Summary: | <media-gfx/graphicsmagick-1.3.27: The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (CVE-2017-11722) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | graphics+disabled, sudormrfhalt | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e | ||||||
Whiteboard: | B3 [noglsa cve] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Christopher Díaz Riveros (RETIRED)
2017-07-28 14:25:15 UTC
@Security The bug was already fixed by upstream. The only affected version was non-stable so dropped to ~3, we only need to add CVE. Thanks Gentoo Security Padawan ChrisADR Created attachment 490598 [details, diff]
CVE-2017-11722.patch
@Security please add CVE before closing the report. Gentoo Security Padawan ChrisADR Re-opening: WriteOnePNGImage is also affected in Graphicsmagick 1.3.25 which is stable. Reassigning B3 to Whiteboard and PR with the patch and the new revision added to the tree. @Maintainers please excuse the confusion and the possible problems originated by my mistake with this report. In the case you accept the proposed PR, please call for stabilization when ready or let us know. PS: The same patch could apply to 1.3.26 while waiting for the next official release. PR: https://github.com/gentoo/gentoo/pull/5786 Gentoo Security Padawan ChrisADR @maintainer(s), please clean the vulnerable version from the tree. cleanup will be tracked in bug #640690 GLSA Vote: No |