Author: anarcat Date: 2016-12-20 20:09:53 +0000 (Tue, 20 Dec 2016) New Revision: 47255
Modified: data/CVE/list Log: add the CVE request for the remaining 20 imagemagick issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-20 19:57:47 UTC (rev 47254) +++ data/CVE/list 2016-12-20 20:09:53 UTC (rev 47255) @@ -8866,11 +8866,13 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/131 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Add check for invalid mat file] - imagemagick 8:6.9.6.2+dfsg-2 (bug #845244) [jessie] - imagemagick 8:6.8.9.9-5+deb8u6 NOTE: Workaround entry for DSA-3726-1 until CVEs assigned NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-9559 [null pointer passed as argument 2, which is declared to never be null] RESERVED {DSA-3726-1} @@ -8896,43 +8898,51 @@ - imagemagick 8:6.9.6.5+dfsg-1 (bug #845241) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797 NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Fixed memory leak in psd file handling] - imagemagick 8:6.9.6.5+dfsg-1 (bug #845239) [jessie] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later) [wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Suspend exception processing if there are too many exceptions] - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213) [jessie] - imagemagick 8:6.8.9.9-5+deb8u6 NOTE: Workaround entry for DSA-3726-1 until CVEs assigned NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Fix out of bound read in viff file handling] - imagemagick 8:6.9.6.2+dfsg-2 (bug #845212) [jessie] - imagemagick 8:6.8.9.9-5+deb8u6 NOTE: Workaround entry for DSA-3726-1 until CVEs assigned NOTE: https://github.com/ImageMagick/ImageMagick/issues/129 NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Better check for bufferoverflow for TIFF handling] - imagemagick 8:6.9.6.2+dfsg-2 (bug #845202) [jessie] - imagemagick 8:6.8.9.9-5+deb8u6 NOTE: Workaround entry for DSA-3726-1 until CVEs assigned NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Check validity of extend during TIFF file reading] - imagemagick 8:6.9.6.2+dfsg-2 (bug #845198) [jessie] - imagemagick 8:6.8.9.9-5+deb8u6 NOTE: Workaround entry for DSA-3726-1 until CVEs assigned NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Check return of write function] - imagemagick 8:6.9.6.2+dfsg-2 (bug #845196) NOTE: Workaround entry for DSA-3726-1 until CVEs assigned NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9 NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7 NOTE: latter patch was missing from 8:6.8.9.9-5+deb8u6 upload so DSA-3726-1 was incomplete + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Imagemagick (jessie and older) buffer overflow] - imagemagick 8:6.9.6.2+dfsg-2 (bug #845195) [jessie] - imagemagick 8:6.8.9.9-5+deb8u6 NOTE: Workaround entry for DSA-3726-1 until CVEs assigned NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag] RESERVED - tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297) @@ -16410,11 +16420,13 @@ [jessie] - imagemagick 8:6.8.9.9-5+deb8u5 [wheezy] - imagemagick 8:6.7.7.10-5+deb7u8 NOTE: Workaround entry for DLA-731-1 until CVE is assigned + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [TIFF divide by zero] - imagemagick 8:6.9.6.2+dfsg-2 (bug #836171) [jessie] - imagemagick 8:6.8.9.9-5+deb8u5 [wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10) NOTE: https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image ...) {DLA-609-1} - linux <not-affected> @@ -17345,6 +17357,7 @@ [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 [wheezy] - imagemagick 8:6.7.7.10-5+deb7u8 NOTE: Workaround entry for DLA-731-1 until CVE is assigned + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-6792 RESERVED CVE-2016-6791 @@ -17602,6 +17615,7 @@ [wheezy] - imagemagick 8:6.7.7.10-5+deb7u8 NOTE: Workaround entry for DLA-731-1 until CVE is assigned NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write function in ...) - qemu 1:2.6+dfsg-3.1 (bug #834904) [wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5) @@ -17767,28 +17781,33 @@ [wheezy] - imagemagick 8:6.7.7.10-5+deb7u8 NOTE: Workaround entry for DLA-731-1 until CVE is assigned NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Segfault in ReadRLEImage] - imagemagick 8:6.9.6.2+dfsg-2 (bug #833743) [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 [wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10) NOTE: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Coder path transversal] - imagemagick 8:6.9.5.7+dfsg-1 (bug #833735) [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 [wheezy] - imagemagick 8:6.7.7.10-5+deb7u8 NOTE: Workaround entry for DLA-731-1 until CVE is assigned NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [memory leak] - imagemagick 8:6.9.6.2+dfsg-2 (bug #833732) [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 [wheezy] - imagemagick <not-affected> (Vulnerable code not present in version 6.7.7.10) NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-XXXX [Buffer overflow in draw.c] - imagemagick 8:6.9.6.2+dfsg-2 (bug #833730) [jessie] - imagemagick 8:6.8.9.9-5+deb8u4 [wheezy] - imagemagick 8:6.7.7.10-5+deb7u8 NOTE: Workaround entry for DLA-731-1 until CVE is assigned NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-6887 [... wrong calculation result ...] RESERVED - matrixssl <removed> @@ -69045,6 +69064,7 @@ - imagemagick 8:6.8.9.9-1 (bug #767240) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) [squeeze] - imagemagick <not-affected> (Vulnerable code not present) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2014-8355 [buffer overflow in PCX parser] RESERVED {DLA-242-1} _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits