Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (2)
imagemagick fixed in experimental
· 91073695
Moritz Muehlenhoff
authored
Jul 02, 2018
91073695
Merge branch 'master' of
https://salsa.debian.org/security-tracker-team/security-tracker
· be07d31b
Moritz Muehlenhoff
authored
Jul 02, 2018
be07d31b
Show whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
be07d31b
...
...
@@ -1179,12 +1179,14 @@ CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in input-tga.
NOTE: https://github.com/pts/sam2p/issues/41
CVE-2018-12600 (In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in ...)
{DLA-1394-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed> (bug #902728)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1178
NOTE: https://github.com/ImageMagick/ImageMagick/commit/921f208c2ea3cc45847f380257f270ff424adfff
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ae71c12bbaa34d942e036824ff389c22b7dacade
CVE-2018-12599 (In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in ...)
{DLA-1394-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed> (bug #902727)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1177
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ae04fa4be910255e5d363edebd77adeee99a525d
...
...
@@ -3673,6 +3675,7 @@ CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that o
CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
NOT-FOR-US: SELA
CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed>
[stretch] - imagemagick <not-affected> (Vulnerable code not present)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
...
...
@@ -3680,6 +3683,7 @@ CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/406ebfe09b62858b17ab3ee11f67171d43d9a76e
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1156
CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed>
[stretch] - imagemagick <not-affected> (Vulnerable code not present)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
...
...
@@ -5789,9 +5793,11 @@ CVE-2018-10807
CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross ...)
NOT-FOR-US: Frog CMS
CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed> (unimportant; bug #898218)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1054
CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed> (unimportant; bug #898217)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
...
...
@@ -7411,6 +7417,7 @@ CVE-2018-10179
CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allows ...)
NOT-FOR-US: FromDocToPDF extension for Ghrome
CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed> (bug #896018)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
...
...
@@ -9931,6 +9938,7 @@ CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-re
CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename ...)
NOT-FOR-US: DedeCMS
CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed> (low; bug #894848)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
...
...
@@ -43958,6 +43966,7 @@ CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Des
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582
CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...)
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick <unfixed> (bug #878544)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
