Author: opal
Date: 2017-11-06 20:36:58 +0000 (Mon, 06 Nov 2017)
New Revision: 57378
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triaging graphicsmagick.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-06 20:03:20 UTC (rev 57377)
+++ data/CVE/list 2017-11-06 20:36:58 UTC (rev 57378)
@@ -59,6 +59,10 @@
- graphicsmagick 1.3.26-18
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/519/
+ NOTE: The wheezy version gives an assert before the vulnerability can
be triggered. Due to this
+ NOTE: the severity of the wheezy version is low even though the
vulnerable code is still present.
+ NOTE: The patch is trivial so it may be worth fixing in combination
with some other fix.
+ [wheezy] - graphicsmagick <no-dsa> (Not possible to trigger with
presented test case)
CVE-2017-16544
RESERVED
CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-06 20:03:20 UTC (rev 57377)
+++ data/dla-needed.txt 2017-11-06 20:36:58 UTC (rev 57378)
@@ -18,6 +18,8 @@
NOTE: 20170719: maintainer will handle the upload, see
https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org
NOTE: 20171013: anarcat pinged maintainer:
https://lists.debian.org/87efpuc95w....@curie.anarc.at
--
+graphicsmagick
+--
irssi (Rhonda D'Vine)
--
jasperreports
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
