jmm-guest at alioth.debian.org
2008-Oct-10 23:21 UTC
[Secure-testing-commits] r10054 - data/CVE
Author: jmm-guest Date: 2008-10-10 23:21:45 +0000 (Fri, 10 Oct 2008) New Revision: 10054 Modified: data/CVE/list Log: Lenny triage: - imagemagick NMUed for CVE-2008-1096 - graphicsmagick NMUed for CVE-2008-1096, was only fixed in exp. - graphicsmagick crashes hardly security-relevant Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-10 22:08:43 UTC (rev 10053) +++ data/CVE/list 2008-10-10 23:21:45 UTC (rev 10054) @@ -3342,10 +3342,12 @@ CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...) NOT-FOR-US: Soldner Secret Wars CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...) - - graphicsmagick <unfixed> (low; bug #491439) + - graphicsmagick <unfixed> (unimportant; bug #491439) NOTE: several DoS fixed in 1.2.4 according to upstream NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253 TODO: check imagemagick + NOTE: *magick don''t really meet the robustness/quality criteria to treat such crashes as + NOTE: security issues CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...) NOT-FOR-US: BareNuked CMS CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...) @@ -8182,8 +8184,8 @@ - graphicsmagick 1.1.7-13 - imagemagick 7:6.2.4.5.dfsg1-1 CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ...) - - imagemagick <unfixed> (low; bug #414370) - - graphicsmagick 1.2.3-1 (low; bug #414370) + - imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370) + - graphicsmagick 1.1.11-3.2 (medium; bug #414370) CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...) NOT-FOR-US: Sun Solaris CVE-2008-1094