[Secure-testing-commits] r51392 - in data: . CVE

Sun, 07 May 2017 13:26:43 -0700 

Author: apo
Date: 2017-05-07 20:26:16 +0000 (Sun, 07 May 2017)
New Revision: 51392

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Update status of imagemagick in dla-needed.txt


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-07 20:18:52 UTC (rev 51391)
+++ data/CVE/list       2017-05-07 20:26:16 UTC (rev 51392)
@@ -123,7 +123,6 @@
 CVE-2017-8765 (The function named ReadICONImage in coders\icon.c in 
ImageMagick ...)
        - imagemagick <unfixed> (low)
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/466
 CVE-2017-8764
        RESERVED
@@ -1049,77 +1048,62 @@
 CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/453
 CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/449
 CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/450
 CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/451
 CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/454
 CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/452
 CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/448
 CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/447
 CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/443
 CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/445
 CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/441
 CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/440
 CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/442
 CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/446
 CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c 
allows ...)
        - imagemagick <unfixed>
        [jessie] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
-       [wheezy] - imagemagick <no-dsa> (Can be postponed until more severe 
issue are around)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/444
 CVE-2017-8341
        RESERVED

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-05-07 20:18:52 UTC (rev 51391)
+++ data/dla-needed.txt 2017-05-07 20:26:16 UTC (rev 51392)
@@ -25,6 +25,11 @@
 --
 icu (Thorsten Alteholz)
 --
+imagemagick
+  NOTE: No need to wait for more serious issues. Imagemagick is an important
+  NOTE: and widespread tool on production systems. CVEs should be fixed rather
+  NOTE: sooner than later.
+--
 jasper (Thorsten Alteholz)
   NOTE: 20170430, not patch for the remaining CVEs yet
 --


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to