7 @@ CVE-2020-15863 [stack-based overflow in  xgmac_enet_send() 
in hw/net/xgmac.c]
        RESERVED
        {DLA-2288-1}
        - qemu 1:5.0-12
+       [buster] - qemu <postponed> (Minor issue, can be fixed along in next 
DSA)
        NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
 CVE-2020-15862
@@ -233,6 +234,7 @@ CVE-2020-15860 (Parallels Remote Application Server (RAS) 
17.1.1 has a Business
        NOT-FOR-US: Parallels
 CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c 
because a gues ...)
        - qemu <unfixed> (bug #965978)
+       [buster] - qemu <postponed> (Minor issue, can be fixed along in next 
DSA)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
        NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
 CVE-2020-15858
@@ -48680,27 +48682,34 @@ CVE-2019-16715
        RESERVED
 CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as 
demonstrate ...)
        {DSA-4712-1}
-       - imagemagick <unfixed> (unimportant)
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1558
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/6954a3f7f1bf1dad417260c5965f2c30a64fa25e
 CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage 
in code ...)
-       - imagemagick <unfixed> (unimportant)
+       {DSA-4712-1}
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1557
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/451d0e4aadb17f16d15006aed379b71714d04a5d
 CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage 
in code ...)
        {DSA-4712-1}
-       - imagemagick <unfixed> (unimportant)
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1542
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/448f301a781405a45717bb53578475de06df973a
 CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as 
demonstrate ...)
        {DSA-4712-1}
-       - imagemagick <unfixed> (unimportant)
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1528
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/80deac0626d2d69e1da836d7d893db1e022b10fc
 CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as 
demonstrate ...)
-       - imagemagick <unfixed> (unimportant)
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        - graphicsmagick 1.4+really1.3.33+hg16117-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/13801f5d0bd7a6fdb119682d34946636afdb2629
 CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, 
related to ...)
        {DSA-4712-1}
-       - imagemagick <unfixed> (unimportant)
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/13801f5d0bd7a6fdb119682d34946636afdb2629
 CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in 
SuggestMgr::leftcommon ...)
        - hunspell 1.7.0-3 (unimportant; bug #941185)
        NOTE: Negligible security impact
@@ -53955,7 +53964,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an 
integer overflow vulnerabil
        NOTE: 
https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, 
there is  ...)
        {DSA-4712-1 DLA-1968-1}
-       - imagemagick <unfixed> (bug #955025)
+       - imagemagick 8:6.9.11.24+dfsg-1 (bug #955025)
        [stretch] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
@@ -60455,16 +60464,16 @@ CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c 
in FFmpeg 4.1.3 has a heap-b
        NOTE: Introduced in 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4
 CVE-2019-13311 (ImageMagick 7.0.8-50 Q16 has memory leaks at 
AcquireMagickMemory becau ...)
        {DSA-4712-1}
-       - imagemagick <unfixed> (unimportant)
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1623
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91
 CVE-2019-13310 (ImageMagick 7.0.8-50 Q16 has memory leaks at 
AcquireMagickMemory becau ...)
-       - imagemagick <unfixed> (unimportant)
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
 CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at 
AcquireMagickMemory becau ...)
        {DSA-4712-1}
-       - imagemagick <unfixed> (unimportant)
+       - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
 CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in 
MagickCor ...)


=====================================
data/DSA/list
=====================================
@@ -64,7 +64,7 @@
        {CVE-2019-13300 CVE-2019-13304 CVE-2019-13306 CVE-2019-13307 
CVE-2019-15140 CVE-2019-19948}
        [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u8
 [01 Jul 2020] DSA-4714-1 chromium - security update
-       {CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 
CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 
CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 
CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 
CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 
CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463 
CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 
CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 
CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 
CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 
CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 
CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 
CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506 
CVE-2020-6507 CVE-2020-6509 CVE-2020-6831}
+       {CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 
CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 
CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 
CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 
CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 
CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463 
CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 
CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 
CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 
CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 
CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 
CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 
CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506 
CVE-2020-6507 CVE-2020-6509 CVE-2020-6831 CVE-2019-16712}
        [buster] - chromium 83.0.4103.116-1~deb10u1
 [01 Jul 2020] DSA-4713-1 firefox-esr - security update
        {CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 
CVE-2020-12421}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf910d032516406742ed58ceec950e1fd1f4a5da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf910d032516406742ed58ceec950e1fd1f4a5da
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] more imagemagick fixes in sid

Reply via email to