[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes CVE-2016-{8677, 8
From: |
Leo Famulari |
Subject: |
Re: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes CVE-2016-{8677, 8862}]. |
Date: |
Tue, 25 Oct 2016 21:42:19 -0400 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
On Tue, Oct 25, 2016 at 04:12:50PM -0400, Kei Kebreau wrote:
> From 82f792a33f55e6514d3d4f8285e9be3b8c6e161a Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <address@hidden>
> Date: Tue, 25 Oct 2016 16:03:26 -0400
> Subject: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes
> CVE-2016-{8677,8862}].
>
> * gnu/packages/imagemagick.scm (imagemagick): Update to 7.0.3-4.
So far, we've packaged ImageMagick 6, which is still maintained.
Apparently the API changed in 7. I don't know the status of adoption of
the new version.
> See:
> https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c
On the ImageMagick-6 branch, this was fixed in
524349d2b3fed7fa0e53de2c908458474eb24418 and released as 6.9.5-10.
http://git.imagemagick.org/repos/ImageMagick/commit/524349d2b3fed7fa0e53de2c908458474eb24418
> and
> https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/.
I don't see this fix on the 6 branch, but a similar change was made
earlier in 3c9533980a9476caa649de3b248dfefd3f182866 and released in
6.9.4-0.
signature.asc
Description: PGP signature