Author: apo Date: 2017-07-30 13:50:27 +0000 (Sun, 30 Jul 2017) New Revision: 54074
Modified: data/CVE/list Log: CVE-2017-11139,graphicsmagick: Wheezy is not affected The vulnerable code was introduced to fix CVE-2017-11102. Since we don't refactor the code because the DestroyJNGInfo function does not exist, we also don't need to apply the patch to fix the double free. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-30 13:33:41 UTC (rev 54073) +++ data/CVE/list 2017-07-30 13:50:27 UTC (rev 54074) @@ -1811,6 +1811,7 @@ NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ...) - graphicsmagick 1.3.26-2 (low) + [wheezy] - graphicsmagick <not-affected> (vulnerable code for CVE-2017-11102 not applied in Wheezy) NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b CVE-2017-11138 RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits