Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 173186

Summary: media-gfx/imagemagick < 6.3.3-5 DCM and XWD overflows CVE-2007-1797
Product: Gentoo Security Reporter: Matt Drew (RETIRED) <aetius>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: graphics+disabled, karsten.elfenbein, sekretarz
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 152672, 159567    

Description Matt Drew (RETIRED) gentoo-dev 2007-04-02 19:23:39 UTC
Multiple heap and integer overflows in two different imagemagick modules. 6.3.3-5 is the only version listed as not vulnerable.  No CVE yet.
Comment 1 Matt Drew (RETIRED) gentoo-dev 2007-04-02 19:24:41 UTC
setting status.
Comment 2 Jonathan Smith (RETIRED) gentoo-dev 2007-04-02 20:25:50 UTC
from the idefense advisory:

"iDefense has confirmed the existence of these vulnerabilities in ImageMagick version 6.3.x. Additionally, the source code for versions 6.3.1, 6.3.2, 6.3.3-3 and 6.2.9 contain the affected code. It is suspected that earlier versions of ImageMagick are also vulnerable."
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-03 15:29:47 UTC
Pulling in herd.
Comment 4 Jonathan Smith (RETIRED) gentoo-dev 2007-04-03 15:35:17 UTC
this issue has been assigned CVE-2007-1797
Comment 5 Bryan Østergaard (RETIRED) gentoo-dev 2007-04-17 11:50:31 UTC
Bumped to 6.3.3-8 in CVS which should fix all these issues afaik.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-17 14:00:05 UTC
Thx Kloeri (I had hoped for a real maintainer though)

Arches please test and mark stable. Target keywords are:

imagemagick-6.3.3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2007-04-17 17:20:54 UTC
sparc stable.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2007-04-17 18:28:31 UTC
ia64 + x86 stable
Comment 9 Peter Weller (RETIRED) gentoo-dev 2007-04-17 18:37:47 UTC
amd64 stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2007-04-17 20:56:49 UTC
Stable for HPPA.
Comment 11 Chris Gianelloni (RETIRED) gentoo-dev 2007-04-18 16:01:23 UTC
alpha done
Comment 12 Markus Rothe (RETIRED) gentoo-dev 2007-04-19 18:30:46 UTC
ppc64 stable
Comment 13 Tobias Scherbaum (RETIRED) gentoo-dev 2007-04-22 06:04:47 UTC
ppc stable, this one is ready for GLSA.
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-10 18:56:30 UTC
GLSA 200705-13

arm, mips, s390, sh don't forget to mark stable to benifit from the GLSA.