[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes CVE-2016-{8677, 8
From: |
Kei Kebreau |
Subject: |
Re: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes CVE-2016-{8677, 8862}]. |
Date: |
Tue, 25 Oct 2016 23:13:27 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Leo Famulari <address@hidden> writes:
> On Tue, Oct 25, 2016 at 04:12:50PM -0400, Kei Kebreau wrote:
>> From 82f792a33f55e6514d3d4f8285e9be3b8c6e161a Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <address@hidden>
>> Date: Tue, 25 Oct 2016 16:03:26 -0400
>> Subject: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes
>> CVE-2016-{8677,8862}].
>>
>> * gnu/packages/imagemagick.scm (imagemagick): Update to 7.0.3-4.
>
> So far, we've packaged ImageMagick 6, which is still maintained.
> Apparently the API changed in 7. I don't know the status of adoption of
> the new version.
>
>> See:
>> https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c
>
> On the ImageMagick-6 branch, this was fixed in
> 524349d2b3fed7fa0e53de2c908458474eb24418 and released as 6.9.5-10.
>
> http://git.imagemagick.org/repos/ImageMagick/commit/524349d2b3fed7fa0e53de2c908458474eb24418
>
>> and
>> https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/.
>
> I don't see this fix on the 6 branch, but a similar change was made
> earlier in 3c9533980a9476caa649de3b248dfefd3f182866 and released in
> 6.9.4-0.
Well, I guess we were fine to begin with!
signature.asc
Description: PGP signature