[Git][security-tracker-team/security-tracker][master] CVE-2017-12670/imagemagick: stretch ignored

Fri, 08 Jan 2021 06:36:39 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e1e30afe by Sylvain Beucler at 2021-01-08T15:33:30+01:00
CVE-2017-12670/imagemagick: stretch ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -182739,6 +182739,7 @@ CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory 
leak vulnerability was fou
        - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/77fcc8d92a602299a23be9ac76887ba6cfe50bd3
 CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability 
was foun ...)
        - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/736
@@ -214630,11 +214631,13 @@ CVE-2017-11724 (The ReadMATImage function in 
coders/mat.c in ImageMagick through
 CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in 
coders/mat.c,  ...)
        {DLA-1785-1 DLA-1081-1}
        - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
-       [stretch] - imagemagick <postponed> (Minor issue)
+       [stretch] - imagemagick <ignored> (Minor issue, PoC triggers earlier 
assertion, fix reverted upstream)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
-       NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
-       NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
-       NOTE: Upstream patch is apparently incomplete. POC still triggers 
segfault.
+       NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/d9f1a91d93871cc6a5c0b99e8bacad4d730acf36
+       NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/de8cdeceafdc7bbdfcc55cd08e6a8b0cc979c91c
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
+       NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/75db34b6a4d642cb6f88c792942de27490c900e0
+       NOTE: fix reverted with CVE-2017-18029
 CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is 
a missi ...)
        {DLA-2366-1 DLA-1785-1 DLA-1081-1}
        - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1e30afe1724787b599a8a425e9ce247fed292f3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1e30afe1724787b599a8a425e9ce247fed292f3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to