Author: carnil
Date: 2016-06-02 19:07:25 +0000 (Thu, 02 Jun 2016)
New Revision: 42265
Modified:
data/CVE/list
Log:
CVE-2015-889{4,5,6} assigned
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-02 18:55:14 UTC (rev 42264)
+++ data/CVE/list 2016-06-02 19:07:25 UTC (rev 42265)
@@ -325,6 +325,37 @@
RESERVED
CVE-2016-5127
RESERVED
+CVE-2015-8896 [integer truncation issue]
+ - imagemagick 8:6.8.9.9-7 (bug #806441)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u1
+ [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
+ [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
+ NOTE: workaround entry for DLA-353-1 until/if CVE assigned
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
+ NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+CVE-2015-8895 [pict/icon processing issues: Integer and Buffer overflow in
coders/icon.c]
+ - imagemagick 8:6.8.9.9-7 (bug #806441)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u1
+ [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
+ [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
+ NOTE: workaround entry for DLA-353-1 until/if CVE assigned
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
+ NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+ NOTE: The issue is only exploitable on 32 bit architectures.
+CVE-2015-8894 [tga processing issue: double free in coders/tga.c:221]
+ - imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524)
+ [jessie] - imagemagick <not-affected> (Can't reproduce crash with file)
+ [wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
+ [squeeze] - imagemagick <not-affected> (Can't reproduce crash with file)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8
+ NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+ NOTE: The problem can only be triggered with recent versions of
ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is
not vulnerable, older versions are not vulnerable)
CVE-2015-8893
RESERVED
CVE-2015-8892
@@ -18591,37 +18622,6 @@
RESERVED
CVE-2014-9752 (Unrestricted file upload vulnerability in ...)
TODO: check
-CVE-2015-XXXX [Double free in coders/pict.c:2000]
- - imagemagick 8:6.8.9.9-7 (bug #806441)
- [jessie] - imagemagick 8:6.8.9.9-5+deb8u1
- [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
- [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
- NOTE: workaround entry for DLA-353-1 until/if CVE assigned
- NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
- NOTE:
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/10/07/2
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/22/4
-CVE-2015-XXXX [Double free in coders/tga.c:221]
- - imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524)
- [jessie] - imagemagick <not-affected> (Can't reproduce crash with file)
- [wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
- [squeeze] - imagemagick <not-affected> (Can't reproduce crash with file)
- NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
- NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/10/07/2
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/22/4
- NOTE: The problem can only be triggered with recent versions of
ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is
not vulnerable, older versions are not vulnerable)
-CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c]
- - imagemagick 8:6.8.9.9-7 (bug #806441)
- [jessie] - imagemagick 8:6.8.9.9-5+deb8u1
- [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
- [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7
- NOTE: workaround entry for DLA-353-1 until/if CVE assigned
- NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
- NOTE:
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/10/07/2
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/22/4
- NOTE: The issue is only exploitable on 32 bit architectures.
CVE-2015-XXXX [EncryptedType uses static IV per key]
- python-sqlalchemy-utils <unfixed>
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/10/06/7
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
