CVE-2017-15281 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15281): ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
@Maintainers please let us know when tree is clean. Thank you
This also affects ImageMagick 6, upstream fix: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e Fixed in v6.9.9-20 which is now in repository, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d73b772495c377df1cc108bd4d552ff9f1a8282 Fix for ImageMagick 7 is https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb which is part of v7.0.7-8 which is now also available in Gentoo repository (via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6da2dc3d7d6fee4770b4012598af4878bf100e4d)
@ Arches, please test and mark stable: =media-gfx/imagemagick-6.9.9.20
ia64/ppc/ppc64 stable
Stable on amd64
x86 stable
hppa stable
Stable on alpha.
@ Maintainer(s): Stabilization is complete, please clean the vulnerable versions from the tree.
This issue was resolved and addressed in GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup and arm.
arm stable, all arches done.
Re-opening for cleanup. Me missed sparc, so cleanup is delayed until bug 638110 is resolved.
Tree is clean.