[Git][security-tracker-team/security-tracker][master] Remove no-dsa entries for upcoming imagemagick release.

Markus Koschany Mon, 17 Aug 2020 15:37:41 -0700


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b6aaba24 by Markus Koschany at 2020-08-18T00:35:56+02:00
Remove no-dsa entries for upcoming imagemagick release.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -48972,7 +48972,6 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 
Q8, there is a use-after
 CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer 
over-read in ...)
        {DSA-4712-1 DLA-2049-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947309)
-       [stretch] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617
 (7.x)
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce
 (6.x)
@@ -71402,7 +71401,6 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an 
integer overflow vulnerabil
 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, 
there is  ...)
        {DSA-4712-1 DLA-1968-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (bug #955025)
-       [stretch] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
 CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, 
there is  ...)
@@ -77547,7 +77545,6 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based 
buffer overflow vulnerabi
 CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in 
RemoveDuplicateLay ...)
        {DSA-4712-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (low impact issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
@@ -77981,7 +77978,6 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a 
heap-based buffer overflow at Mag
 CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at 
MagickCo ...)
        {DSA-4712-1 DLA-1888-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931455)
-       [stretch] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
        NOTE: Some older version before the fixing commit did as well not check 
for
@@ -77993,7 +77989,6 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct 
memory leaks in AcquireMagic
 CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at 
MagickCo ...)
        {DSA-4712-1 DLA-1888-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931457)
-       [stretch] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
 CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. 
import_stud ...)
@@ -78892,21 +78887,18 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is 
an integer overflow (cause
 CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
        {DSA-4712-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (bug #931189)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (minor security impact)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
 CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
        {DSA-4712-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931190)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (minor security impact)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
 CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
        {DSA-4712-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931191)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (minor security impact)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
@@ -78924,7 +78916,6 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak 
vulnerability in the Writ
 CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in 
coders/pa ...)
        {DSA-4712-1 DLA-1888-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196)
-       [stretch] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the 
opj_t1_encode_c ...)
@@ -82846,7 +82837,6 @@ CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a 
heap-based buffer over-r
 CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer 
over-read in ...)
        {DSA-4712-1 DLA-1785-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (bug #928207)
-       [stretch] - imagemagick <postponed> (Fix along in next DSA)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/c979b348d64a25a04f12ea7fe7888b2b23f230a7
@@ -83186,7 +83176,6 @@ CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 
allows attackers to cause
 CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing 
component of Ima ...)
        {DSA-4712-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927828)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4
@@ -83198,7 +83187,6 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in 
heif::HeifContext::Image::
 CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 
allows attack ...)
        {DSA-4712-1 DLA-1968-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927830)
-       [stretch] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
 CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service 
(uncontrol ...)
@@ -86908,7 +86896,6 @@ CVE-2019-10132 (A vulnerability was found in libvirt 
&gt;= 4.1.0 in the virtlock
 CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick 
before  ...)
        [experimental] - imagemagick 8:6.9.10.2+dfsg-1
        - imagemagick 8:6.9.10.2+dfsg-2
-       [stretch] - imagemagick <no-dsa> (Minor issue)
        [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1704762
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
@@ -105705,7 +105692,6 @@ CVE-2018-20468 (An issue was discovered in Tyto Sahi 
Pro through 7.x.x and 8.0.0
        NOT-FOR-US: Tyto Sahi Pro
 CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file 
can resu ...)
        - imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1408
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb
@@ -119896,7 +119882,6 @@ CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is 
a heap-based buffer over-r
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/394b3e6edf74d1337ce338927da053bb40c00ae9
 CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the 
ReadBMPI ...)
        - imagemagick 8:6.9.10.14+dfsg-1 (low)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82
@@ -129004,7 +128989,6 @@ CVE-2018-14552
        RESERVED
 CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 
7.0.8-7 use ...)
        - imagemagick 8:6.9.10.8+dfsg-1 (bug #904713)
-       [stretch] - imagemagick <postponed> (Can be fixed along in a future DSA)
        [jessie] - imagemagick <not-affected> (vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1221
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101
@@ -140951,7 +140935,6 @@ CVE-2018-10178 (The FromDocToPDF extension before 
13.611.13.2303 for Chrome allo
 CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the 
ReadOneMNGIm ...)
        [experimental] - imagemagick 8:6.9.10.2+dfsg-1
        - imagemagick 8:6.9.10.2+dfsg-2 (bug #896018)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        [wheezy] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095
@@ -143557,7 +143540,6 @@ CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 
has CSRF in an fmdo=rename
 CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the 
DecodeLabImage ...)
        [experimental] - imagemagick 8:6.9.10.2+dfsg-1
        - imagemagick 8:6.9.10.2+dfsg-2 (low; bug #894848)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        [wheezy] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1072
@@ -143812,7 +143794,6 @@ CVE-2017-18253 (An issue was discovered in 
ImageMagick 7.0.7. A NULL pointer der
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/de5deab202c340162b65f65bafbbe17b1eda2c1a
 CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The 
MogrifyImageList fun ...)
        - imagemagick 8:6.9.9.34+dfsg-3 (low)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        [wheezy] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/802
@@ -143985,7 +143966,6 @@ CVE-2018-8961 (In libming 0.4.8, the 
decompilePUSHPARAM function of decompile.c
        NOTE: https://github.com/libming/libming/issues/130
 CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 
7.0.7-26 Q1 ...)
        - imagemagick 8:6.9.9.39+dfsg-1 (low)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        [wheezy] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1020
@@ -144435,7 +144415,6 @@ CVE-2018-8805 (Yxcms building system (compatible cell 
phone) v1.4.7 has XSS via
        NOT-FOR-US: Yxcms
 CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 
allows remot ...)
        - imagemagick 8:6.9.9.39+dfsg-1 (low)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        [wheezy] - imagemagick <ignored> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/f55d3a622d234e940fb99325b92c6d3df578fa9b
@@ -148182,7 +148161,6 @@ CVE-2017-18197 (In mxGraphViewImageReader.java in 
mxGraph before 3.7.6, the SAXP
 CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 
7.0.7-23 Q1 ...)
        {DLA-1293-1}
        - imagemagick 8:6.9.9.39+dfsg-1 (low; bug #891291)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/999
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/1f7c6b153882896e7a569a6e8a362ce2a11a8b1f
@@ -165514,7 +165492,6 @@ CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large 
loop vulnerability was foun
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
 CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability 
was found  ...)
        - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885941)
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        [wheezy] - imagemagick <not-affected> (vulnerable code not present, 
unreproducible)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/869
@@ -183734,7 +183711,6 @@ CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory 
exhaustion vulnerability was fo
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/660
 CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was 
found in ...)
        - imagemagick 8:6.9.9.34+dfsg-3
-       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/664
 CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in 
ImageWorsener 1. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6aaba2424f05bb28e8b0cfb253ee067799f5ad2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6aaba2424f05bb28e8b0cfb253ee067799f5ad2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove no-dsa entries for upcoming imagemagick release.

Reply via email to