Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: b6aaba24 by Markus Koschany at 2020-08-18T00:35:56+02:00 Remove no-dsa entries for upcoming imagemagick release. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -48972,7 +48972,6 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...) {DSA-4712-1 DLA-2049-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947309) - [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x) @@ -71402,7 +71401,6 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...) {DSA-4712-1 DLA-1968-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #955025) - [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256 CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is ...) @@ -77547,7 +77545,6 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (low impact issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4 @@ -77981,7 +77978,6 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...) {DSA-4712-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931455) - [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773 NOTE: Some older version before the fixing commit did as well not check for @@ -77993,7 +77989,6 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagic CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...) {DSA-4712-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931457) - [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953 CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. import_stud ...) @@ -78892,21 +78887,18 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #931189) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (minor security impact) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805 CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931190) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (minor security impact) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614 CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931191) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (minor security impact) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504 @@ -78924,7 +78916,6 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the Writ CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...) {DSA-4712-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196) - [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...) @@ -82846,7 +82837,6 @@ CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-r CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...) {DSA-4712-1 DLA-1785-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #928207) - [stretch] - imagemagick <postponed> (Fix along in next DSA) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c979b348d64a25a04f12ea7fe7888b2b23f230a7 @@ -83186,7 +83176,6 @@ CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927828) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4 @@ -83198,7 +83187,6 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image:: CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...) {DSA-4712-1 DLA-1968-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927830) - [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0 CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...) @@ -86908,7 +86896,6 @@ CVE-2019-10132 (A vulnerability was found in libvirt >= 4.1.0 in the virtlock CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...) [experimental] - imagemagick 8:6.9.10.2+dfsg-1 - imagemagick 8:6.9.10.2+dfsg-2 - [stretch] - imagemagick <no-dsa> (Minor issue) [jessie] - imagemagick <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1704762 NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e @@ -105705,7 +105692,6 @@ CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0 NOT-FOR-US: Tyto Sahi Pro CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can resu ...) - imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1408 NOTE: https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb @@ -119896,7 +119882,6 @@ CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-r NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/394b3e6edf74d1337ce338927da053bb40c00ae9 CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPI ...) - imagemagick 8:6.9.10.14+dfsg-1 (low) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337 NOTE: https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82 @@ -129004,7 +128989,6 @@ CVE-2018-14552 RESERVED CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 use ...) - imagemagick 8:6.9.10.8+dfsg-1 (bug #904713) - [stretch] - imagemagick <postponed> (Can be fixed along in a future DSA) [jessie] - imagemagick <not-affected> (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1221 NOTE: https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101 @@ -140951,7 +140935,6 @@ CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allo CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGIm ...) [experimental] - imagemagick 8:6.9.10.2+dfsg-1 - imagemagick 8:6.9.10.2+dfsg-2 (bug #896018) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) [wheezy] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095 @@ -143557,7 +143540,6 @@ CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...) [experimental] - imagemagick 8:6.9.10.2+dfsg-1 - imagemagick 8:6.9.10.2+dfsg-2 (low; bug #894848) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) [wheezy] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1072 @@ -143812,7 +143794,6 @@ CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer der NOTE: https://github.com/ImageMagick/ImageMagick/commit/de5deab202c340162b65f65bafbbe17b1eda2c1a CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList fun ...) - imagemagick 8:6.9.9.34+dfsg-3 (low) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) [wheezy] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/802 @@ -143985,7 +143966,6 @@ CVE-2018-8961 (In libming 0.4.8, the decompilePUSHPARAM function of decompile.c NOTE: https://github.com/libming/libming/issues/130 CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q1 ...) - imagemagick 8:6.9.9.39+dfsg-1 (low) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) [wheezy] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1020 @@ -144435,7 +144415,6 @@ CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via NOT-FOR-US: Yxcms CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remot ...) - imagemagick 8:6.9.9.39+dfsg-1 (low) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) [wheezy] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/f55d3a622d234e940fb99325b92c6d3df578fa9b @@ -148182,7 +148161,6 @@ CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXP CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q1 ...) {DLA-1293-1} - imagemagick 8:6.9.9.39+dfsg-1 (low; bug #891291) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/999 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1f7c6b153882896e7a569a6e8a362ce2a11a8b1f @@ -165514,7 +165492,6 @@ CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was foun NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found ...) - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885941) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) [wheezy] - imagemagick <not-affected> (vulnerable code not present, unreproducible) NOTE: https://github.com/ImageMagick/ImageMagick/issues/869 @@ -183734,7 +183711,6 @@ CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was fo NOTE: https://github.com/ImageMagick/ImageMagick/issues/660 CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...) - imagemagick 8:6.9.9.34+dfsg-3 - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/664 CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6aaba2424f05bb28e8b0cfb253ee067799f5ad2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6aaba2424f05bb28e8b0cfb253ee067799f5ad2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits