Univention Bugzilla – Full Text Bug Listing |
Summary: | imagemagick: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 5.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) | ||
Bug Depends on: | 47550 | ||
Bug Blocks: |
Description
Quality Assurance
2018-08-09 10:19:10 CEST
--- mirror/ftp/4.2/unmaintained/4.2-4/source/imagemagick_6.8.9.9-5+deb8u11.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/imagemagick_6.8.9.9-5+deb8u13.dsc @@ -1,3 +1,32 @@ +8:6.8.9.9-5+deb8u13 [Thu, 21 Jun 2018 19:52:55 -0400] Roberto C. Sanchez <roberto@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-11251: heap-based buffer over-read and application crash via a + crafted SUN image. + * CVE-2018-12599: out of bounds write via a crafted BMP image. + * CVE-2018-12600: out of bounds write via a crafted DIB image. + +8:6.8.9.9-5+deb8u12 [Sun, 06 May 2018 18:28:48 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload. + * Fix the following security vulnerabilities: + - CVE-2017-10995: heap-based buffer over-read and application crash via a + crafted MNG image. (Closes: #867748) + - CVE-2017-11533: heap-based buffer over-read in the WriteUILImage() + function in coders/uil.c. (Closes: #869834) + - CVE-2017-11535: heap-based buffer over-read in the WritePSImage() + function in coders/ps.c. (Closes: #869827) + - CVE-2017-11639: heap-based buffer over-read in the WriteCIPImage() + function in coders/cip.c. (Closes: #870065) + - CVE-2017-13143: ReadMATImage function in coders/mat.c uses uninitialized + data, which might allow remote attackers to obtain sensitive information + from process memory. (Closes: #870012) + - CVE-2017-17504: heap-based buffer over-read. (Closes: #885340) + - CVE-2017-17879: heap-based buffer over-read in ReadOneMNGImage + in coders/png.c. (Closes: #885125) + - CVE-2018-5248: heap-based buffer over-read in coders/sixel.c + in the ReadSIXELImage function. (Closes: #886588) + 8:6.8.9.9-5+deb8u11 [Thu, 16 Nov 2017 23:13:59 +0100] Moritz Muehlenhoff <jmm@debian.org>: * Multiple security fixes <http://10.200.17.11/4.2-4/#745573269296407109> libimage-magick-q16-perl : Depends: perl (>= 5.20.2-3+deb8u11) --- mirror/ftp/4.2/unmaintained/4.2-4/source/imagemagick_6.8.9.9-5+deb8u11.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/imagemagick_6.8.9.9-5+deb8u13.dsc @@ -1,3 +1,32 @@ +8:6.8.9.9-5+deb8u13 [Thu, 21 Jun 2018 19:52:55 -0400] Roberto C. Sanchez <roberto@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-11251: heap-based buffer over-read and application crash via a + crafted SUN image. + * CVE-2018-12599: out of bounds write via a crafted BMP image. + * CVE-2018-12600: out of bounds write via a crafted DIB image. + +8:6.8.9.9-5+deb8u12 [Sun, 06 May 2018 18:28:48 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload. + * Fix the following security vulnerabilities: + - CVE-2017-10995: heap-based buffer over-read and application crash via a + crafted MNG image. (Closes: #867748) + - CVE-2017-11533: heap-based buffer over-read in the WriteUILImage() + function in coders/uil.c. (Closes: #869834) + - CVE-2017-11535: heap-based buffer over-read in the WritePSImage() + function in coders/ps.c. (Closes: #869827) + - CVE-2017-11639: heap-based buffer over-read in the WriteCIPImage() + function in coders/cip.c. (Closes: #870065) + - CVE-2017-13143: ReadMATImage function in coders/mat.c uses uninitialized + data, which might allow remote attackers to obtain sensitive information + from process memory. (Closes: #870012) + - CVE-2017-17504: heap-based buffer over-read. (Closes: #885340) + - CVE-2017-17879: heap-based buffer over-read in ReadOneMNGImage + in coders/png.c. (Closes: #885125) + - CVE-2018-5248: heap-based buffer over-read in coders/sixel.c + in the ReadSIXELImage function. (Closes: #886588) + 8:6.8.9.9-5+deb8u11 [Thu, 16 Nov 2017 23:13:59 +0100] Moritz Muehlenhoff <jmm@debian.org>: * Multiple security fixes <http://10.200.17.11/4.2-4/#5917489926512356401> OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 79c9753fa9 Bug #47537: imagemagick 8:6.8.9.9-5+deb8u13 doc/errata/staging/imagemagick.yaml | 202 ++++-------------------------------- 1 file changed, 19 insertions(+), 183 deletions(-) [4.2-4] 7c6fed3645 Bug #47537: imagemagick 8:6.8.9.9-5+deb8u13 doc/errata/staging/imagemagick.yaml | 203 ++++++++++++++++++++++++++++++++++++ 1 file changed, 203 insertions(+) |