Fixes upstream Bug 77791 - ImagickKernel::fromMatrix() out of bounds write. CVE-2019-11037
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bd492eb1f98937bf9cb0f2e62d7e9bb58391384 commit 2bd492eb1f98937bf9cb0f2e62d7e9bb58391384 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2019-05-30 19:02:51 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2019-05-30 19:03:17 +0000 dev-php/pecl-imagick: Version bump to 3.4.4 Bug: https://bugs.gentoo.org/687030 Closes: https://bugs.gentoo.org/685496 Package-Manager: Portage-2.3.67, Repoman-2.3.13 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-php/pecl-imagick/Manifest | 1 + dev-php/pecl-imagick/pecl-imagick-3.4.4.ebuild | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+)
Arches, please test and mark stable. The following tests failed locally so they may not be working correctly.. ===================================================================== FAILED TEST SUMMARY --------------------------------------------------------------------- Test Tutorial, svgExample [tests/243_Tutorial_svgExample_basic.phpt] Imagick::setImageAlpha [tests/274_imagick_setImageAlpha.phpt] ===================================================================== ===================================================================== WARNED TEST SUMMARY --------------------------------------------------------------------- Test ImagickDraw, getDensity [tests/268_ImagickDraw_getDensity_basic.phpt] (warn: XFAIL section but test passes) ImagickPixel iterator [tests/bug_73840.phpt] (warn: XFAIL section but test passes) =====================================================================
x86 stable
amd64 stable. Maintainer(s), please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c53b02794259f83b7a1a9e57c54bc3d8f183bdd commit 0c53b02794259f83b7a1a9e57c54bc3d8f183bdd Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2019-06-05 12:34:43 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2019-06-05 12:34:43 +0000 dev-php/pecl-imagick: Drop vulnerable versions Bug: https://bugs.gentoo.org/687030 Package-Manager: Portage-2.3.67, Repoman-2.3.13 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-php/pecl-imagick/Manifest | 2 -- .../pecl-imagick-3.4.3-tsrm_ls-is-undeclared.patch | 18 ------------ dev-php/pecl-imagick/pecl-imagick-3.4.3.ebuild | 25 ----------------- .../pecl-imagick-3.4.3_p20181129.ebuild | 32 ---------------------- 4 files changed, 77 deletions(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-38 at https://security.gentoo.org/glsa/202003-38 by GLSA coordinator Thomas Deutschmann (whissi).
