Author: carnil
Date: 2016-10-13 16:36:30 +0000 (Thu, 13 Oct 2016)
New Revision: 45286
Modified:
data/CVE/list
Log:
imagemagick uploaded to unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-13 16:24:56 UTC (rev 45285)
+++ data/CVE/list 2016-10-13 16:36:30 UTC (rev 45286)
@@ -2321,8 +2321,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=fcbd8018e645f3ab1ef9af94dc88a0d3272926d3
(v2.5.0-rc0)
CVE-2016-7906
RESERVED
- [experimental] - imagemagick 8:6.9.6.2+dfsg-1
- - imagemagick <unfixed> (bug #840435)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #840435)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/281
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0
CVE-2016-7905
@@ -2548,8 +2547,7 @@
NOTE:
https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
CVE-2016-7799 [mogrify global buffer overflow]
RESERVED
- [experimental] - imagemagick 8:6.9.6.2+dfsg-1
- - imagemagick <unfixed> (bug #840437)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #840437)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
CVE-2016-7798 [IV Reuse in GCM Mode]
@@ -4350,12 +4348,10 @@
- linux 4.1.3-1
NOTE: Fixed by:
https://git.kernel.org/linus/8fff105e13041e49b82f92eef034f363a6b1c071 (4.1-rc1)
CVE-2016-XXXX [Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders
(bug report from Donghai Zhu)]
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #836172)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-XXXX [TIFF divide by zero]
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #836171)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in
the linux-image ...)
{DLA-609-1}
@@ -4389,8 +4385,7 @@
RESERVED
CVE-2016-7101 [SGI security bug]
RESERVED
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #836776)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7100
RESERVED
@@ -5188,12 +5183,10 @@
CVE-2016-6823 [Buffer overflow in bmp file reader]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #834504)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #834504)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
CVE-2016-XXXX [Out-of-bound in exif (jpeg) reader]
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #834501)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #834501)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
CVE-2016-6792
RESERVED
@@ -5442,8 +5435,7 @@
[jessie] - linux 3.16.7-ckt17-1
NOTE: Fixed by:
https://git.kernel.org/linus/6829e274a623187c24f7cfc0e3d35f25d087fcc5 (4.1-rc2)
CVE-2016-XXXX [Double free]
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #834183)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #834183)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
CVE-2016-6833 [net: vmxnet3: use after free while writing]
@@ -5577,13 +5569,11 @@
CVE-2016-1000038
RESERVED
CVE-2016-XXXX [RLE check for pixel offset less than 0]
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833744)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833744)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
CVE-2016-XXXX [Segfault in ReadRLEImage]
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833743)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833743)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
CVE-2016-XXXX [Coder path transversal]
@@ -5591,13 +5581,11 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
CVE-2016-XXXX [memory leak]
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833732)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833732)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
CVE-2016-XXXX [Buffer overflow in draw.c]
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833730)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
CVE-2016-6887 [... wrong calculation result ...]
@@ -5784,14 +5772,12 @@
CVE-2016-7513 [off-by-one error leading to segfault]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832455)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832455)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
CVE-2016-7514 [out-of-bounds read in coders/psd.c]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832457)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832457)
NOTE: https://bugs.launchpad.net/bugs/1533442
NOTE: https://github.com/ImageMagick/ImageMagick/issues/83
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f
@@ -5802,8 +5788,7 @@
CVE-2016-7515 [rle file handling for corrupted file]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832461)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832461)
NOTE: https://bugs.launchpad.net/bugs/1533445
NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
@@ -5811,8 +5796,7 @@
CVE-2015-8957 [buffer overflow in sun file handling]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832464)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832464)
NOTE:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d
@@ -5821,8 +5805,7 @@
CVE-2015-8958 [potential DOS in sun file handling due to malformed files]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832465)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832465)
NOTE:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b8f17d08b7418204bf8a05a5c24e87b2fc395b75
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f
@@ -5832,40 +5815,35 @@
CVE-2016-7516 [out of bunds problem in rle, pict, viff and sun files]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832467)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533452
NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7517
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832467)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533449
NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7518
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832467)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533447
NOTE: https://github.com/ImageMagick/ImageMagick/issues/81
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7519
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832467)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533445
NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7520 [heap overflow in hdr file handling]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832469)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
NOTE: https://bugs.launchpad.net/bugs/1537213
NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
@@ -5873,8 +5851,7 @@
CVE-2016-7521 [heap buffer overflow in psd file handling]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832474)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
NOTE: https://bugs.launchpad.net/bugs/1537418
NOTE: https://github.com/ImageMagick/ImageMagick/issues/92
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
@@ -5882,8 +5859,7 @@
CVE-2016-7522 [out of bound access for malformed psd file]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832475)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832475)
NOTE: https://bugs.launchpad.net/bugs/1537419
NOTE: https://github.com/ImageMagick/ImageMagick/issues/93
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
@@ -5891,23 +5867,20 @@
CVE-2016-7523 [meta file out of bound access]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832478)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
NOTE: https://bugs.launchpad.net/bugs/1537420
NOTE: https://github.com/ImageMagick/ImageMagick/issues/94
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7524
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832478)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
NOTE: https://bugs.launchpad.net/bugs/1537422
NOTE: https://github.com/ImageMagick/ImageMagick/issues/96
CVE-2016-7525 [heap buffer overflow in psd file coder]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832480)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832480)
NOTE: https://bugs.launchpad.net/bugs/1537424
NOTE: https://github.com/ImageMagick/ImageMagick/issues/98
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
@@ -5915,8 +5888,7 @@
CVE-2016-7526 [out of bound access in wpg file coder]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832482)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
NOTE: https://bugs.launchpad.net/bugs/1539050
NOTE: https://github.com/ImageMagick/ImageMagick/issues/102
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
@@ -5925,8 +5897,7 @@
CVE-2016-7527
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832482)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
NOTE: https://bugs.launchpad.net/bugs/1542115
NOTE: https://github.com/ImageMagick/ImageMagick/issues/122
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
@@ -5934,8 +5905,7 @@
CVE-2016-7528 [out of bound access for viff file coder]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832483)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832483)
NOTE: https://bugs.launchpad.net/bugs/1537425
NOTE: https://github.com/ImageMagick/ImageMagick/issues/99
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
@@ -5943,8 +5913,7 @@
CVE-2016-7529 [out of bound access in xcf file coder]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832504)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832504)
NOTE: https://bugs.launchpad.net/bugs/1539051
NOTE: https://bugs.launchpad.net/bugs/1539052
NOTE: https://github.com/ImageMagick/ImageMagick/issues/104
@@ -5954,8 +5923,7 @@
CVE-2016-7530 [out of bound in quantum handling]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832506)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
NOTE: https://bugs.launchpad.net/bugs/1539067
NOTE: https://bugs.launchpad.net/bugs/1539053
NOTE: https://github.com/ImageMagick/ImageMagick/issues/105
@@ -5967,8 +5935,7 @@
CVE-2016-7531 [pbd file out of bound access]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832633)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832633)
NOTE: https://bugs.launchpad.net/bugs/1539061
NOTE: https://bugs.launchpad.net/bugs/1542112
NOTE: https://github.com/ImageMagick/ImageMagick/issues/107
@@ -5976,16 +5943,14 @@
CVE-2016-7532 [Fix handling of corrupted psd file]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832776)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
NOTE: https://bugs.launchpad.net/bugs/1539066
NOTE: https://github.com/ImageMagick/ImageMagick/issues/109
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7533 [wpg file out of bound for corrupted file]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832780)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832780)
NOTE: https://bugs.launchpad.net/bugs/1542114
NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
@@ -5993,8 +5958,7 @@
CVE-2016-7534 [out of bound access in generic decoder]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832785)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
NOTE: https://bugs.launchpad.net/bugs/1542785
NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
@@ -6002,16 +5966,14 @@
CVE-2016-7535 [out of bound access for corrupted psd file]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832787)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
NOTE: https://bugs.launchpad.net/bugs/1545180
NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7536 [SEGV reported in corrupted profile handling]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832789)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
NOTE: https://bugs.launchpad.net/bugs/1545367
NOTE: https://github.com/ImageMagick/ImageMagick/issues/130
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
@@ -6019,8 +5981,7 @@
CVE-2016-7537 [out of bound access for corrupted pdb file]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832791)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832791)
NOTE: https://bugs.launchpad.net/bugs/1553366
NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
@@ -6028,8 +5989,7 @@
CVE-2016-7538 [SIGABRT for corrupted pdb file]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832793)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
NOTE: https://bugs.launchpad.net/bugs/1556273
NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
@@ -6045,8 +6005,7 @@
CVE-2014-9907 [DOS due to corrupted DDS files]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832942)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832942)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
@@ -6054,16 +6013,14 @@
CVE-2016-7539 [potential DOS by not releasing memory]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833101)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833101)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
NOTE:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7540 [writing to rgf format aborts]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #827643)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #827643)
NOTE: https://bugs.launchpad.net/bugs/1594060
NOTE: https://github.com/ImageMagick/ImageMagick/pull/223
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
@@ -6325,8 +6282,7 @@
CVE-2016-6491 [Buffer overflow]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833099)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
CVE-2016-6489 [RSA code is vulnerable to cache sharing related attacks]
RESERVED
@@ -8816,16 +8772,14 @@
CVE-2016-5842
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #831034)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
CVE-2016-5841
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #831034)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
@@ -9235,34 +9189,29 @@
CVE-2016-5691 [lack of validation of pixel.red, pixel.green, and pixel.blue]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833044)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833044)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5690 [error in the for statement in the "Compute pixel scaling table"
part of the ReadDCMImage function]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833043)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833043)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5689 [lack of required NULL pointer checks]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833042)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833042)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
NOTE: Will be fixed in a 6.9.4-3 based version
CVE-2016-5688 [issues in WPG parser]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #833003)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #833003)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
CVE-2016-5687 [out of bounds memory read]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832890)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832890)
NOTE:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
TODO: check, referenced fix does not seem the one fixing the issue
CVE-2016-5699 (CRLF injection vulnerability in the HTTPConnection.putheader
function ...)
@@ -11613,8 +11562,7 @@
CVE-2016-5010 [Out-of-bounds read when processing crafted tiff file]
RESERVED
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832968)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832968)
NOTE: Fixed by:
http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows
remote ...)
- ceph <unfixed> (bug #829661)
@@ -12948,18 +12896,15 @@
NOTE:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick
before ...)
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832888)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832888)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in
ImageMagick ...)
{DSA-3652-1 DLA-517-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832887)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832887)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in
ImageMagick ...)
{DSA-3652-1}
- [experimental] - imagemagick 8:6.9.5.9+dfsg-1
- - imagemagick <unfixed> (bug #832885)
+ - imagemagick 8:6.9.6.2+dfsg-2 (bug #832885)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere
allows ...)
NOT-FOR-US: Flexera
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
