Summary: | <media-gfx/graphicsmagick-1.3.32: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://http://www.graphicsmagick.org/Changelog.html | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=media-gfx/graphicsmagick-1.3.32
|
Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2019-04-25 02:37:30 UTC
ack: wrong order... should be (https://nvd.nist.gov/vuln/detail/CVE-2019-11473): coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. Upstream Reference: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8 (https://nvd.nist.gov/vuln/detail/CVE-2019-11474): coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. Upstream Reference:http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd Arches, feel free to stabilize =media-gfx/graphicsmagick-1.3.32 which should fix these security issues. sparc stable amd64 stable ppc stable ppc64 stable x86 stable ia64 stable alpha stable hppa stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37e9f5380a87559967bdc6dbacaf2c89ef89f222 commit 37e9f5380a87559967bdc6dbacaf2c89ef89f222 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-26 23:54:26 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-26 23:54:26 +0000 media-gfx/graphicsmagick: security cleanup (#684320) Bug: https://bugs.gentoo.org/684320 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-gfx/graphicsmagick/Manifest | 1 - .../graphicsmagick/graphicsmagick-1.3.30.ebuild | 135 --------------------- 2 files changed, 136 deletions(-) Repository is clean, all done! |