[Git][security-tracker-team/security-tracker][master] imagemagick DSA

Moritz Muehlenhoff (@jmm) Thu, 22 Feb 2024 10:54:46 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7be9fc49 by Moritz Mühlenhoff at 2024-02-22T19:52:46+01:00
imagemagick DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50948,8 +50948,6 @@ CVE-2023-1907
        RESERVED
 CVE-2023-1906 (A heap-based buffer overflow issue was discovered in 
ImageMagick's Imp ...)
        - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373)
-       [bookworm] - imagemagick <no-dsa> (Minor issue)
-       [bullseye] - imagemagick <no-dsa> (Minor issue)
        [buster] - imagemagick <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
 (ImageMagick 6.9.12-84)
@@ -56193,8 +56191,6 @@ CVE-2023-1290 (A vulnerability, which was classified as 
critical, has been found
        NOT-FOR-US: SourceCodester Sales Tracker Management System
 CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially 
create ...)
        - imagemagick 8:6.9.12.98+dfsg1-2
-       [bookworm] - imagemagick <no-dsa> (Minor issue)
-       [bullseye] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
 (7.1.1-0)
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368
 (6.9.12-78)
@@ -121847,8 +121843,6 @@ CVE-2022-32547 (In ImageMagick, there is load of 
misaligned address for type 'do
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b
 (6.9.12-45)
 CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw 
ouccers a ...)
        - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999)
-       [bookworm] - imagemagick <no-dsa> (Minor issue)
-       [bullseye] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/6341
        NOTE: ImageMagick: 
https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158
 (7.1.1-10)
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/133089f716f23ce0b80d89ccc1fd680960235512
 (6.9.12-88)
@@ -135373,8 +135367,6 @@ CVE-2022-1116 (Integer Overflow or Wraparound 
vulnerability in io_uring of Linux
        - linux <not-affected> (Vulnerable code not present; introduced in 
5.4.24; fixed in 5.4.189)
 CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s 
PushShortP ...)
        - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1013282)
-       [bookworm] - imagemagick <no-dsa> (Minor issue)
-       [bullseye] - imagemagick <no-dsa> (Minor issue)
        [buster] - imagemagick <not-affected> (code is introduced later)
        [stretch] - imagemagick <not-affected> (code is introduced later)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974
@@ -188329,8 +188321,6 @@ CVE-2021-3611 (A stack overflow vulnerability was 
found in the Intel HD Audio de
 CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in 
ImageMagick in ...)
        [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
        - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1037090)
-       [bookworm] - imagemagick <no-dsa> (Minor issue)
-       [bullseye] - imagemagick <no-dsa> (Minor issue)
        [buster] - imagemagick <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
        NOTE: ImageMagick6 prerequisite for <= 6.9.10-92: 
https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[22 Feb 2024] DSA-5628-1 imagemagick - security update
+       {CVE-2021-3610 CVE-2022-1115 CVE-2023-1289 CVE-2023-1906 CVE-2023-3428 
CVE-2023-5341 CVE-2023-34151}
+       [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u3
+       [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u1
 [21 Feb 2024] DSA-5627-1 firefox-esr - security update
        {CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549 CVE-2024-1550 
CVE-2024-1551 CVE-2024-1552 CVE-2024-1553}
        [bullseye] - firefox-esr 115.8.0esr-1~deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -35,8 +35,6 @@ gtkwave
 --
 h2o (jmm)
 --
-imagemagick (jmm)
---
 iwd (carnil)
 --
 libreswan (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be9fc498323335ae74a8e9f3bbdfbc5a499680c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be9fc498323335ae74a8e9f3bbdfbc5a499680c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] imagemagick DSA

Reply via email to