Summary: | media-gfx/imagemagick-6.2.4.2 contains insecure RUNPATH's | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Ashu Tiwary <ashutiwary> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | graphics+disabled | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | A2? [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | |||||||
Bug Blocks: | 81745 | ||||||
Attachments: |
|
Description
Ashu Tiwary
2005-09-12 12:10:37 UTC
Created attachment 68278 [details]
logfile for "emerge -v media-gfx/imagemagick"
i was able to successfully emerge imagemagick using the makemaker perl hack described in bug id 105054 This should be automatically fixed when the MakeMaker patch from bug 105054 is committed, just requiring a bump to propagate. Reporter : could you please check that it still happens after the latest Perl upgrade... this emerge works fine now after the last perl update (perl-5.8.7-r1) Common GLSA with other RUNPATH issues graphics team: we'll need a revbumps with the new Perl DEPEND so that currently affected users get their version as "vulnerable"... graphics herd, please do the revbumps so that we can issue the GLSA about this. The revbump must have the following Perl dep : >=dev-lang/perl-5.8.6-r6 !=dev-lang/perl-5.8.7 sekretarz should have a look at it later today Version bumped in portage Is this specific to >=6.2.4.2 ? If yes this bug can be closed (only ~ versions affected). If not we should have a revbump on 6.2.2.3-r1 too... Probably better to mark >=6.2.4.2-r1 stable... Arch testers please mark 6.2.4.2-r1 (or 6.2.5.2 if you feel adventurous) stable Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86" sparc stable. x86 happy ppc64 stable 6.2.4.2-r1 stable on amd64 6.2.4.2-r1 stable on alpha Stable on ppc and hppa. Stable on ia64. Ready for GLSA Common GLSA with GDAL and qdbm GLSA Batch ready. GLSA 200511-02 mips should mark stable to benefit from GLSA |