Author: carnil Date: 2016-06-02 19:07:25 +0000 (Thu, 02 Jun 2016) New Revision: 42265
Modified: data/CVE/list Log: CVE-2015-889{4,5,6} assigned Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-06-02 18:55:14 UTC (rev 42264) +++ data/CVE/list 2016-06-02 19:07:25 UTC (rev 42265) @@ -325,6 +325,37 @@ RESERVED CVE-2016-5127 RESERVED +CVE-2015-8896 [integer truncation issue] + - imagemagick 8:6.8.9.9-7 (bug #806441) + [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 + [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4 + [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7 + NOTE: workaround entry for DLA-353-1 until/if CVE assigned + NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 + NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2 + NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4 +CVE-2015-8895 [pict/icon processing issues: Integer and Buffer overflow in coders/icon.c] + - imagemagick 8:6.8.9.9-7 (bug #806441) + [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 + [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4 + [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7 + NOTE: workaround entry for DLA-353-1 until/if CVE assigned + NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 + NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2 + NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4 + NOTE: The issue is only exploitable on 32 bit architectures. +CVE-2015-8894 [tga processing issue: double free in coders/tga.c:221] + - imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524) + [jessie] - imagemagick <not-affected> (Can't reproduce crash with file) + [wheezy] - imagemagick <not-affected> (Can't reproduce crash with file) + [squeeze] - imagemagick <not-affected> (Can't reproduce crash with file) + NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8 + NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2 + NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4 + NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable) CVE-2015-8893 RESERVED CVE-2015-8892 @@ -18591,37 +18622,6 @@ RESERVED CVE-2014-9752 (Unrestricted file upload vulnerability in ...) TODO: check -CVE-2015-XXXX [Double free in coders/pict.c:2000] - - imagemagick 8:6.8.9.9-7 (bug #806441) - [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 - [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4 - [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7 - NOTE: workaround entry for DLA-353-1 until/if CVE assigned - NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 - NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4 -CVE-2015-XXXX [Double free in coders/tga.c:221] - - imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524) - [jessie] - imagemagick <not-affected> (Can't reproduce crash with file) - [wheezy] - imagemagick <not-affected> (Can't reproduce crash with file) - [squeeze] - imagemagick <not-affected> (Can't reproduce crash with file) - NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362 - NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4 - NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable) -CVE-2015-XXXX [Integer and Buffer overflow in coders/icon.c] - - imagemagick 8:6.8.9.9-7 (bug #806441) - [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 - [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4 - [squeeze] - imagemagick 8:6.6.0.4-3+squeeze7 - NOTE: workaround entry for DLA-353-1 until/if CVE assigned - NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 - NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/07/2 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4 - NOTE: The issue is only exploitable on 32 bit architectures. CVE-2015-XXXX [EncryptedType uses static IV per key] - python-sqlalchemy-utils <unfixed> NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/06/7 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits