Summary: | <media-gfx/imagemagick-{6.9.9.20,7.0.7.8}: Denial of Service (CVE-2017-15281) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | arthur, graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=media-gfx/imagemagick-6.9.9.20
|
Runtime testing required: | --- |
Bug Depends on: | 638110 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2017-10-28 08:15:59 UTC
@Maintainers please let us know when tree is clean. Thank you This also affects ImageMagick 6, upstream fix: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e Fixed in v6.9.9-20 which is now in repository, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d73b772495c377df1cc108bd4d552ff9f1a8282 Fix for ImageMagick 7 is https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb which is part of v7.0.7-8 which is now also available in Gentoo repository (via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6da2dc3d7d6fee4770b4012598af4878bf100e4d) @ Arches, please test and mark stable: =media-gfx/imagemagick-6.9.9.20 ia64/ppc/ppc64 stable Stable on amd64 x86 stable hppa stable Stable on alpha. @ Maintainer(s): Stabilization is complete, please clean the vulnerable versions from the tree. This issue was resolved and addressed in GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup and arm. arm stable, all arches done. Re-opening for cleanup. Me missed sparc, so cleanup is delayed until bug 638110 is resolved. Tree is clean. |