Author: jmm Date: 2017-11-09 18:35:25 +0000 (Thu, 09 Nov 2017) New Revision: 57507
Modified: data/CVE/list Log: further imagemagick triage Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-09 17:36:25 UTC (rev 57506) +++ data/CVE/list 2017-11-09 18:35:25 UTC (rev 57507) @@ -3676,6 +3676,8 @@ CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote ...) {DLA-1139-1} - imagemagick <unfixed> (low; bug #878579) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/832 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e NOTE: https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb @@ -4476,7 +4478,9 @@ NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...) {DLA-1131-1} - - imagemagick <unfixed> (bug #878554) + - imagemagick <unfixed> (low; bug #878554) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/723 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375 @@ -4488,7 +4492,9 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905 NOTE: emf.c not compiled under Debian CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...) - - imagemagick <unfixed> (bug #878555) + - imagemagick <unfixed> (low; bug #878555) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/724 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4 @@ -5280,7 +5286,9 @@ RESERVED CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick ...) {DLA-1131-1} - - imagemagick <unfixed> (bug #878548) + - imagemagick <unfixed> (low; bug #878548) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/771 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d @@ -5288,7 +5296,9 @@ RESERVED CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...) {DLA-1131-1} - - imagemagick <unfixed> (bug #878547) + - imagemagick <unfixed> (low; bug #878547) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/780 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089 @@ -5640,19 +5650,25 @@ CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...) NOT-FOR-US: CyberLink LabelPrint CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...) - - imagemagick <unfixed> (bug #878524) + - imagemagick <unfixed> (low; bug #878524) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/720 NOTE: https://github.com/ImageMagick/ImageMagick/issues/721 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9 CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...) - - imagemagick <unfixed> (bug #877355) + - imagemagick <unfixed> (low; bug #877355) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/721 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9 CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...) - - imagemagick <unfixed> (bug #877354) + - imagemagick <unfixed> (low; bug #877354) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/722 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97 @@ -5881,6 +5897,8 @@ NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907 CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in ...) - imagemagick <unfixed> (bug #878541) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/719 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160 @@ -5971,7 +5989,9 @@ NOT-FOR-US: geminabox CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...) {DLA-1131-1} - - imagemagick <unfixed> (bug #878545) + - imagemagick <unfixed> (low; bug #878545) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/716 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948 @@ -13750,7 +13770,8 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG ...) {DSA-4019-1 DLA-1081-1} - - imagemagick 8:6.9.7.4+dfsg-15 (bug #870105) + - imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870105) + [jessie] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3 NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote authenticated ...) @@ -13887,6 +13908,8 @@ CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in ...) {DSA-4019-1} - imagemagick 8:6.9.7.4+dfsg-14 (bug #870014) + [stretch] - imagemagick <no-dsa> (Minor issue) + [jessie] - imagemagick <no-dsa> (Minor issue) [wheezy] - imagemagick <not-affected> (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/547 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375 @@ -20404,6 +20427,7 @@ CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the ...) {DSA-4019-1 DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778) + [jessie] - imagemagick <no-dsa> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/500 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d NOTE: Fixed by (6.x): https://github.com/ImageMagick/ImageMagick/commit/837085e7725f6eb591eb019e299c1ddcf34b9a79 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits