[Secure-testing-commits] r57507 - data/CVE

Moritz Muehlenhoff Thu, 09 Nov 2017 10:36:15 -0800

Author: jmm
Date: 2017-11-09 18:35:25 +0000 (Thu, 09 Nov 2017)
New Revision: 57507


Modified:
   data/CVE/list
Log:
further imagemagick triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-09 17:36:25 UTC (rev 57506)
+++ data/CVE/list       2017-11-09 18:35:25 UTC (rev 57507)
@@ -3676,6 +3676,8 @@
 CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows 
remote ...)
        {DLA-1139-1}
        - imagemagick <unfixed> (low; bug #878579)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb
@@ -4476,7 +4478,9 @@
        NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
 CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference 
vulnerability in ...)
        {DLA-1131-1}
-       - imagemagick <unfixed> (bug #878554)
+       - imagemagick <unfixed> (low; bug #878554)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
@@ -4488,7 +4492,9 @@
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
        NOTE: emf.c not compiled under Debian
 CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference 
vulnerability in ...)
-       - imagemagick <unfixed> (bug #878555)
+       - imagemagick <unfixed> (low; bug #878555)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        [wheezy] - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/724
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4
@@ -5280,7 +5286,9 @@
        RESERVED
 CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in 
ImageMagick ...)
        {DLA-1131-1}
-       - imagemagick <unfixed> (bug #878548)
+       - imagemagick <unfixed> (low; bug #878548)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
@@ -5288,7 +5296,9 @@
        RESERVED
 CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
        {DLA-1131-1}
-       - imagemagick <unfixed> (bug #878547)
+       - imagemagick <unfixed> (low; bug #878547)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089
@@ -5640,19 +5650,25 @@
 CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow 
remote ...)
        NOT-FOR-US: CyberLink LabelPrint
 CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference 
vulnerability in ...)
-       - imagemagick <unfixed> (bug #878524)
+       - imagemagick <unfixed> (low; bug #878524)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        [wheezy] - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/720
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
 CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference 
vulnerability in ...)
-       - imagemagick <unfixed> (bug #877355)
+       - imagemagick <unfixed> (low; bug #877355)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        [wheezy] - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
 CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference 
vulnerability in ...)
-       - imagemagick <unfixed> (bug #877354)
+       - imagemagick <unfixed> (low; bug #877354)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        [wheezy] - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/722
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97
@@ -5881,6 +5897,8 @@
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
 CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in 
TIFFIgnoreTags in ...)
        - imagemagick <unfixed> (bug #878541)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        [wheezy] - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/719
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
@@ -5971,7 +5989,9 @@
        NOT-FOR-US: geminabox
 CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 
7.0.7-1 ...)
        {DLA-1131-1}
-       - imagemagick <unfixed> (bug #878545)
+       - imagemagick <unfixed> (low; bug #878545)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
@@ -13750,7 +13770,8 @@
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
 CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a 
crafted PNG ...)
        {DSA-4019-1 DLA-1081-1}
-       - imagemagick 8:6.9.7.4+dfsg-15 (bug #870105)
+       - imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870105)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
 CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote 
authenticated ...)
@@ -13887,6 +13908,8 @@
 CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was 
found in ...)
        {DSA-4019-1}
        - imagemagick 8:6.9.7.4+dfsg-14 (bug #870014)
+       [stretch] - imagemagick <no-dsa> (Minor issue)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        [wheezy] - imagemagick <not-affected> (vulnerable code not present)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/547
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375
@@ -20404,6 +20427,7 @@
 CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in 
the ...)
        {DSA-4019-1 DLA-1000-1}
        - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/500
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d
        NOTE: Fixed by (6.x): 
https://github.com/ImageMagick/ImageMagick/commit/837085e7725f6eb591eb019e299c1ddcf34b9a79


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57507 - data/CVE

Reply via email to