Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits: 66f314e8 by Bastien Roucariès at 2024-03-17T22:46:00+00:00 CVE-2023-2157/imagemagick This CVE was in the code supporting exif feature following https://github.com/ImageMagick/ImageMagick/issues/5768 First commit introducing this feature was in https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08 This commit does not pin point the exact point where the CVE was introduced but version before 6.9.12.72, does not read the exif and thus did not trigger the CVE - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -53546,11 +53546,13 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso NOT-FOR-US: Code Dx CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...) - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476) - [bookworm] - imagemagick <no-dsa> (Minor issue) - [bullseye] - imagemagick <no-dsa> (Minor issue) + [bookworm] - imagemagick <not-affected> (Vulnerable code introduced later) + [bullseye] - imagemagick <not-affected> (Vulnerable code introduced later) [buster] - imagemagick <not-affected> (Vulnerable code was introduced later) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85) + NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/issues/5768 + NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08 (exif feature not present before this commit 6.9.12.72) CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...) {DSA-5453-1 DSA-5448-1 DLA-3512-1} - linux 6.3.11-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f314e8bc9ac6c9adcee8728ca0b0b892ffadb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f314e8bc9ac6c9adcee8728ca0b0b892ffadb9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits