Author: opal Date: 2017-11-06 20:36:58 +0000 (Mon, 06 Nov 2017) New Revision: 57378
Modified: data/CVE/list data/dla-needed.txt Log: Triaging graphicsmagick. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-06 20:03:20 UTC (rev 57377) +++ data/CVE/list 2017-11-06 20:36:58 UTC (rev 57378) @@ -59,6 +59,10 @@ - graphicsmagick 1.3.26-18 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/519/ + NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this + NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. + NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. + [wheezy] - graphicsmagick <no-dsa> (Not possible to trigger with presented test case) CVE-2017-16544 RESERVED CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...) Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-11-06 20:03:20 UTC (rev 57377) +++ data/dla-needed.txt 2017-11-06 20:36:58 UTC (rev 57378) @@ -18,6 +18,8 @@ NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org NOTE: 20171013: anarcat pinged maintainer: https://lists.debian.org/87efpuc95w....@curie.anarc.at -- +graphicsmagick +-- irssi (Rhonda D'Vine) -- jasperreports _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits