[Secure-testing-commits] r54203 - data/CVE

Wed, 02 Aug 2017 06:30:55 -0700 

Author: carnil
Date: 2017-08-02 13:30:15 +0000 (Wed, 02 Aug 2017)
New Revision: 54203

Modified:
   data/CVE/list
Log:
Update status for CVE-2017-11750

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-02 13:25:26 UTC (rev 54202)
+++ data/CVE/list       2017-08-02 13:30:15 UTC (rev 54203)
@@ -926,6 +926,8 @@
 CVE-2017-XXXX [memory leak in ReadOneJNGImage #618]
        - imagemagick 8:6.9.7.4+dfsg-15 (bug #870118)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/618
+       NOTE: When fixing this issue make sure to not open CVE-2017-11750
+       NOTE: apply the complete patch from the CVE-2017-11750 entry
 CVE-2017-XXXX [memory leak in ReadOneMNGImage #619]
        - imagemagick 8:6.9.7.4+dfsg-15 (bug #870117)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/619
@@ -977,11 +979,14 @@
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/b04e9c949d917a4a603f1a9bfe09737246229323
 CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 
6.9.9-4 and ...)
        - imagemagick <unfixed> (bug #870478)
+       [stretch] - imagemagick <not-affected> (Incomplete patch for upstream 
issues/618 not applied)
+       [jessie] - imagemagick <not-affected> (Incomplete patch for upstream 
issues/618 not applied)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/632
        NOTE: Introduced by: 
https://github.com/ImageMagick/ImageMagick/commit/8cc53f1d8946bad2a2c62e084aaf956d4d889f08
        NOTE: Introduced by (ImageMagick-6): 
https://github.com/ImageMagick/ImageMagick/commit/3cba1bb43acf5b3cba7388f67bf87b6f192138f0
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680
        NOTE: Fixed by (ImageMagick-6): 
https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7
+       NOTE: Issue introduced by the original patch for 
https://github.com/ImageMagick/ImageMagick/issues/618
        TODO: check if patch simplifying patch applied in any suite
 CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted 
search path, ...)
        NOT-FOR-US: InternetSoft FTP Commander


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to