Author: carnil Date: 2016-09-22 06:42:47 +0000 (Thu, 22 Sep 2016) New Revision: 44812
Modified: data/CVE/list data/DSA/list Log: Anothr round of imagemagick CVEs Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-09-22 06:32:04 UTC (rev 44811) +++ data/CVE/list 2016-09-22 06:42:47 UTC (rev 44812) @@ -2145,22 +2145,6 @@ RESERVED CVE-2016-7528 RESERVED -CVE-2016-7527 - RESERVED -CVE-2016-7526 - RESERVED -CVE-2016-7525 - RESERVED -CVE-2016-7524 - RESERVED -CVE-2016-7523 - RESERVED -CVE-2016-7522 - RESERVED -CVE-2016-7521 - RESERVED -CVE-2016-7520 - RESERVED CVE-2016-7512 RESERVED CVE-2016-7511 @@ -4763,58 +4747,58 @@ NOTE: https://bugs.launchpad.net/bugs/1533445 NOTE: https://github.com/ImageMagick/ImageMagick/issues/82 NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 -CVE-2016-XXXX [heap overflow in hdr file handling] +CVE-2016-7520 [heap overflow in hdr file handling] [experimental] - imagemagick 8:6.9.5.9+dfsg-1 - imagemagick <unfixed> (bug #832469) - [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 NOTE: https://bugs.launchpad.net/bugs/1537213 NOTE: https://github.com/ImageMagick/ImageMagick/issues/90 NOTE: https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/07/1 -CVE-2016-XXXX [heap buffer overflow in psd file handling] + NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 +CVE-2016-7521 [heap buffer overflow in psd file handling] [experimental] - imagemagick 8:6.9.5.9+dfsg-1 - imagemagick <unfixed> (bug #832474) - [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 NOTE: https://bugs.launchpad.net/bugs/1537418 NOTE: https://github.com/ImageMagick/ImageMagick/issues/92 NOTE: https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/07/1 -CVE-2016-XXXX [out of bound access for malformed psd file] + NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 +CVE-2016-7522 [out of bound access for malformed psd file] [experimental] - imagemagick 8:6.9.5.9+dfsg-1 - imagemagick <unfixed> (bug #832475) - [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 NOTE: https://bugs.launchpad.net/bugs/1537419 NOTE: https://github.com/ImageMagick/ImageMagick/issues/93 NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/07/1 -CVE-2016-XXXX [meta file out of bound access] + NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 +CVE-2016-7523 [meta file out of bound access] [experimental] - imagemagick 8:6.9.5.9+dfsg-1 - imagemagick <unfixed> (bug #832478) - [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 NOTE: https://bugs.launchpad.net/bugs/1537420 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/94 + NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 +CVE-2016-7524 + [experimental] - imagemagick 8:6.9.5.9+dfsg-1 + - imagemagick <unfixed> (bug #832478) + NOTE: https://bugs.launchpad.net/bugs/1537422 NOTE: https://github.com/ImageMagick/ImageMagick/issues/96 - NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6 - NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a34d7ac889bd6645f6cfd164636e3efb56dbb2f - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/07/1 -CVE-2016-XXXX [heap buffer overflow in psd file coder] +CVE-2016-7525 [heap buffer overflow in psd file coder] [experimental] - imagemagick 8:6.9.5.9+dfsg-1 - imagemagick <unfixed> (bug #832480) - [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 NOTE: https://bugs.launchpad.net/bugs/1537424 NOTE: https://github.com/ImageMagick/ImageMagick/issues/98 NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/07/1 -CVE-2016-XXXX [out of bound access in wpg file coder] + NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 +CVE-2016-7526 [out of bound access in wpg file coder] - imagemagick <unfixed> (bug #832482) - [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 NOTE: https://bugs.launchpad.net/bugs/1539050 - NOTE: https://bugs.launchpad.net/bugs/1542115 NOTE: https://github.com/ImageMagick/ImageMagick/issues/102 - NOTE: https://github.com/ImageMagick/ImageMagick/issues/122 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599 + NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 +CVE-2016-7527 + - imagemagick <unfixed> (bug #832482) + NOTE: https://bugs.launchpad.net/bugs/1542115 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/122 NOTE: https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/07/1 + NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 CVE-2016-XXXX [out of bound access for viff file coder] [experimental] - imagemagick 8:6.9.5.9+dfsg-1 - imagemagick <unfixed> (bug #832483) Modified: data/DSA/list =================================================================== --- data/DSA/list 2016-09-22 06:32:04 UTC (rev 44811) +++ data/DSA/list 2016-09-22 06:42:47 UTC (rev 44812) @@ -62,7 +62,7 @@ {CVE-2016-6354} [jessie] - flex 2.5.39-8+deb8u1 [25 Aug 2016] DSA-3652-1 imagemagick - security update - {CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2015-8957 CVE-2015-8958 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519} + {CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2015-8957 CVE-2015-8958 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527} [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 [25 Aug 2016] DSA-3651-1 rails - security update {CVE-2016-6316} _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits