Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df0dbc18 by Salvatore Bonaccorso at 2023-10-26T07:37:22+02:00
Track CVE fixes for imagemagick after upload to unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17484,7 +17484,7 @@ CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object
stream whose "Length" fie
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2023-3428 (A heap-based buffer overflow vulnerability was found in
coders/tiff.c ...)
[experimental] - imagemagick 8:6.9.12.98+dfsg1-1
- - imagemagick <unfixed>
+ - imagemagick 8:6.9.12.98+dfsg1-2
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790
(7.1.1-13)
NOTE: Prerequisite:
https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773
(6.9.12-55)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5
(6.9.12-91)
@@ -19380,7 +19380,7 @@ CVE-2020-36732 (The crypto-js package before 3.2.1 for
Node.js generates random
CVE-2015-10118 (A vulnerability classified as problematic was found in
cchetanonline W ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's
coders/ ...)
- - imagemagick <unfixed>
+ - imagemagick 8:6.9.12.98+dfsg1-2
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -24563,7 +24563,7 @@ CVE-2023-2159 (The CMP \u2013 Coming Soon & Maintenance
plugin for WordPress is
CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user
impersonatio ...)
NOT-FOR-US: Code Dx
CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the
ImageMagic ...)
- - imagemagick <unfixed> (bug #1036476)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -28448,7 +28448,7 @@ CVE-2023-1908 (A vulnerability was found in
SourceCodester Simple Mobile Compari
CVE-2023-1907
RESERVED
CVE-2023-1906 (A heap-based buffer overflow issue was discovered in
ImageMagick's Imp ...)
- - imagemagick <unfixed> (bug #1034373)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -77171,7 +77171,7 @@ CVE-2022-3215 (NIOHTTP1 and projects using it for
generating HTTP responses can
CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy
manageme ...)
NOT-FOR-US: Delta
CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an
applica ...)
- - imagemagick <unfixed> (bug #1021141)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1021141)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -99186,7 +99186,7 @@ CVE-2022-32547 (In ImageMagick, there is load of
misaligned address for type 'do
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0
(7.1.0-30)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b
(6.9.12-45)
CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw
ouccers a ...)
- - imagemagick <unfixed> (bug #1036999)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -112710,7 +112710,7 @@ CVE-2022-1117 (A vulnerability was found in
fapolicyd. The vulnerability occurs
CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of
Linux Kern ...)
- linux <not-affected> (Vulnerable code not present; introduced in
5.4.24; fixed in 5.4.189)
CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s
PushShortP ...)
- - imagemagick <unfixed> (bug #1013282)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1013282)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <not-affected> (code is introduced later)
@@ -165645,7 +165645,7 @@ CVE-2021-3611 (A stack overflow vulnerability was
found in the Intel HD Audio de
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/79fa99831debc9782087e834382c577215f2f511
(v7.0.0-rc1)
CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in
ImageMagick in ...)
[experimental] - imagemagick 8:6.9.12.20+dfsg1-1
- - imagemagick <unfixed> (bug #1037090)
+ - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1037090)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0dbc185151bad2d53084a7492e10b7e54b71b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0dbc185151bad2d53084a7492e10b7e54b71b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
