CVE-2017-12670,imagemagick: postponed

Upstream patch appears to be incomplete. Needs further investigation.
author: Markus Koschany <apo@debian.org> 2020-09-07 19:06:39 +0200
committer: Markus Koschany <apo@debian.org> 2020-09-07 19:08:01 +0200
commit: bf2942e79f080b530ffab2df57092369e5d7422b (patch)
tree: bb5d84c9e8a2ff60cd2c2901705629d73ffcacff /data/CVE/2017.list
parent: daf4ce159f72a9f9dc3660183de27cacd8b8cf3b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 291653b439..9532cf216c 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -20408,9 +20408,11 @@ CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through
 CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c,  ...)
 	{DLA-2366-1 DLA-1785-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
+	[stretch] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
+	NOTE: Upstream patch is apparently incomplete. POC still triggers segfault.
 CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...)
 	{DLA-2366-1 DLA-1785-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
author	Markus Koschany <apo@debian.org>	2020-09-07 19:06:39 +0200
committer	Markus Koschany <apo@debian.org>	2020-09-07 19:08:01 +0200
commit	bf2942e79f080b530ffab2df57092369e5d7422b (patch)
tree	bb5d84c9e8a2ff60cd2c2901705629d73ffcacff /data/CVE/2017.list
parent	daf4ce159f72a9f9dc3660183de27cacd8b8cf3b (diff)