Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 295429 - =media-gfx/graphicsmagick-1.3.7: ltdl.c in libltts to open a .la file in the current working directory (CVE-2009-3736)dl attemp
Summary: =media-gfx/graphicsmagick-1.3.7: ltdl.c in libltts to open a .la file in the ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://cvs.graphicsmagick.org/cgi-bin...
Whiteboard: ~1 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-02 11:59 UTC by Arseny Solokha
Modified: 2010-04-10 16:15 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
The fix (cve-2009-3736.patch,846 bytes, patch)
2009-12-02 12:01 UTC, Arseny Solokha 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arseny Solokha 2009-12-02 11:59:20 UTC 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736

CVE-2009-3736 is currently under review, but there's a fix for this issue in project's CVS HEAD. Attached path could be applied against GraphicsMagick 1.3.7.

Reproducible: Always

Steps to Reproduce:
Comment 1 Arseny Solokha 2009-12-02 12:01:21 UTC 
Created attachment 211756 [details, diff]
The fix

This patch upgrades version of libltdl which comes with GraphicsMagick to 2.2.6b.
Comment 2 Arseny Solokha 2010-01-24 16:05:51 UTC 
This patch has been added to the portage tree on January 11, 2009. Should this bug be closed now?
Comment 3 Arseny Solokha 2010-02-22 17:56:39 UTC 
GraphicsMagick 1.3.7 has been removed from the Portage tree on February 14, 2010. Newer versions have this bug fixed. This report is quite objectless now and should be closed.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-10 16:15:12 UTC 
Closing NOGLSA, as there never was a stable version.