Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 62229 - ImageMagick 6.0.5.2 not available -- need to bump version
Summary: ImageMagick 6.0.5.2 not available -- need to bump version
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Graphics Project
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 62309
  Show dependency tree
 
Reported: 2004-08-30 06:22 UTC by David Ripton
Modified: 2004-09-06 06:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Ripton 2004-08-30 06:22:42 UTC 
media-gfx/imagemagick-6.0.5.2 is the current masked (~x86) version in portage.

emerge tries to download ImageMagick-6.0.5-2.tar.bz2 from various Gentoo and SourceForge mirrors, but the file isn't on any of them.  It's not on ftp.imagemagick.org either.

It appears that the ImageMagick project has yanked this version from their site.  Looks like all recent versions were bumped on August 23.  The changelog shows that a BMP buffer overrun was fixed on that date.  Reading between the lines, it appears that 6.0.5-2 is strongly deprecated due to a security flaw.

Recommend bumping the ~x86 version of this ebuild to 6.0.5-4 (the fixed and currently available 6.0.5 version) or 6.0.6-2 (the version the ImageMagick project considers stable).
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2004-08-30 13:05:29 UTC 
The 6.0.5-2 version is indeed not available on SF or ftp.imagemagick.com, but it seems to have hit the distfile mirrors now.
The -4 Changelog doesn't mention the buffer overflow though, but the CVS Changelog does.
Comment 2 Karol Wojtaszek (RETIRED) gentoo-dev 2004-09-06 06:25:07 UTC 
I've just added Imagemagick-6.0.7.1 to portage.