Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 173186 - media-gfx/imagemagick < 6.3.3-5 DCM and XWD overflows CVE-2007-1797
Summary: media-gfx/imagemagick < 6.3.3-5 DCM and XWD overflows CVE-2007-1797
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://labs.idefense.com/intelligence...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks: 152672 159567
  Show dependency tree
 
Reported: 2007-04-02 19:23 UTC by Matt Drew (RETIRED)
Modified: 2007-06-24 23:29 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Drew (RETIRED) gentoo-dev 2007-04-02 19:23:39 UTC
Multiple heap and integer overflows in two different imagemagick modules. 6.3.3-5 is the only version listed as not vulnerable.  No CVE yet.
Comment 1 Matt Drew (RETIRED) gentoo-dev 2007-04-02 19:24:41 UTC
setting status.
Comment 2 Jonathan Smith (RETIRED) gentoo-dev 2007-04-02 20:25:50 UTC
from the idefense advisory:

"iDefense has confirmed the existence of these vulnerabilities in ImageMagick version 6.3.x. Additionally, the source code for versions 6.3.1, 6.3.2, 6.3.3-3 and 6.2.9 contain the affected code. It is suspected that earlier versions of ImageMagick are also vulnerable."
Comment 3 Sune Kloppenborg Jeppesen gentoo-dev 2007-04-03 15:29:47 UTC
Pulling in herd.
Comment 4 Jonathan Smith (RETIRED) gentoo-dev 2007-04-03 15:35:17 UTC
this issue has been assigned CVE-2007-1797
Comment 5 Bryan Østergaard (RETIRED) gentoo-dev 2007-04-17 11:50:31 UTC
Bumped to 6.3.3-8 in CVS which should fix all these issues afaik.
Comment 6 Sune Kloppenborg Jeppesen gentoo-dev 2007-04-17 14:00:05 UTC
Thx Kloeri (I had hoped for a real maintainer though)

Arches please test and mark stable. Target keywords are:

imagemagick-6.3.3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2007-04-17 17:20:54 UTC
sparc stable.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2007-04-17 18:28:31 UTC
ia64 + x86 stable
Comment 9 Peter Weller (RETIRED) gentoo-dev 2007-04-17 18:37:47 UTC
amd64 stable
Comment 10 Jeroen Roovers gentoo-dev 2007-04-17 20:56:49 UTC
Stable for HPPA.
Comment 11 Chris Gianelloni (RETIRED) gentoo-dev 2007-04-18 16:01:23 UTC
alpha done
Comment 12 Markus Rothe (RETIRED) gentoo-dev 2007-04-19 18:30:46 UTC
ppc64 stable
Comment 13 Tobias Scherbaum (RETIRED) gentoo-dev 2007-04-22 06:04:47 UTC
ppc stable, this one is ready for GLSA.
Comment 14 Sune Kloppenborg Jeppesen gentoo-dev 2007-05-10 18:56:30 UTC
GLSA 200705-13

arm, mips, s390, sh don't forget to mark stable to benifit from the GLSA.