Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 69825 - media-gfx/imagemagick 6.1.3 buffer overflow fix
Summary: media-gfx/imagemagick 6.1.3 buffer overflow fix
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: http://www.imagemagick.org/www/Change...
Whiteboard: A2 [glsa] jaervosz
Keywords:
: 67553 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-11-02 04:42 UTC by Andreas Kobara
Modified: 2004-11-08 04:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Kobara 2004-11-02 04:42:38 UTC
An updated version of Imagemagick is available: 6.1.3

The changelog mentions a buffer-overflow in the exif-loader code,
which was fixed in 6.1.2:

2004-10-25 Daniel Kobras <kobras@debian.org>
* Fix EXIF code to prevent an overflow of the ifdstack array by one entry.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-02 05:04:49 UTC
Graphics please bump
Comment 2 Karol Wojtaszek (RETIRED) gentoo-dev 2004-11-02 07:58:42 UTC
imagemagick-6.1.3.2 added to portage
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-02 08:20:09 UTC
Arches please mark imagemagick and dev-perl/perlmagick 6.1.3.2 stable.
Comment 4 Karol Wojtaszek (RETIRED) gentoo-dev 2004-11-02 09:36:28 UTC
Stable on amd64.
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2004-11-02 10:35:26 UTC
Stable on ppc.
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2004-11-02 11:03:23 UTC
Ok, arches DON'T MARK STABLE.
This ebuild as it is breaks libtool...
Comment 7 Karol Wojtaszek (RETIRED) gentoo-dev 2004-11-02 11:32:52 UTC
*** Bug 67553 has been marked as a duplicate of this bug. ***
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2004-11-02 12:11:32 UTC
sparc stable, sekretarz fixed the ebuild.
Comment 9 Bryan Østergaard (RETIRED) gentoo-dev 2004-11-03 01:04:27 UTC
Stable on alpha.
Comment 10 SpanKY gentoo-dev 2004-11-03 21:34:29 UTC
hppa/ia64 stable
Comment 11 Olivier Crete (RETIRED) gentoo-dev 2004-11-04 08:02:54 UTC
stable on x86
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2004-11-04 09:26:29 UTC
I am not sure "Fix EXIF code to prevent an overflow of the ifdstack array by one entry" means it could be exploited to execute arbitrary code... Any other advisory or upstream confirmation ?
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-04 11:29:43 UTC
Secunia thinks so:
http://secunia.com/advisories/12995/
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2004-11-04 11:39:19 UTC
Looks ok to me... go for a GLSA
CAN-2004-0981
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-06 05:54:18 UTC
Back to stable, missing stable on ppc and ppc64. Please mark 6.1.3.2 stable
Comment 16 Markus Rothe (RETIRED) gentoo-dev 2004-11-06 06:31:30 UTC
stable on ppc64
Comment 17 Lars Weiler (RETIRED) gentoo-dev 2004-11-06 09:33:52 UTC
ppc finally done
Comment 18 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-06 10:57:58 UTC
GLSA 200411-11
Comment 19 Hardave Riar (RETIRED) gentoo-dev 2004-11-08 04:46:34 UTC
Stable on mips.