Author: carnil Date: 2016-01-18 06:22:02 +0000 (Mon, 18 Jan 2016) New Revision: 38996
Modified: data/CVE/list Log: Updates for imagemagick issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-01-18 06:18:26 UTC (rev 38995) +++ data/CVE/list 2016-01-18 06:22:02 UTC (rev 38996) @@ -1,3 +1,6 @@ +CVE-2016-XXXX [Multiple minor security issues] + - imagemagick 8:6.8.9.9-7 (bug #811308) + TODO: check, needs possibly CVEs CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3] NOT-FOR-US: KNOX 1.0 / Android 4.3 CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3] @@ -7403,7 +7406,7 @@ CVE-2014-9752 (Unrestricted file upload vulnerability in ...) TODO: check CVE-2015-XXXX [Double free in coders/pict.c:2000] - - imagemagick <unfixed> (bug #806441) + - imagemagick 8:6.8.9.9-7 (bug #806441) [jessie] - imagemagick <no-dsa> (Minor issue) [wheezy] - imagemagick <no-dsa> (Minor issue) [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7 @@ -7421,7 +7424,7 @@ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2 NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable) CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c] - - imagemagick <unfixed> (bug #806441) + - imagemagick 8:6.8.9.9-7 (bug #806441) [jessie] - imagemagick <no-dsa> (Minor issue) [wheezy] - imagemagick <no-dsa> (Minor issue) [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits