Author: bam Date: 2016-02-22 23:29:33 +0000 (Mon, 22 Feb 2016) New Revision: 39823
Modified: data/CVE/list Log: Add link to latest CVE request; imagemagic issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-02-22 22:42:40 UTC (rev 39822) +++ data/CVE/list 2016-02-22 23:29:33 UTC (rev 39823) @@ -1958,7 +1958,7 @@ NOTE: fawour of the C version. CVE-2016-XXXX [Multiple minor security issues] - imagemagick 8:6.8.9.9-7 (bug #811308) - TODO: check, needs possibly CVEs + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4 CVE-2016-1925 [Improper handling of length parameter inconsitency] RESERVED - lha <removed> (unimportant) @@ -9858,6 +9858,7 @@ NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4 CVE-2015-XXXX [Double free in coders/tga.c:221] - imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524) [jessie] - imagemagick <not-affected> (Can't reproduce crash with file) @@ -9866,6 +9867,7 @@ NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362 NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4 NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable) CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c] - imagemagick 8:6.8.9.9-7 (bug #806441) @@ -9876,6 +9878,7 @@ NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4 NOTE: The issue is only exploitable on 32 bit architectures. CVE-2015-XXXX [EncryptedType uses static IV per key] - python-sqlalchemy-utils <unfixed> _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits