[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-10714/imagemagick

Sun, 14 Jul 2019 12:51:00 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
24ee5a44 by Salvatore Bonaccorso at 2019-07-14T19:48:01Z
Update information on CVE-2019-10714/imagemagick

The issue is not present up to the current version in unstable as the
issue was introduced while fixing upstrema issue 1455, which is only in
6.9.10-25 upstream. The fix for that introduced the problematic code in
magick/locale.c triggering the issue as reported for CVE-2019-10714.

Unless for unstable imagemagick will be updated to something between
6.9.10-25 and 6.9.10-32 the issue will not be present in Debian.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7467,13 +7467,10 @@ CVE-2019-10716
 CVE-2019-10715
        RESERVED
 CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 
7.0.8-32  ...)
-       - imagemagick <unfixed>
-       [buster] - imagemagick <ignored> (Minor issue)
-       [stretch] - imagemagick <ignored> (Minor issue)
-       [jessie] - imagemagick <ignored> (Minor issue)
+       - imagemagick <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1495
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/aa6a769bd85f6750c26e53e53dcd8a2678745501
-       TODO: check, potentially only introduced in later versions than present 
in unstable as LocaleLowercase not present, but check if present before 
refactoring
+       NOTE: Issue introduced while fixing 
https://github.com/ImageMagick/ImageMagick/issues/1455
 CVE-2019-10713
        RESERVED
 CVE-2019-10712 (The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 
750-831 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24ee5a443327daf3ea329a39f765f00550ac0f0b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24ee5a443327daf3ea329a39f765f00550ac0f0b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to