Author: apo
Date: 2017-07-30 13:50:27 +0000 (Sun, 30 Jul 2017)
New Revision: 54074
Modified:
data/CVE/list
Log:
CVE-2017-11139,graphicsmagick: Wheezy is not affected
The vulnerable code was introduced to fix CVE-2017-11102. Since we don't
refactor the code because the DestroyJNGInfo function does not exist, we also
don't need to apply the patch to fix the double free.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-30 13:33:41 UTC (rev 54073)
+++ data/CVE/list 2017-07-30 13:50:27 UTC (rev 54074)
@@ -1811,6 +1811,7 @@
NOTE: Fixed by:
http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a
CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the
...)
- graphicsmagick 1.3.26-2 (low)
+ [wheezy] - graphicsmagick <not-affected> (vulnerable code for
CVE-2017-11102 not applied in Wheezy)
NOTE: Fixed by:
http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b
CVE-2017-11138
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
