Summary: | <media-gfx/imagemagick-{6.9.13.0,7.1.1.22}: heap use-after-free | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jarkko Suominen <bugzillas> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 921334, 921335 | ||
Bug Blocks: |
Description
Jarkko Suominen
2023-11-19 15:25:31 UTC
> According to the CVE, the flaw has been fixed in 7.1.2, but the commit history makes it seem like it has been fixed in 7.1.1-19?
Never trust CVEs ;)
Thanks for filing!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31597fbf8f03899568708cc2bb23cac4f56e2ea1 commit 31597fbf8f03899568708cc2bb23cac4f56e2ea1 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-12-08 09:45:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-08 09:53:45 +0000 media-gfx/imagemagick: add 7.1.1.22 Bug: https://bugs.gentoo.org/917594 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/imagemagick/Manifest | 1 + .../files/imagemagick-7.1.1.22-bashism.patch | 47 ++++ media-gfx/imagemagick/imagemagick-7.1.1.22.ebuild | 253 +++++++++++++++++++++ 3 files changed, 301 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b84ae93cc091ec886f92d9ad56e52ab68db41eb4 commit b84ae93cc091ec886f92d9ad56e52ab68db41eb4 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-12-08 09:39:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-08 09:53:45 +0000 media-gfx/imagemagick: add 6.9.13.0 Bug: https://bugs.gentoo.org/917594 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/imagemagick/Manifest | 1 + .../files/imagemagick-6.9.13.0-bashism.patch | 37 ++++ media-gfx/imagemagick/imagemagick-6.9.13.0.ebuild | 246 +++++++++++++++++++++ 3 files changed, 284 insertions(+) Cleanup done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4a7120d937eaaec2a14046c3d00320bd902c32bf commit 4a7120d937eaaec2a14046c3d00320bd902c32bf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 06:13:29 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 06:14:05 +0000 [ GLSA 202405-02 ] ImageMagick: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/835931 Bug: https://bugs.gentoo.org/843833 Bug: https://bugs.gentoo.org/852947 Bug: https://bugs.gentoo.org/871954 Bug: https://bugs.gentoo.org/893526 Bug: https://bugs.gentoo.org/904357 Bug: https://bugs.gentoo.org/908082 Bug: https://bugs.gentoo.org/917594 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-02.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) |