Summary: | media-gfx/imagemagick: filename handling format string bug. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | graphics+disabled, jaervosz, wolf31o2 | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0397 | ||||||||
Whiteboard: | B2 [glsa] jaervosz | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Tavis Ormandy (RETIRED)
2005-02-28 04:55:49 UTC
Created attachment 52363 [details, diff]
filename handling format string patch
oneliner patch for image magick filename handling issue.
Graphics team, please bump to 6.2.0-3 or apply provided patch to current. This will be CAN-2005-0397 Imagemagick and perlmagick bumped to 6.0.2.4. ***Please, update keywords of dev-perl/perlmagick to match imagemagick*** sekretarz I presume you mean 6.2.0.4:-) Arches please test and mark imagemagick and perlmagick stable. yeah, sorry, bumped to 6.2.0.4, of course ;) sparc stable. stable on amd64 stable on ppc64 Stable on ppc. x86 stable Alpha stable. GLSA 200503-11 hppa, ia64, mips: please mark stable to benefit from GLSA Stable on mips. Already stable on hppa Debian says the patch is not sufficient. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 Tavis, your opinion ? Created attachment 76159 [details, diff]
imagemagick_formatstring_new.diff
New proposed patch, from Debian
graphics, please repatch ? *** Bug 117843 has been marked as a duplicate of this bug. *** New one is CVE-2006-0082 Anyone in graphics herd ? I checked imagemagick-6.2.5.5 code and i think that they fixed this flow. They didn't apply patch from debian but current code doesn't expand % chars. I advise to push imagemagick-6.2.5.5 stable. Calling arches _very_ late. stable on ppc64 stable on amd64 x86 stable Stable on hppa ppc stable sparc stable. stable on alpha ready for glsa GLSA 200602-06 arm and mips should mark stable to benefit from GLSA 6.2.8.0 stable on mips (took us long enough I guess....) |