Multiple heap and integer overflows in two different imagemagick modules. 6.3.3-5 is the only version listed as not vulnerable. No CVE yet.
from the idefense advisory:
"iDefense has confirmed the existence of these vulnerabilities in ImageMagick version 6.3.x. Additionally, the source code for versions 6.3.1, 6.3.2, 6.3.3-3 and 6.2.9 contain the affected code. It is suspected that earlier versions of ImageMagick are also vulnerable."
Pulling in herd.
this issue has been assigned CVE-2007-1797
Bumped to 6.3.3-8 in CVS which should fix all these issues afaik.
Thx Kloeri (I had hoped for a real maintainer though)
Arches please test and mark stable. Target keywords are:
imagemagick-6.3.3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
ia64 + x86 stable
Stable for HPPA.
ppc stable, this one is ready for GLSA.
arm, mips, s390, sh don't forget to mark stable to benifit from the GLSA.