Attachment #177007 for bug #214514

View | Details | Raw Unified | Return to bug 214514
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="e1f67063-aab4-11e6-b2d3-60a44ce6887b">
    <topic>ImageMagick7 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>ImageMagick7</name>
	<range><le>7.0.3.6</le></range>
      </package>
      <package>
	<name>ImageMagick7-nox11</name>
	<range><le>7.0.3.6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Multiple sources report:</p>
	<blockquote cite="https://github.com/ImageMagick/ImageMagick/issues/296">
	  <p>CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31</p>
	</blockquote>
	<blockquote cite="https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/">
	  <p>CVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.</p>
	</blockquote>
	<blockquote cite="https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/">
	  <p>CVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.</p>
	</blockquote>
      </body>
    </description>
    <references>
	<url>https://github.com/ImageMagick/ImageMagick/issues/296</url>
	<url>https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/</url>
	<url>https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/</url>
	<cvename>CVE-2016-9298</cvename>
	<cvename>CVE-2016-8866</cvename>
	<cvename>CVE-2016-8862</cvename>
    </references>
    <dates>
      <discovery>2016-09-14</discovery>
      <entry>2016-11-14</entry>
    </dates>
  </vuln>

  <vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84">
    <topic>lives -- insecure files permissions</topic>
    <affects>

Return to bug 214514

Lines 58-63 Link Here

(-)security/vuxml/vuln.xml (+40 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="e1f67063-aab4-11e6-b2d3-60a44ce6887b">
		62	<topic>ImageMagick7 -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>ImageMagick7</name>
		66	<range><le>7.0.3.6</le></range>
		67	</package>
		68	<package>
		69	<name>ImageMagick7-nox11</name>
		70	<range><le>7.0.3.6</le></range>
		71	</package>
		72	</affects>
		73	<description>
		74	<body xmlns="http://www.w3.org/1999/xhtml">
		75	<p>Multiple sources report:</p>
		76	<blockquote cite="https://github.com/ImageMagick/ImageMagick/issues/296">
		77	<p>CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31</p>
		78	</blockquote>
		79	<blockquote cite="https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/">
		80	<p>CVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.</p>
		81	</blockquote>
		82	<blockquote cite="https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/">
		83	<p>CVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.</p>
		84	</blockquote>
		85	</body>
		86	</description>
		87	<references>
		88	<url>https://github.com/ImageMagick/ImageMagick/issues/296</url>
		89	<url>https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/</url>
		90	<url>https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/</url>
		91	<cvename>CVE-2016-9298</cvename>
		92	<cvename>CVE-2016-8866</cvename>
		93	<cvename>CVE-2016-8862</cvename>
		94	</references>
		95	<dates>
		96	<discovery>2016-09-14</discovery>
		97	<entry>2016-11-14</entry>
		98	</dates>
		99	</vuln>
		100
61	<vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84">	101	<vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84">
62	<topic>lives -- insecure files permissions</topic>	102	<topic>lives -- insecure files permissions</topic>
63	<affects>	103	<affects>