Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed2d1ded by Bastien Roucariès at 2023-05-21T22:08:26+00:00
Reserve DLA-3429-1 for imagemagick
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -76193,7 +76193,6 @@ CVE-2022-32548 (An issue was discovered on certain
DrayTek Vigor routers before
CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type
'double', ...)
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813
NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033
@@ -76203,7 +76202,6 @@ CVE-2022-32547 (In ImageMagick, there is load of
misaligned address for type 'do
CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside
the range ...)
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091812
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4985
@@ -76213,7 +76211,6 @@ CVE-2022-32546 (A vulnerability was found in
ImageMagick, causing an outside the
CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside
the range ...)
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091811
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4962
@@ -88387,7 +88384,6 @@ CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to
Buffer Overflow.)
{DLA-3007-1}
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
- [buster] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4988
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680
@@ -132077,7 +132073,6 @@ CVE-2021-39213 (GLPI is a free Asset and IT
management software package. Startin
CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run
binary distri ...)
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #996588)
[bullseye] - imagemagick <no-dsa> (Minor issue)
- [buster] - imagemagick <no-dsa> (Minor issue)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68
@@ -180993,7 +180988,6 @@ CVE-2021-20313 (A flaw was found in ImageMagick in
versions before 7.0.11. A pot
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
NOTE: IM6:
https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an
integer o ...)
@@ -181001,7 +180995,6 @@ CVE-2021-20312 (A flaw was found in ImageMagick in
versions 7.0.11, where an int
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
CVE-2021-20311 (A flaw was found in ImageMagick in versions before 7.0.11,
where a div ...)
@@ -181016,7 +181009,6 @@ CVE-2021-20309 (A flaw was found in ImageMagick in
versions before 7.0.11 and be
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f
CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow
attackers ...)
@@ -181310,7 +181302,6 @@ CVE-2021-20246 (A flaw was found in ImageMagick in
MagickCore/resample.c. An att
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74
@@ -181319,7 +181310,6 @@ CVE-2021-20245 (A flaw was found in ImageMagick in
coders/webp.c. An attacker wh
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca
@@ -181328,7 +181318,6 @@ CVE-2021-20244 (A flaw was found in ImageMagick in
MagickCore/visual-effects.c.
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02
@@ -181337,7 +181326,6 @@ CVE-2021-20243 (A flaw was found in ImageMagick in
MagickCore/resize.c. An attac
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
(resize.c hunk)
@@ -181348,7 +181336,6 @@ CVE-2021-20241 (A flaw was found in ImageMagick in
coders/jp2.c. An attacker who
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282)
[bullseye] - imagemagick <ignored> (Minor issue)
- [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
@@ -181688,7 +181675,6 @@ CVE-2021-20177 (A flaw was found in the Linux
kernel's implementation of string
CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and
7.0.10-57 ...)
{DLA-2602-1}
- imagemagick 8:6.9.11.57+dfsg-1
- [buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 May 2023] DLA-3429-1 imagemagick - security update
+ {CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244
CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313
CVE-2021-39212 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547}
+ [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5
[20 May 2023] DLA-3428-1 node-nth-check - security update
{CVE-2021-3803}
[buster] - node-nth-check 1.0.1-1+deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed2d1dedb70edc89a09214fcfe3210493e74901b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed2d1dedb70edc89a09214fcfe3210493e74901b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
