Author: roberto
Date: 2017-11-13 14:58:14 +0000 (Mon, 13 Nov 2017)
New Revision: 57602
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Annotate CVE-2017-16546 as not affecting wheezy; remove imagemagick from
dla-needed.txt as no open CVEs affect it
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-13 13:57:10 UTC (rev 57601)
+++ data/CVE/list 2017-11-13 14:58:14 UTC (rev 57602)
@@ -584,6 +584,7 @@
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick
7.0.7-9 does ...)
- imagemagick <unfixed> (bug #881392)
+ [wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC
from GitHub issue results in memory allocation exception thrown at
coders/wpg.c:1109 and valgrind does not report any issues)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
NOTE: https://github.com/ImageMagick/ImageMagick/issues/851
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-13 13:57:10 UTC (rev 57601)
+++ data/dla-needed.txt 2017-11-13 14:58:14 UTC (rev 57602)
@@ -18,8 +18,6 @@
--
graphicsmagick (Roberto C. Sánchez)
--
-imagemagick (Roberto C. Sánchez)
---
irssi (Rhonda D'Vine)
--
jasperreports
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
