Author: anarcat
Date: 2016-12-20 20:09:53 +0000 (Tue, 20 Dec 2016)
New Revision: 47255
Modified:
data/CVE/list
Log:
add the CVE request for the remaining 20 imagemagick issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-20 19:57:47 UTC (rev 47254)
+++ data/CVE/list 2016-12-20 20:09:53 UTC (rev 47255)
@@ -8866,11 +8866,13 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Add check for invalid mat file]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9559 [null pointer passed as argument 2, which is declared to never
be null]
RESERVED
{DSA-3726-1}
@@ -8896,43 +8898,51 @@
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Fixed memory leak in psd file handling]
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845239)
[jessie] - imagemagick <not-affected> (Vulnerable code using
layer_info[i].info introduced later)
[wheezy] - imagemagick <not-affected> (Vulnerable code using
layer_info[i].info introduced later)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Suspend exception processing if there are too many exceptions]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Fix out of bound read in viff file handling]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845212)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Better check for bufferoverflow for TIFF handling]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845202)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Check validity of extend during TIFF file reading]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845198)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Check return of write function]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
NOTE: latter patch was missing from 8:6.8.9.9-5+deb8u6 upload so
DSA-3726-1 was incomplete
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Imagemagick (jessie and older) buffer overflow]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
NOTE: Workaround entry for DSA-3726-1 until CVEs assigned
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
RESERVED
- tiff <not-affected> (Vulnerable code introduced by fix for
CVE-2016-9297)
@@ -16410,11 +16420,13 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
NOTE: Workaround entry for DLA-731-1 until CVE is assigned
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [TIFF divide by zero]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced
in a version after 6.7.7.10)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in
the linux-image ...)
{DLA-609-1}
- linux <not-affected>
@@ -17345,6 +17357,7 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
NOTE: Workaround entry for DLA-731-1 until CVE is assigned
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6792
RESERVED
CVE-2016-6791
@@ -17602,6 +17615,7 @@
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
NOTE: Workaround entry for DLA-731-1 until CVE is assigned
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write
function in ...)
- qemu 1:2.6+dfsg-3.1 (bug #834904)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
@@ -17767,28 +17781,33 @@
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
NOTE: Workaround entry for DLA-731-1 until CVE is assigned
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Segfault in ReadRLEImage]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833743)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced
in a version after 6.7.7.10)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Coder path transversal]
- imagemagick 8:6.9.5.7+dfsg-1 (bug #833735)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
NOTE: Workaround entry for DLA-731-1 until CVE is assigned
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [memory leak]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833732)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
[wheezy] - imagemagick <not-affected> (Vulnerable code not present in
version 6.7.7.10)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-XXXX [Buffer overflow in draw.c]
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u4
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
NOTE: Workaround entry for DLA-731-1 until CVE is assigned
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6887 [... wrong calculation result ...]
RESERVED
- matrixssl <removed>
@@ -69045,6 +69064,7 @@
- imagemagick 8:6.8.9.9-1 (bug #767240)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
[squeeze] - imagemagick <not-affected> (Vulnerable code not present)
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2014-8355 [buffer overflow in PCX parser]
RESERVED
{DLA-242-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
