Multiple heap and integer overflows in two different imagemagick modules. 6.3.3-5 is the only version listed as not vulnerable. No CVE yet.
setting status.
from the idefense advisory: "iDefense has confirmed the existence of these vulnerabilities in ImageMagick version 6.3.x. Additionally, the source code for versions 6.3.1, 6.3.2, 6.3.3-3 and 6.2.9 contain the affected code. It is suspected that earlier versions of ImageMagick are also vulnerable."
Pulling in herd.
this issue has been assigned CVE-2007-1797
Bumped to 6.3.3-8 in CVS which should fix all these issues afaik.
Thx Kloeri (I had hoped for a real maintainer though) Arches please test and mark stable. Target keywords are: imagemagick-6.3.3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
sparc stable.
ia64 + x86 stable
amd64 stable
Stable for HPPA.
alpha done
ppc64 stable
ppc stable, this one is ready for GLSA.
GLSA 200705-13 arm, mips, s390, sh don't forget to mark stable to benifit from the GLSA.