diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-02 22:14:07 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-02 22:14:07 +0200 |
| commit | 7f5e2ed0fddc73403b6f6f665006727c6ed559cf (patch) | |
| tree | db192f8e45925c9592b652458ee1a5b0d1fa30de | |
| parent | e9becb90075efee7161b23df6a10549ca7d55358 (diff) | |
NFU
one IM fixup in CVE list
| -rw-r--r-- | data/CVE/list | 21 | ||||
| -rw-r--r-- | data/DSA/list | 2 |
2 files changed, 12 insertions, 11 deletions
diff --git a/data/CVE/list b/data/CVE/list index 455a3a05b6..7f3e611d85 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -977,7 +977,7 @@ CVE-2020-15048 CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...) - trojita <itp> (bug #795701) CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...) - TODO: check + NOT-FOR-US: Node traceroute CVE-2018-21267 RESERVED CVE-2018-21266 @@ -14490,7 +14490,8 @@ CVE-2020-10253 CVE-2020-10252 RESERVED CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...) - - imagemagick <unfixed> (bug #953741) + - imagemagick <unfixed> (low; bug #953741) + [buster] - imagemagick <ignored> (Minor issue) [stretch] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support) [jessie] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859 @@ -20332,7 +20333,7 @@ CVE-2020-7818 CVE-2020-7817 RESERVED CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...) - TODO: check + NOT-FOR-US: DaView CVE-2020-7815 RESERVED CVE-2020-7814 @@ -20586,9 +20587,9 @@ CVE-2020-7691 CVE-2020-7690 RESERVED CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...) - TODO: check + NOT-FOR-US: Node bcrypt CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...) - TODO: check + NOT-FOR-US: Node mversion CVE-2020-7687 RESERVED CVE-2020-7686 @@ -20606,7 +20607,7 @@ CVE-2020-7681 CVE-2020-7680 RESERVED CVE-2020-7679 (The mergeObjects utility function is susceptible to Prototype Pollutio ...) - TODO: check + NOT-FOR-US: Node casperjs CVE-2020-7678 RESERVED CVE-2020-7677 @@ -20619,9 +20620,9 @@ CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex- NOTE: https://github.com/angular/angular.js/pull/17028 NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. ...) - TODO: check + NOT-FOR-US: Node cd-messenger CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. ...) - TODO: check + NOT-FOR-US: Node access-policy CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. U ...) TODO: check CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User inp ...) @@ -59014,8 +59015,8 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...) {DSA-4712-1} - - imagemagick <unfixed> (bug #931447) - [stretch] - imagemagick <postponed> (Needs further clarification on patch) + - imagemagick <unfixed> (low; bug #931447) + [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01 diff --git a/data/DSA/list b/data/DSA/list index a3cd0b4963..2a47bbe623 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -12,7 +12,7 @@ [stretch] - firefox-esr 68.10.0esr-1~deb9u1 [buster] - firefox-esr 68.10.0esr-1~deb10u1 [30 Jun 2020] DSA-4712-1 imagemagick - security update - {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949} + {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949 CVE-2019-13391} [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1 [29 Jun 2020] DSA-4711-1 coturn - security update {CVE-2020-4067 CVE-2020-6061 CVE-2020-6062} |