Summary: | <media-gfx/imagemagick-{6.9.6.4,7.0.3.6}: Off by one memory allocation in WaveletDenoiseImage() | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/ImageMagick/ImageMagick/issues/296 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=media-gfx/imagemagick-6.9.6.6
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2016-11-15 00:32:41 UTC
Patched version is already in the Gentoo repository: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b6e7390468b87611d52709afc8b65982e3208e7 @ Maintainer(s): In case we need to stabilize the package, please let us know if it is ready for the stabilization or not (there's currently a package.mask in place, see https://gitweb.gentoo.org/repo/gentoo.git/tree/profiles/package.mask?id=c22332969d24f3f5eb0aa93a73f6cefc6ed34c96#n399) Lars told me today that the fix should also be in 6.9.x and he is right: https://github.com/ImageMagick/ImageMagick/commit/d2d9c8feb028570c592a438a5f4d4191391402bd $ git tag --contains d2d9c8feb028570c592a438a5f4d4191391402bd | sort 6.9.6-4 6.9.6-5 6.9.6-6 v6.9.6-4, the first version containing the fixed, landed in Gentoo repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/media-gfx/imagemagick?id=3b6e7390468b87611d52709afc8b65982e3208e7 @ Arches, please test and mark stable: =media-gfx/imagemagick-6.9.6.6 arm stable amd64 stable x86 stable Stable on alpha. sparc stable ia64 stable ppc stable ppc64 stable hppa.... Stable for HPPA. New GLSA request filed. @ Maintainer(s): Please cleanup and drop =media-gfx/imagemagick-6.9.6.2! Cleaned up via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b82225d9803ad4e7946ca331adf45fc1f063169f This issue was resolved and addressed in GLSA 201702-09 at https://security.gentoo.org/glsa/201702-09 by GLSA coordinator Thomas Deutschmann (whissi). |