662870 – <media-gfx/graphicsmagick-1.3.30: multiple vulnerabilities

Bug 662870 - <media-gfx/graphicsmagick-1.3.30: multiple vulnerabilities

Summary: <media-gfx/graphicsmagick-1.3.30: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2018-08-05 21:43 UTC by Thomas Deutschmann (RETIRED)
Modified:	2019-03-24 04:55 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	media-gfx/graphicsmagick-1.3.30
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-05 21:43:49 UTC

From 1.3.30 changelog:

Security Fixes:

    GraphicsMagick is now participating in Google's oss-fuzz project due to
    the contributions and assistance of Alex Gaynor. Since February 4 2018,
    238 issues have been opened by oss-fuzz and 230 of those issues have
    been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list
    under search term "graphicsmagick". Issues are available for anyone to
    view and duplicate if they have been in "Verified" status for 30 days,
    or if they have been in "New" status for 90 days. There are too many
    fixes to list here. Please consult the GraphicsMagick ChangeLog file,
    Mercurial repository commit log, and the oss-fuzz issues list for
    details.

    SVG/Rendering: Fix heap write overflow of PrimitiveInfo and PointInfo
    arrays. This is another manefestation of CVE-2016-2317, which should
    finally be fixed correctly due to active detection/correction of
    pending overflow rather than using estimation.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-05 21:45:40 UTC

@ Arches,

please test and mark stable: =media-gfx/graphicsmagick-1.3.30

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-06 22:21:26 UTC

x86 stable

Comment 3 Agostino Sarubbo gentoo-dev

2018-08-07 08:50:39 UTC

amd64 stable

Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev

2018-08-11 19:02:38 UTC

hppa stable

Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev

2018-08-11 19:03:24 UTC

ia64 stable

Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev

2018-08-11 19:06:07 UTC

ppc64 stable

Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev

2018-08-11 19:10:22 UTC

ppc stable

Comment 8 Tobias Klausmann (RETIRED) gentoo-dev

2018-09-13 19:24:22 UTC

Stable on alpha.