Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da2a2759 by Moritz Muehlenhoff at 2020-07-27T18:11:36+02:00
more imagemagick fixes in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -60521,7 +60521,7 @@ CVE-2019-13302 (ImageMagick 7.0.8-50 Q16 has a
heap-based buffer over-read in Ma
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1597
CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in
AcquireMagickMemory becau ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at
MagickCor ...)
{DSA-4715-1 DSA-4712-1}
@@ -60984,7 +60984,7 @@ CVE-2019-13138
RESERVED
CVE-2019-13137 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in
the fun ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant; bug #931342)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931342)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1601
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b
CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow
vulnerability in t ...)
@@ -60993,7 +60993,7 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an
integer overflow vulnerabilit
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value"
vulnera ...)
{DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (bug #932079)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #932079)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d
(7.x)
@@ -61471,12 +61471,15 @@ CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of
uninitialized value" vulnerab
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage
function in ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant; bug #931192)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931192)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1520
+ NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/ff840181f631b1b7f29160cae24d792fcd176bae
CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the
WriteDPXIm ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant; bug #931193)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931193)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
+ NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/c01d8b02f3fa912a320ddad07a03212822f267ec
+ NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/b9c3aa197020ca091a21145cf46855afd4ddcb07
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in
coders/pa ...)
{DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196)
@@ -65395,7 +65398,7 @@ CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a
heap-based buffer over-r
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb
CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer
over-read in ...)
{DSA-4712-1 DLA-1785-1}
- - imagemagick <unfixed> (bug #928207)
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #928207)
[stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
@@ -68111,7 +68114,7 @@ CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a
heap-based buffer over-r
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/d8d844c6f23f4d90d8fe893fe9225dd78fc1e6ef
CVE-2019-10649 (In ImageMagick 7.0.8-36 Q16, there is a memory leak in the
function SV ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1533
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d3ae9c19125c8704b4866381f7a064ca2cbdc006
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/e3417aebe17cbe274b7361aa92c83226ca5b646b
@@ -77863,22 +77866,23 @@ CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a
man-in-the-middle attack a
NOT-FOR-US: Amazon Fire OS
CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in
WriteDIBImage ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453
+ NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/20c360e14cd5d70b5bbd0b54afa241eae4aec45d
CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through
1.3.31, seve ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
- graphicsmagick 1.4~hg15896-1 (unimportant)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1454
CVE-2019-7396 (In ImageMagick before 7.0.8-25, a memory leak exists in
ReadSIXELImage ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1452
CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in
WritePSDChanne ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451
CVE-2019-7394 (A privilege escalation vulnerability in the administrative user
interf ...)
@@ -78517,7 +78521,7 @@ CVE-2019-7176 (An issue was discovered in GitLab
Community and Enterprise Editio
NOTE:
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in
DecodeImage ...)
{DSA-4712-1}
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1450
CVE-2019-7174 (Roxy Fileman 1.4.5 allows attackers to execute renamefile.php
(aka Ren ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da2a27597b7a2a1e18cc95578224e884cd2e1acd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da2a27597b7a2a1e18cc95578224e884cd2e1acd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
