Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 173186
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Drew <aetius@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 173186 depends on: Show dependency tree
Bug 173186 blocks: 152672 159567

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-04-02 19:23 0000 
Multiple heap and integer overflows in two different imagemagick modules.
6.3.3-5 is the only version listed as not vulnerable.  No CVE yet.

------- Comment #1 From Matt Drew 2007-04-02 19:24:41 0000 ------- 
setting status.

------- Comment #2 From Jonathan Smith 2007-04-02 20:25:50 0000 ------- 
from the idefense advisory:

"iDefense has confirmed the existence of these vulnerabilities in ImageMagick
version 6.3.x. Additionally, the source code for versions 6.3.1, 6.3.2, 6.3.3-3
and 6.2.9 contain the affected code. It is suspected that earlier versions of
ImageMagick are also vulnerable."

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-04-03 15:29:47 0000 ------- 
Pulling in herd.

------- Comment #4 From Jonathan Smith 2007-04-03 15:35:17 0000 ------- 
this issue has been assigned CVE-2007-1797

------- Comment #5 From Bryan Østergaard (RETIRED) 2007-04-17 11:50:31 0000 ------- 
Bumped to 6.3.3-8 in CVS which should fix all these issues afaik.

------- Comment #6 From Sune Kloppenborg Jeppesen 2007-04-17 14:00:05 0000 ------- 
Thx Kloeri (I had hoped for a real maintainer though)

Arches please test and mark stable. Target keywords are:

imagemagick-6.3.3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64
s390 sh sparc x86 ~x86-fbsd"

------- Comment #7 From Gustavo Zacarias (RETIRED) 2007-04-17 17:20:54 0000 ------- 
sparc stable.

------- Comment #8 From Raúl Porcel 2007-04-17 18:28:31 0000 ------- 
ia64 + x86 stable

------- Comment #9 From Peter Weller 2007-04-17 18:37:47 0000 ------- 
amd64 stable

------- Comment #10 From Jeroen Roovers 2007-04-17 20:56:49 0000 ------- 
Stable for HPPA.

------- Comment #11 From Chris Gianelloni (RETIRED) 2007-04-18 16:01:23 0000 ------- 
alpha done

------- Comment #12 From Markus Rothe 2007-04-19 18:30:46 0000 ------- 
ppc64 stable

------- Comment #13 From Tobias Scherbaum 2007-04-22 06:04:47 0000 ------- 
ppc stable, this one is ready for GLSA.

------- Comment #14 From Sune Kloppenborg Jeppesen 2007-05-10 18:56:30 0000 ------- 
GLSA 200705-13

arm, mips, s390, sh don't forget to mark stable to benifit from the GLSA.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug