[Secure-testing-commits] r51389 - in data: . CVE

Sun, 07 May 2017 13:00:12 -0700 

Author: roberto
Date: 2017-05-07 19:59:48 +0000 (Sun, 07 May 2017)
New Revision: 51389

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Mark imagemagick CVE's in wheezy no-dsa with a note about postponing until more 
severe issues arise; this matches what was done for jessie a few days ago

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-07 19:58:59 UTC (rev 51388)
+++ data/CVE/list       2017-05-07 19:59:48 UTC (rev 51389)
@@ -123,6 +123,7 @@
 CVE-2017-8765 (The function named ReadICONImage in coders\icon.c in 
ImageMagick ...)
        - imagemagick <unfixed> (low)
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/466
 CVE-2017-8764
        RESERVED
@@ -1048,62 +1049,77 @@
 CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/453
 CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/449
 CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/450
 CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/451
 CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/454
 CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/452
 CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/448
 CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/447
 CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/443
 CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/445
 CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/441
 CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/440
 CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/442
 CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/446
 CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
+       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/444
 CVE-2017-8341
        RESERVED

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-05-07 19:58:59 UTC (rev 51388)
+++ data/dla-needed.txt 2017-05-07 19:59:48 UTC (rev 51389)
@@ -25,8 +25,6 @@
 --
 icu (Thorsten Alteholz)
 --
-imagemagick (Roberto C. Sánchez)
---
 jasper (Thorsten Alteholz)
   NOTE: 20170430, not patch for the remaining CVEs yet
 --


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to