Summary: | <media-gfx/imagemagick-{6.9.9.23,7.0.7.11}: heap allocation errors, use of uninitialized values in wpg.c | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Attila Tóth <atoth> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16546 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-gfx/imagemagick-6.9.9.23
media-gfx/imagemagick-7.0.7.11
|
Runtime testing required: | --- |
Bug Depends on: | 581800, 639992, 640668, 641172, 641190, 641192, 641194, 641196, 641198 | ||
Bug Blocks: | 635666 |
Description
Attila Tóth
2017-11-19 10:04:44 UTC
@Maintainers could you confirme if SLOT 6.x.x is affected? Thank you 6.x is affected, https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34286ccffab7bd989b57e3876707d630b339e9fb commit 34286ccffab7bd989b57e3876707d630b339e9fb Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2017-11-28 23:38:01 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2017-11-28 23:38:19 +0000 media-gfx/imagemagick: Bump to v6.9.9.23 / 7.0.7.11 Bug: https://bugs.gentoo.org/638110 Package-Manager: Portage-2.3.16, Repoman-2.3.6 media-gfx/imagemagick/Manifest | 2 + media-gfx/imagemagick/imagemagick-6.9.9.23.ebuild | 185 ++++++++++++++++++++++ media-gfx/imagemagick/imagemagick-7.0.7.11.ebuild | 185 ++++++++++++++++++++++ 3 files changed, 372 insertions(+)} @ Arches, please test and mark stable: =media-gfx/imagemagick-6.9.9.23: alpha amd64 arm hppa ia64 ppc ppc64 x86 sparc =media-gfx/imagemagick-7.0.7.11: alpha amd64 arm hppa ia64 ppc ppc64 x86 aparc x86 stable Stable on alpha. ia64/ppc/ppc64 stable arm stable obsoleted by 640692 amd64 stable https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4f7fb6982f5b6d79b81ebd232eecba3598f8e61 I think I have covered all reverse deps stable bugs now.. but, please, next time remember to check for reverse deps (specially in this case that a tracker bug existed) before CCing arches to stab Thanks Obsoleted by bug 640692, sparc was already handled there. sparc stabled 7.0.7.14 Newer versions already stabilized and tree is clean of vulnerable versions WRT this bug. The stable request bugs should not be blocking this. 7.x is also stable on all stable arches. GLSA Vote: No |