[Secure-testing-commits] r46587 - in data: . CVE DSA

Sat, 26 Nov 2016 20:32:51 -0800 

Author: luciano
Date: 2016-11-27 04:32:26 +0000 (Sun, 27 Nov 2016)
New Revision: 46587

Modified:
   data/CVE/list
   data/DSA/list
   data/dsa-needed.txt
Log:
DSA imagemagick

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-11-26 21:47:15 UTC (rev 46586)
+++ data/CVE/list       2016-11-27 04:32:26 UTC (rev 46587)
@@ -629,24 +629,26 @@
        NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in 
Jessie
 CVE-2016-XXXX [mat file out of bound]
        - imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
        NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
-       TODO: check
 CVE-2016-XXXX [Add check for invalid mat file]
        - imagemagick <unfixed> (bug #845244)
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
-       TODO: check
 CVE-2016-9559 [null pointer passed as argument 2, which is declared to never 
be null]
        RESERVED
        - imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b
 (master)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
 CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
        RESERVED
        - imagemagick 8:6.9.6.5+dfsg-1 (bug #845242)
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99
 (master)
@@ -659,23 +661,25 @@
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
 CVE-2016-XXXX [Suspend exception processing if there are too many exceptions]
        - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
 CVE-2016-XXXX [Fix out of bound read in viff file handling]
        - imagemagick <unfixed> (bug #845212)
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
        NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
-       TODO: check
 CVE-2016-XXXX [Better check for bufferoverflow for TIFF handling]
        - imagemagick <unfixed> (bug #845202)
-       TODO: check
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 CVE-2016-XXXX [Check validity of extend during TIFF file reading]
        - imagemagick <unfixed> (bug #845198)
-       TODO: check
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 CVE-2016-XXXX [Check return of write function]
        - imagemagick <unfixed> (bug #845196)
-       TODO: check
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 CVE-2016-XXXX [Imagemagick (jessie and older) buffer overflow]
        - imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
 CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
        RESERVED
@@ -2921,6 +2925,7 @@
 CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory 
(memory.c)]
        RESERVED
        - imagemagick 8:6.9.6.6+dfsg-1 (bug #845634)
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc
        NOTE: The initial patch was initiall meant to be incomplete and 
resulted in CVE-2016-8866. So when fixing

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2016-11-26 21:47:15 UTC (rev 46586)
+++ data/DSA/list       2016-11-27 04:32:26 UTC (rev 46587)
@@ -1,3 +1,6 @@
+[26 Nov 2016] DSA-3725-1 imagemagick - security update
+       {CVE-2016-7799 CVE-2016-7906 CVE-2016-8677}
+       [jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 [24 Nov 2016] DSA-3724-1 gst-plugins-good0.10 - security update
        {CVE-2016-9634 CVE-2016-9635 CVE-2016-9636}
        [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-11-26 21:47:15 UTC (rev 46586)
+++ data/dsa-needed.txt 2016-11-27 04:32:26 UTC (rev 46587)
@@ -23,9 +23,6 @@
   have been unable to reproduce the crash as described in the PHP bug report
   gcs proposed debdiff to review for upload
 --
-imagemagick (luciano)
-  Needs to be sponsored.
---
 jasper (jmm)
 --
 libical


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to