Author: carnil
Date: 2016-09-20 17:21:23 +0000 (Tue, 20 Sep 2016)
New Revision: 44756
Modified:
data/CVE/list
Log:
More imagemagick fixes via experimental recorded
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-20 17:19:51 UTC (rev 44755)
+++ data/CVE/list 2016-09-20 17:21:23 UTC (rev 44756)
@@ -3066,6 +3066,7 @@
CVE-2016-7158
RESERVED
CVE-2016-XXXX [SGI security bug]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #836776)
CVE-2016-7405 [incorrect quoting may allow SQL injection]
RESERVED
@@ -3320,10 +3321,13 @@
CVE-2015-8955
RESERVED
CVE-2016-XXXX [Prevent runtime error: divide by zero]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #836174)
CVE-2016-XXXX [Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders
(bug report from Donghai Zhu)]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #836172)
CVE-2016-XXXX [TIFF divide by zero]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #836171)
CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in
the linux-image ...)
{DLA-609-1}
@@ -4105,10 +4109,12 @@
CVE-2015-8951
RESERVED
CVE-2016-XXXX [Buffer overflow in bmp file reader]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #834504)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
CVE-2016-XXXX [Out-of-bound in exif (jpeg) reader]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #834501)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
CVE-2016-6792
@@ -4356,6 +4362,7 @@
CVE-2015-8950
RESERVED
CVE-2016-XXXX [Double free]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #834183)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
@@ -4487,10 +4494,12 @@
CVE-2016-1000038
RESERVED
CVE-2016-XXXX [RLE check for pixel offset less than 0]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833744)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
CVE-2016-XXXX [Segfault in ReadRLEImage]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833743)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
@@ -4499,10 +4508,12 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
CVE-2016-XXXX [memory leak]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833732)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
CVE-2016-XXXX [Buffer overflow in draw.c]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833730)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
@@ -4686,6 +4697,7 @@
RESERVED
NOT-FOR-US: Samsung
CVE-2016-XXXX [off-by-one error leading to segfault]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #832455)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
@@ -4891,6 +4903,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-XXXX [DOS due to corrupted DDS files]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #832942)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
@@ -4898,12 +4911,14 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-XXXX [potential DOS by not releasing memory]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833101)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
NOTE:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-XXXX [writing to rgf format aborts]
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #827643)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE: https://bugs.launchpad.net/bugs/1594060
@@ -5169,6 +5184,7 @@
CVE-2016-6491 [Buffer overflow]
RESERVED
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833099)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
CVE-2016-6489 [RSA code is vulnerable to cache sharing related attacks]
@@ -8057,28 +8073,33 @@
CVE-2016-5691 [lack of validation of pixel.red, pixel.green, and pixel.blue]
RESERVED
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833044)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5690 [error in the for statement in the "Compute pixel scaling table"
part of the ReadDCMImage function]
RESERVED
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833043)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5689 [lack of required NULL pointer checks]
RESERVED
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833042)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
NOTE: Will be fixed in a 6.9.4-3 based version
CVE-2016-5688 [issues in WPG parser]
RESERVED
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #833003)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
CVE-2016-5687 [out of bounds memory read]
RESERVED
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #832890)
NOTE:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
TODO: check, referenced fix does not seem the one fixing the issue
@@ -10353,6 +10374,7 @@
CVE-2016-5010 [Out-of-bounds read when processing crafted tiff file]
RESERVED
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #832968)
NOTE: Fixed by:
http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows
remote ...)
@@ -11684,14 +11706,17 @@
NOTE:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick
before ...)
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #832888)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in
ImageMagick ...)
{DSA-3652-1 DLA-517-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #832887)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in
ImageMagick ...)
{DSA-3652-1}
+ [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #832885)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere
allows ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
