CVE-2018-13153 (https://nvd.nist.gov/vuln/detail/CVE-2018-13153): In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
We skipped multiple releases due to bug 653752. @ Arches, please test and mark stable: =media-gfx/imagemagick-6.9.10.5 =media-gfx/imagemagick-7.0.8.5
x86 stable
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5df30919fe628d391d66c825cb3326507dc7c81 commit f5df30919fe628d391d66c825cb3326507dc7c81 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-07-10 18:52:47 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-10 19:10:31 +0000 media-gfx/imagemagick: stable 7.0.8.5 for sparc Bug: https://bugs.gentoo.org/660826 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="sparc" media-gfx/imagemagick/imagemagick-7.0.8.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4103625c51413114b2a5d93df49cff4f0743834 commit c4103625c51413114b2a5d93df49cff4f0743834 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-07-10 18:51:58 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-10 19:10:30 +0000 media-gfx/imagemagick: stable 6.9.10.5 for sparc Bug: https://bugs.gentoo.org/660826 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="sparc" media-gfx/imagemagick/imagemagick-6.9.10.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
It seems that version 7.0.8-5 has been removed from the image magick servers already, as they have released 7.0.8-6 and the current ebuild fails to download the source code. https://www.imagemagick.org/script/changelog.php You'll probably have to create a submit an ebuild for image magick version 7.0.8-6 now. >>> Downloading 'https://www.imagemagick.org/download/ImageMagick-7.0.8-5.tar.xz' --2018-07-12 17:26:24-- https://www.imagemagick.org/download/ImageMagick-7.0.8-5.tar.xz Resolving www.imagemagick.org... 198.72.81.86 Connecting to www.imagemagick.org|198.72.81.86|:443... connected. HTTP request sent, awaiting response... 404 Not Found 2018-07-12 17:26:24 ERROR 404: Not Found. !!! Couldn't download 'ImageMagick-7.0.8-5.tar.xz'. Aborting. * Fetch failed for 'media-gfx/imagemagick-7.0.8.5', Log file: * '/var/tmp/portage/media-gfx/imagemagick-7.0.8.5/temp/build.log' >>> Failed to emerge media-gfx/imagemagick-7.0.8.5, Log file: Also none of the Gentoo source code mirrors has that file.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ca00091e28512459e61c550b12bd097d649b5a4 commit 1ca00091e28512459e61c550b12bd097d649b5a4 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-14 17:59:00 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-14 17:59:00 +0000 media-gfx/imagemagick: stable 7.0.8.5 for ia64, bug #660826 Bug: https://bugs.gentoo.org/660826 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" media-gfx/imagemagick/imagemagick-7.0.8.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=073a0c7e0861c5e3f86fc94d3bf44d1be4ca18da commit 073a0c7e0861c5e3f86fc94d3bf44d1be4ca18da Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-14 17:58:53 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-14 17:58:53 +0000 media-gfx/imagemagick: stable 6.9.10.5 for ia64, bug #660826 Bug: https://bugs.gentoo.org/660826 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" media-gfx/imagemagick/imagemagick-6.9.10.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77d189408518015bc704a378f3f51252058f13b1 commit 77d189408518015bc704a378f3f51252058f13b1 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-14 20:13:31 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-14 20:13:31 +0000 media-gfx/imagemagick: stable 7.0.8.5 for ppc, bug #660826 Bug: https://bugs.gentoo.org/660826 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" media-gfx/imagemagick/imagemagick-7.0.8.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f826cca86bad64c3c133eca1c4a3ac994943dfe7 commit f826cca86bad64c3c133eca1c4a3ac994943dfe7 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-14 20:13:20 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-14 20:13:20 +0000 media-gfx/imagemagick: stable 6.9.10.5 for ppc, bug #660826 Bug: https://bugs.gentoo.org/660826 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" media-gfx/imagemagick/imagemagick-6.9.10.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Stable on alpha.
arm stable
ppc64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dd8e1bbec875864fb2d989f301ae22989a5427a commit 2dd8e1bbec875864fb2d989f301ae22989a5427a Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-08-04 23:19:34 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-08-04 23:25:59 +0000 media-gfx/imagemagick: move stable keywords Bug: https://bugs.gentoo.org/660826 Package-Manager: Portage-2.3.44, Repoman-2.3.10 media-gfx/imagemagick/imagemagick-6.9.10.8.ebuild | 2 +- media-gfx/imagemagick/imagemagick-7.0.8.8.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
All done, repository is clean.
GLSA Vote: No
