Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f7f454e1 by Salvatore Bonaccorso at 2018-02-10T08:11:04+01:00
Various imagemagick issues fixed via experimental upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1373,6 +1373,7 @@ CVE-2018-6406 (The function ParseVP9SuperFrameIndex in 
common/libwebm_util.cc in
        NOTE: 
https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
        TODO: check
 CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick 
before ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/964
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
@@ -3995,15 +3996,18 @@ CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the 
include\spacecp\spacecp_uplo
 CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the 
include\spacecp\spacecp_space.php ...)
        NOT-FOR-US: Discuz! DiscuzX
 CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398
 CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability 
was found ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/736
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/740985d9bd3f1c50d622c3496bb2e75d44b65a91
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/32a3eeb9e0da083cbc05909e4935efdbf9846df9
 CVE-2017-18027 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/734
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/a43f4155ee916fbed080acd534232a9d2396b5b5
@@ -4060,11 +4064,13 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the 
reading of TIFF files, as ...
 CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 
can be ...)
        NOT-FOR-US: Flexense SysGauge
 CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the 
EncodeImageAttributes ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/939
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/4e72d445220287727d7886a5f17a10caf944a802
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/ed80c93e4cbf2727ead75fd8bd5e5d9ecbe762f9
 CVE-2018-5357 (ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage 
function ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/941
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/4b60459202805cb4c9a96cdeeb70db594b1d3c72
@@ -4406,17 +4412,20 @@ CVE-2018-5250
 CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 
0.8.5 and ...)
        - shaarli <itp> (bug #864559)
 CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer 
over-read in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #886588)
        [wheezy] - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/927
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/c76434c16b5ac8861ee0c5d5c3ab8974fae3d624
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/0272305f91763b5ce119a2c7a0e0084d8241a58d
 CVE-2018-5247 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in 
ReadRLAImage in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/928
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/0ecb22aa909e52d86b4545aa7a51f7a0922147e6
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/d85c34f8bd699c31b94118babc6c0445eecc9920
 CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in 
ReadPATTERNImage ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/929
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/1c3dd700bbb17837ee6f540aff3eafc76262accf
@@ -4444,6 +4453,7 @@ CVE-2018-5235
 CVE-2018-5234
        RESERVED
 CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/904
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/8cf0676455929a067257400e8020dea6ca94c1a4
@@ -5402,6 +5412,7 @@ CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable 
to XXE attacks which can
        NOT-FOR-US: XMLBundle
 CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was 
found in ...)
        {DLA-1229-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed>
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -7625,6 +7636,7 @@ CVE-2017-1000448 (Structured Data Linter versions 2.4.1 
and older are vulnerable
        NOT-FOR-US: Structured Data Linter
 CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null 
pointer ...)
        {DLA-1229-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #886281)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -7715,6 +7727,7 @@ CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer 
over-read exists in the fun
        NOTE: https://github.com/opencv/opencv/issues/10479
        NOTE: Introduced after: 
https://github.com/opencv/opencv/commit/7469c935f3ec8e9fe4f56b7eed07b284b7b7b5df
 CVE-2017-18008 (In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in 
ReadPWPImage in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/921
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/1a5f95fc018a5667de5a9448aee9d7251b2eb952
@@ -8343,6 +8356,7 @@ CVE-2017-17935 (The File_read_line function in 
epan/wslua/wslua_file.c in Wiresh
        NOTE: https://code.wireshark.org/review/#/c/24997/
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
 CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in 
coders/msl.c, ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/920
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
@@ -8398,6 +8412,7 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 
Q8, there is a heap-base
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
 CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the 
function ...)
        {DLA-1227-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #886584)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -8477,36 +8492,43 @@ CVE-2017-17889
 CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on 
NetBiter / HMS, ...)
        NOT-FOR-US: Anti-Web
 CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/7a42f63927e7f2e26846b7ed4560e9cb4984af7b
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/dddce3e790b5b0f5dad91a7960de67af5bdea789
 CVE-2017-17886 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/874
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/8204599ef0e85324876459e5d45db00660920482
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/4a71d71f4ae289b6672102efaef6543643e8efb8
 CVE-2017-17885 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/879
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/2ba085736fd49ad89c1937d1ee2b80ae4e11ab97
        NOTE: Imagemagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/5e863ae629010110772321fd181bac34c4b57345
 CVE-2017-17884 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/902
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/4d6accd355119d54429a86a1859b8329f0130f30
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/82f20a898107a9c1ef6ad2024c4b191719b294ea
 CVE-2017-17883 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/877
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/b0a7241df0f889cc3158ba82774ff21fa1da87ec
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/2a1ec7d97f356e9fb6dbc328da17d93ab7a8167c
 CVE-2017-17882 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/880
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/903f14eb94521aa6dca9d9ac55d3d9a6c7676a63
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/92fbef516b94ed96fa2a672831acd5dafb242ac5
 CVE-2017-17881 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/878
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/ece953bbe14e8514afc23e05e4030eea872e29da
@@ -8519,6 +8541,7 @@ CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 
2017-12-21, there is a stack-
        NOTE: webp support not enabled, see #806425
 CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a 
heap-based ...)
        {DSA-4074-1 DLA-1227-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #885125)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
@@ -13751,6 +13774,7 @@ CVE-2017-17683 (Panda Global Protection 17.0.1 allows a 
system crash via a 0xb37
        NOT-FOR-US: Panda Global Protection
 CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was 
found in ...)
        {DLA-1227-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #885942)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -13758,6 +13782,7 @@ CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large 
loop vulnerability was foun
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
 CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability 
was found ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #885941)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -13770,6 +13795,7 @@ CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an 
infinite loop vulnerability was 
        NOTE: The fix involves all done changes on the relevant part of 
coders/psd.c between
        NOTE: (and including) edf1b9408492b97cd08111a0a9cb123f6391dc5b and 
cae42160e5ab6de4b2a9433267e143ce295ae957 .
 CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/873
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/69601843684dd038a8397e1a12dd15777d2513bf
@@ -14302,6 +14328,7 @@ CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer 
dereference in the funct
        NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
        {DSA-4074-1 DLA-1227-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #885340)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
@@ -14329,6 +14356,7 @@ CVE-2017-17500 (ReadRGBImage in coders/rgb.c in 
GraphicsMagick 1.3.26 has a ...)
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
 CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a ...)
        {DSA-4074-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #885339)
        [jessie] - imagemagick <not-affected> (Vulnerable code not present)
        [wheezy] - imagemagick <not-affected> (vulnerable code not present)
@@ -19838,6 +19866,7 @@ CVE-2017-16547 (The DrawImage function in 
magick/render.c in GraphicsMagick 1.3.
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
 CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 
7.0.7-9 does ...)
        {DSA-4074-1 DSA-4040-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #881392)
        [wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC 
from GitHub issue results in memory allocation exception thrown at 
coders/wpg.c:1109 and valgrind does not report any issues)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
@@ -23474,6 +23503,7 @@ CVE-2017-15282
        RESERVED
 CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows 
remote ...)
        {DLA-1139-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878579)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -23488,6 +23518,7 @@ CVE-2017-15278 (Cross-Site Scripting (XSS) was 
discovered in TeamPass before 2.1
        NOT-FOR-US: TeamPass
 CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and 
GraphicsMagick ...)
        {DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #878578)
        - graphicsmagick 1.3.26-14
        NOTE: IM6: 
https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
@@ -23674,11 +23705,13 @@ CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 
is vulnerable to a buffer 
 CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored 
Cross-Site ...)
        NOT-FOR-US: dotCMS
 CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in 
...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/760
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/698c09d05a749664288281012f319cd51da664ee
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/6387479aa974709d5c329c8efbde38175f386844
 CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in 
coders/sgi.c. ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/759
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/9bad9cd6752bf8dc5825f555fd1117855bd2fc47
@@ -24336,10 +24369,12 @@ CVE-2017-15035 (EmTec PyroBatchFTP before 3.18 allows 
remote servers to cause a 
 CVE-2017-15034
        RESERVED
 CVE-2017-15033 (ImageMagick version 7.0.7-2 contains a memory leak in 
ReadYUVImage in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/pull/756
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683
 CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in 
ReadYCBCRImage in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/pull/752
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
@@ -24425,6 +24460,7 @@ CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer 
over-read when handling a ma
        NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
 CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference 
vulnerability in ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878554)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -24433,12 +24469,14 @@ CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL 
pointer dereference vulnerabi
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
 CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference 
vulnerability in ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/725
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
        NOTE: emf.c not compiled under Debian
 CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference 
vulnerability in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878555)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -24555,6 +24593,7 @@ CVE-2017-14990 (WordPress 4.8.2 stores cleartext 
wp_signups.activation_key value
        NOTE: https://core.trac.wordpress.org/ticket/38474
 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in 
...)
        {DSA-4040-1 DSA-4032-1 DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #878562)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
@@ -25258,6 +25297,7 @@ CVE-2017-14742
        RESERVED
 CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in 
ImageMagick ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878548)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -25268,6 +25308,7 @@ CVE-2017-14740
        RESERVED
 CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878547)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -25463,6 +25504,7 @@ CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to 
cause a denial of service
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
 CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant; bug #876487)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/770
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2
@@ -25471,6 +25513,7 @@ CVE-2017-14683 (geminabox (aka Gem in a Box) before 
0.13.7 has CSRF, as demonstr
        NOT-FOR-US: geminabox
 CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows 
remote ...)
        {DSA-4040-1 DSA-4032-1 DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #876488)
        NOTE: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
@@ -25636,6 +25679,7 @@ CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer 
overflow exists in the ...)
 CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow 
remote ...)
        NOT-FOR-US: CyberLink LabelPrint
 CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference 
vulnerability in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878524)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -25645,6 +25689,7 @@ CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL 
Pointer Dereference vulnerabi
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
 CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference 
vulnerability in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #877355)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -25652,6 +25697,7 @@ CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL 
Pointer Dereference vulnerabi
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
 CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference 
vulnerability in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #877354)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -25717,6 +25763,7 @@ CVE-2017-14608 (In LibRaw through 0.18.4, an out of 
bounds read flaw related to 
        NOTE: https://github.com/LibRaw/LibRaw/issues/101
 CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related 
to ...)
        {DSA-4040-1 DSA-4032-1 DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878527)
        NOTE: IM6 patch: 
https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
@@ -25884,11 +25931,13 @@ CVE-2017-14535
 CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 
1.5.beta5.20120707 via ...)
        NOT-FOR-US: NexusPHP
 CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in 
coders/mat.c. ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/648
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
 CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in 
TIFFIgnoreTags in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #878541)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -25897,6 +25946,7 @@ CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer 
Dereference in TIFFIgnore
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/c55fb18c3f78445d100a378ab8b3c0acd53c6590
 CVE-2017-14531 (ImageMagick 7.0.7-0 has a memory exhaustion issue in 
ReadSUNImage in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/718
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/69967f4161bd14d8e03ea463d6545da442a6ea78
@@ -25979,6 +26029,7 @@ CVE-2017-14506 (geminabox (aka Gem in a Box) before 
0.13.6 has XSS, as demonstra
        NOT-FOR-US: geminabox
 CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 
7.0.7-1 ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878545)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -26316,6 +26367,7 @@ CVE-2017-14401 (The EyesOfNetwork web interface (aka 
eonweb) 5.1-0 has SQL injec
        NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in 
...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878546)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -26437,15 +26489,18 @@ CVE-2017-14345 (SQL Injection exists in tianchoy/blog 
through 2017-09-12 via the
 CVE-2017-14344 (This vulnerability allows local attackers to escalate 
privileges on ...)
        NOT-FOR-US: Jungo WinDriver
 CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in 
ReadXCFImage in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/649
 CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in 
...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/650
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
 CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in 
ReadWPGImage in ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #876105)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -26498,14 +26553,17 @@ CVE-2017-14328 (Extreme EXOS 15.7, 16.x, 21.x, and 
22.x allows remote attackers 
 CVE-2017-14327 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to 
read ...)
        NOT-FOR-US: Extreme EXOS
 CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/740
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/dfefe8de5068a547ae4097c69456f02f93935164
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/a542c9f9a53327b623333150874d4e5a5b3bcbd0
 CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/741
 CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/739
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
@@ -26708,6 +26766,7 @@ CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M 
Wireless Lite N Router wi
        NOT-FOR-US: TP-LINK Router
 CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage 
in ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #876099)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -26820,6 +26879,7 @@ CVE-2017-14225 (The av_color_primaries_name function in 
libavutil/pixdesc.c in F
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
 CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c 
in ...)
        {DSA-4040-1 DSA-4032-1 DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #876097)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
@@ -26926,6 +26986,7 @@ CVE-2017-14181 (DeleteBitBuffer in 
libbitbuf/bitbuffer.c in mp4tools aacplusenc 
        NOT-FOR-US: aacplusenc
 CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in 
ReadXBMImage() due ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #875502)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -26933,6 +26994,7 @@ CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 
Q16, a DoS in ReadXBMImag
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
 CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #875503)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -26941,6 +27003,7 @@ CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 
Q16, a DoS in ...)
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
 CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 
7.0.6-10, ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #875504)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -26948,6 +27011,7 @@ CVE-2017-14173 (In the function ReadTXTImage() in 
coders/txt.c in ImageMagick 7.
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
 CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in 
ReadPSImage() due ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #875506)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -27110,6 +27174,7 @@ CVE-2017-14140 (The move_pages system call in 
mm/migrate.c in the Linux kernel b
        - linux 4.12.12-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9
 CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in 
WriteMSLImage in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/578
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/955bd1008a5371bbd1b8db0a1e41e333ebfc63ef
@@ -27117,9 +27182,11 @@ CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak 
vulnerability in WriteMSLI
        NOTE: Requires: 
https://github.com/ImageMagick/ImageMagick/commit/d426a1dc84cfdafdac67bdb2a1ecc6e1798053e6
        NOTE: Requires: 
https://github.com/ImageMagick/ImageMagick/commit/0dfce0579c881245e495aa2d8d114e63b96a860e
 CVE-2017-14138 (ImageMagick 7.0.6-5 has a memory leak vulnerability in 
ReadWEBPImage in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/639
 CVE-2017-14137 (ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an 
issue ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        [wheezy] - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/641
@@ -27366,6 +27433,7 @@ CVE-2017-14061 (Integer overflow in the _isBidi 
function in bidi.c in Libidn2 be
        NOTE: 
https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
 CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is 
present in ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878506)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -28045,6 +28113,7 @@ CVE-2017-13770
        RESERVED
 CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in 
ImageMagick ...)
        {DSA-4040-1 DSA-4032-1 DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #878507)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
@@ -28054,6 +28123,7 @@ CVE-2017-13769 (The WriteTHUMBNAILImage function in 
coders/thumbnail.c in ImageM
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
 CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #875352)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -28107,6 +28177,7 @@ CVE-2017-13759
        RESERVED
 CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow 
in the ...)
        {DSA-4040-1 DSA-4032-1 DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #878508)
        NOTE: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
@@ -29632,6 +29703,7 @@ CVE-2017-13135 (A NULL Pointer Dereference exists in 
VideoLAN x265, as used in l
        NOTE: 
https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw
 CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based 
buffer ...)
        {DSA-4040-1 DSA-4032-1 DLA-1170-1 DLA-1081-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #873099)
        - graphicsmagick 1.3.26-19 (bug #881524)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
@@ -29640,6 +29712,7 @@ CVE-2017-13134 (In ImageMagick 7.0.6-6 and 
GraphicsMagick 1.3.26, a heap-based b
        NOTE: GraphicsMagick: 
http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05
 CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in 
coders/xcf.c lacks ...)
        {DLA-1081-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #873100)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -29650,6 +29723,7 @@ CVE-2017-13132 (In ImageMagick 7.0.6-8, the 
WritePDFImage function in coders/pdf
        - imagemagick <not-affected> (Vulnerable code not present, introduced 
in 7.0.1-0)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/674
 CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found 
in the ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/676
 CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via 
a crafted ...)
@@ -29841,9 +29915,11 @@ CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based 
buffer overflow vulnerabi
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/
        NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
 CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found 
in the ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/669
 CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was 
found in ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #873131)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <not-affected> (Vulnerable code not present)
@@ -29852,12 +29928,15 @@ CVE-2017-13061 (In ImageMagick 7.0.6-5, a 
length-validation vulnerability was fo
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
 CVE-2017-13060 (In ImageMagick 7.0.6-5, a memory leak vulnerability was found 
in the ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/644
 CVE-2017-13059 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found 
in the ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/667
 CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found 
in the ...)
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/666
 CVE-2017-13057
@@ -30081,6 +30160,7 @@ CVE-2017-12984 (PHPMyWind 5.3 has XSS in 
shoppingcart.php, related to message.ph
        NOT-FOR-US: PHPMyWind
 CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in 
coders/sfw.c ...)
        {DSA-4040-1 DSA-4032-1 DLA-1081-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #873134)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/682
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5
@@ -30989,6 +31069,7 @@ CVE-2014-10039
        RESERVED
 CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in 
image.c ...)
        {DSA-4074-1 DSA-4040-1 DLA-1081-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (bug #872373)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
@@ -31000,6 +31081,7 @@ CVE-2017-12876 (Heap-based buffer overflow in enhance.c 
in ImageMagick before 7.
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
 CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 
allows ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #873871)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -31521,6 +31603,7 @@ CVE-2017-1000099 (When asking to get a file from a 
file:// URL, libcurl provides
        NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
 CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 
7.0.6-6 ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #875341)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -31529,6 +31612,7 @@ CVE-2017-12693 (The ReadBMPImage function in 
coders/bmp.c in ImageMagick 7.0.6-6
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
 CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 
7.0.6-6 ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #875339)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
@@ -31537,6 +31621,7 @@ CVE-2017-12692 (The ReadVIFFImage function in 
coders/viff.c in ImageMagick 7.0.6
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
 CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 
7.0.6-6 ...)
        {DLA-1131-1}
+       [experimental] - imagemagick 8:6.9.9.34+dfsg-1
        - imagemagick <unfixed> (low; bug #875338)
        [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7f454e1d315417ada30af25fc04643a741fc914

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7f454e1d315417ada30af25fc04643a741fc914
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to