ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers
to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted file, related to "Conditional jump or
move depends on uninitialised value(s)."
@Maintainers please let us know when tree is clean.
This also affects ImageMagick 6, upstream fix: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
Fixed in v6.9.9-20 which is now in repository, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d73b772495c377df1cc108bd4d552ff9f1a8282
Fix for ImageMagick 7 is https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb which is part of v7.0.7-8 which is now also available in Gentoo repository (via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6da2dc3d7d6fee4770b4012598af4878bf100e4d)
please test and mark stable: =media-gfx/imagemagick-126.96.36.199
Stable on amd64
Stable on alpha.
@ Maintainer(s): Stabilization is complete, please clean the vulnerable
versions from the tree.
This issue was resolved and addressed in
GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07
by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup and arm.
arm stable, all arches done.
Re-opening for cleanup.
Me missed sparc, so cleanup is delayed until bug 638110 is resolved.
Tree is clean.