Author: apo Date: 2016-09-18 21:14:07 +0000 (Sun, 18 Sep 2016) New Revision: 44730
Modified: data/CVE/list Log: Add graphicsmagick, CVE-2016-{7446,7447,7448,7449) patches Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-09-18 21:10:21 UTC (rev 44729) +++ data/CVE/list 2016-09-18 21:14:07 UTC (rev 44730) @@ -2186,17 +2186,22 @@ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5 NOTE: https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/ NOTE: https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/ + NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/eb58028dacf5 CVE-2016-7448 [Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU] RESERVED - graphicsmagick 1.3.25-1 + NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/30043afadb10 + NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d972c761b55d CVE-2016-7447 [heap overflow of the EscapeParenthesis() function] RESERVED - graphicsmagick 1.3.25-1 + NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d580e3c3c034 CVE-2016-7446 [heap buffer overflow issue in MVG/SVG rendering] RESERVED - graphicsmagick 1.3.25-1 NOTE: For the http://www.graphicsmagick.org/NEWS.html#september-5-2016 case NOTE: which remained present in the 1.3.24 release (and was not fixed until 1.3.25) + NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215 CVE-2016-7445 [openjpeg null ptr dereference] RESERVED - openjpeg2 <unfixed> _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits