Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635666 (CVE-2017-15281) - <media-gfx/imagemagick-{6.9.9.20,7.0.7.8}: Denial of Service (CVE-2017-15281)
Summary: <media-gfx/imagemagick-{6.9.9.20,7.0.7.8}: Denial of Service (CVE-2017-15281)
Status: RESOLVED FIXED
Alias: CVE-2017-15281
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa cve]
Keywords:
Depends on: CVE-2017-16546
Blocks:
  Show dependency tree
 
Reported: 2017-10-28 08:15 UTC by GLSAMaker/CVETool Bot
Modified: 2018-01-20 19:28 UTC (History)
2 users (show)

See Also:
Package list:
=media-gfx/imagemagick-6.9.9.20
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-28 08:15:59 UTC
CVE-2017-15281 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15281):
  ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers
  to cause a denial of service (application crash) or possibly have
  unspecified other impact via a crafted file, related to "Conditional jump or
  move depends on uninitialised value(s)."
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-28 08:17:12 UTC
@Maintainers please let us know when tree is clean.

Thank you
Comment 3 Thomas Deutschmann gentoo-dev Security 2017-10-28 16:13:56 UTC
@ Arches,

please test and mark stable: =media-gfx/imagemagick-6.9.9.20
Comment 4 Sergei Trofimovich gentoo-dev 2017-10-29 11:21:47 UTC
ia64/ppc/ppc64 stable
Comment 5 Manuel Rüger (RETIRED) gentoo-dev 2017-10-29 11:39:18 UTC
Stable on amd64
Comment 6 Thomas Deutschmann gentoo-dev Security 2017-10-29 21:08:52 UTC
x86 stable
Comment 7 Sergei Trofimovich gentoo-dev 2017-10-30 09:05:36 UTC
hppa stable
Comment 8 Tobias Klausmann gentoo-dev 2017-11-08 12:52:35 UTC
Stable on alpha.
Comment 9 Aleksandr Wagner (Kivak) 2017-11-08 17:20:01 UTC
@ Maintainer(s): Stabilization is complete, please clean the vulnerable
versions from the tree.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2017-11-11 14:18:37 UTC
This issue was resolved and addressed in
 GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07
by GLSA coordinator Aaron Bauman (b-man).
Comment 11 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-11-11 14:24:07 UTC
re-opened for cleanup and arm.
Comment 12 Markus Meier gentoo-dev 2017-11-19 15:11:51 UTC
arm stable, all arches done.
Comment 13 Thomas Deutschmann gentoo-dev Security 2017-11-29 16:11:44 UTC
Re-opening for cleanup.

Me missed sparc, so cleanup is delayed until bug 638110 is resolved.
Comment 14 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-01-20 19:28:06 UTC
Tree is clean.