Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 69825
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Andreas Kobara <abusch@gmx.net>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 69825 depends on: Show dependency tree
Bug 69825 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-11-02 04:42 0000 
An updated version of Imagemagick is available: 6.1.3

The changelog mentions a buffer-overflow in the exif-loader code,
which was fixed in 6.1.2:

2004-10-25 Daniel Kobras <kobras@debian.org>
* Fix EXIF code to prevent an overflow of the ifdstack array by one entry.

------- Comment #1 From Sune Kloppenborg Jeppesen 2004-11-02 05:04:49 0000 ------- 
Graphics please bump

------- Comment #2 From Karol Wojtaszek (RETIRED) 2004-11-02 07:58:42 0000 ------- 
imagemagick-6.1.3.2 added to portage

------- Comment #3 From Sune Kloppenborg Jeppesen 2004-11-02 08:20:09 0000 ------- 
Arches please mark imagemagick and dev-perl/perlmagick 6.1.3.2 stable.

------- Comment #4 From Karol Wojtaszek (RETIRED) 2004-11-02 09:36:28 0000 ------- 
Stable on amd64.

------- Comment #5 From Michael Hanselmann (hansmi) (RETIRED) 2004-11-02 10:35:26 0000 ------- 
Stable on ppc.

------- Comment #6 From Gustavo Zacarias (RETIRED) 2004-11-02 11:03:23 0000 ------- 
Ok, arches DON'T MARK STABLE.
This ebuild as it is breaks libtool...

------- Comment #7 From Karol Wojtaszek (RETIRED) 2004-11-02 11:32:52 0000 ------- 
*** Bug 67553 has been marked as a duplicate of this bug. ***

------- Comment #8 From Gustavo Zacarias (RETIRED) 2004-11-02 12:11:32 0000 ------- 
sparc stable, sekretarz fixed the ebuild.

------- Comment #9 From Bryan Østergaard (RETIRED) 2004-11-03 01:04:27 0000 ------- 
Stable on alpha.

------- Comment #10 From SpanKY 2004-11-03 21:34:29 0000 ------- 
hppa/ia64 stable

------- Comment #11 From Olivier Crete 2004-11-04 08:02:54 0000 ------- 
stable on x86

------- Comment #12 From Thierry Carrez (RETIRED) 2004-11-04 09:26:29 0000 ------- 
I am not sure "Fix EXIF code to prevent an overflow of the ifdstack array by
one entry" means it could be exploited to execute arbitrary code... Any other
advisory or upstream confirmation ?

------- Comment #13 From Sune Kloppenborg Jeppesen 2004-11-04 11:29:43 0000 ------- 
Secunia thinks so:
http://secunia.com/advisories/12995/

------- Comment #14 From Thierry Carrez (RETIRED) 2004-11-04 11:39:19 0000 ------- 
Looks ok to me... go for a GLSA
CAN-2004-0981

------- Comment #15 From Sune Kloppenborg Jeppesen 2004-11-06 05:54:18 0000 ------- 
Back to stable, missing stable on ppc and ppc64. Please mark 6.1.3.2 stable

------- Comment #16 From Markus Rothe 2004-11-06 06:31:30 0000 ------- 
stable on ppc64

------- Comment #17 From Lars Weiler (RETIRED) 2004-11-06 09:33:52 0000 ------- 
ppc finally done

------- Comment #18 From Sune Kloppenborg Jeppesen 2004-11-06 10:57:58 0000 ------- 
GLSA 200411-11

------- Comment #19 From Hardave Riar (RETIRED) 2004-11-08 04:46:34 0000 ------- 
Stable on mips.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug