First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 119476
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 119476 depends on: Show dependency tree
Bug 119476 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-01-18 12:19 0000 
GraphicsMagick is apprently also subject to format string issues described in
bug 83542.

------- Comment #1 From Sune Kloppenborg Jeppesen 2006-01-30 13:40:47 0000 ------- 
Calling grapics herd _very_ late to advise on this.

------- Comment #2 From Marcelo Goes 2006-01-30 14:41:05 0000 ------- 
I suppose this is the equivalent in GraphicsMagick magick/image.c:

      /*
        Rectify multi-image file support.
      */
      FormatString(filename,image_info->filename,0);
      if ((LocaleCompare(filename,image_info->filename) != 0) &&
          (strchr(filename,'%') == (char *) NULL))
        image_info->adjoin=False;
      magick_info=GetMagickInfo(magic,exception);
      if (magick_info != (const MagickInfo *) NULL)
        image_info->adjoin&=magick_info->adjoin;
      return(True);
    }
  if (image_info->affirm)
    return(True);
  /*
    Determine the image format from the first few bytes of the file.
  */

------- Comment #3 From Thierry Carrez (RETIRED) 2006-02-09 10:57:50 0000 ------- 
vanquirius: yes, please apply same patch ?

------- Comment #4 From Bryan Østergaard (RETIRED) 2006-02-12 14:29:10 0000 ------- 
I bumped graphicsmagick to 1.1.7 and applied taviso's patch from the
imagemagick bug. The code is a bit different from imagemagick and I can't
reproduce the issue with this patch as described in the debian bugtracker.

That said, this patch may or may not be correct - an extra set of eyes would
probably be in order :)

------- Comment #5 From Marcelo Goes 2006-02-12 14:34:59 0000 ------- 
-      FormatString(filename,image_info->filename,0);
+      FormatString(filename,"%s",image_info->filename,0);

Looks good to me.

------- Comment #6 From Thierry Carrez (RETIRED) 2006-02-21 10:24:19 0000 ------- 
Arches please test and mark 1.1.7 stable

------- Comment #7 From Joshua Jackson 2006-02-22 00:18:57 0000 ------- 
x86 stable \(^.^)/

------- Comment #8 From Tobias Scherbaum 2006-02-22 11:43:02 0000 ------- 
ppc stable

------- Comment #9 From Thierry Carrez (RETIRED) 2006-02-26 08:14:21 0000 ------- 
GLSA 200602-13
First Last Prev Next    No search results available      Search page      Enter new bug