Author: apo
Date: 2016-09-18 21:14:07 +0000 (Sun, 18 Sep 2016)
New Revision: 44730
Modified:
data/CVE/list
Log:
Add graphicsmagick, CVE-2016-{7446,7447,7448,7449) patches
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-18 21:10:21 UTC (rev 44729)
+++ data/CVE/list 2016-09-18 21:14:07 UTC (rev 44730)
@@ -2186,17 +2186,22 @@
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5
NOTE:
https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/
NOTE:
https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/
+ NOTE: Fixed by
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/eb58028dacf5
CVE-2016-7448 [Utah RLE: Reject truncated/absurd files which caused huge
memory allocations and/or consumed huge CPU]
RESERVED
- graphicsmagick 1.3.25-1
+ NOTE: Fixed by
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/30043afadb10
+ NOTE: Fixed by
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d972c761b55d
CVE-2016-7447 [heap overflow of the EscapeParenthesis() function]
RESERVED
- graphicsmagick 1.3.25-1
+ NOTE: Fixed by
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d580e3c3c034
CVE-2016-7446 [heap buffer overflow issue in MVG/SVG rendering]
RESERVED
- graphicsmagick 1.3.25-1
NOTE: For the http://www.graphicsmagick.org/NEWS.html#september-5-2016
case
NOTE: which remained present in the 1.3.24 release (and was not fixed
until 1.3.25)
+ NOTE: Fixed by
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215
CVE-2016-7445 [openjpeg null ptr dereference]
RESERVED
- openjpeg2 <unfixed>
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
