CVE-2017-17504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17504): ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. CVE-2017-17499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17499): ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
@ Arches, please test and mark stable: =media-gfx/imagemagick-6.9.9.26 =media-gfx/imagemagick-7.0.7.14
x86 stable
ppc/ppc64 stable
amd64 stable
It seems that this change broke media-gfx/uniconvertor-2.0_pre379-r1 which is the current stable version. See https://bugs.gentoo.org/640668
sparc stable (thanks to Rolf Eike Beer)
arm stable
ia64 stable
hppa stable
Superseded by bug 643560.
(In reply to Thomas Deutschmann from comment #10) > Superseded by bug 643560. Cleanup will be handled in bug #643560