2007-09-24 12:47:34 |
disabled.user |
bug |
|
|
added bug |
2007-09-24 12:50:52 |
disabled.user |
description |
Binary package hint: imagemagick
From:
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
"iDefense is planning to announce a number of security issues with
ImageMagick in releases prior to 6.3.5-9. All known security issues
are resolved with the recent release of 6.3.5-9. The issues are
predominately data driven integer overflow that potentially cause less
memory to be allocated than required. We have addressed this security
flaw by introducing the AcquireQuantumMemory() method that accepts a
element count and size. If `count' times `size' overflow (i.e. result
greater than 4GB), we return an error. Note that there are no known
exploits for these issues but you might want to consider upgrading if
you can or to apply patches against any older versions of ImageMagick
you might be using."
References:
- Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
- Multiple Vendor ImageMagick Off-By-One Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595
- Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
- Multiple Vendor ImageMagick Sign Extension Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597 |
Binary package hint: imagemagick
From:
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
"iDefense is planning to announce a number of security issues with
ImageMagick in releases prior to 6.3.5-9. All known security issues
are resolved with the recent release of 6.3.5-9. The issues are
predominately data driven integer overflow that potentially cause less
memory to be allocated than required. We have addressed this security
flaw by introducing the AcquireQuantumMemory() method that accepts a
element count and size. If `count' times `size' overflow (i.e. result
greater than 4GB), we return an error. Note that there are no known
exploits for these issues but you might want to consider upgrading if
you can or to apply patches against any older versions of ImageMagick
you might be using."
References:
- Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
- Multiple Vendor ImageMagick Off-By-One Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595
- Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
- Multiple Vendor ImageMagick Sign Extension Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597 |
|
2007-10-01 20:42:09 |
Kees Cook |
bug |
|
|
assigned to graphicsmagick (Ubuntu) |
2007-10-01 20:43:02 |
Kees Cook |
graphicsmagick: importance |
Undecided |
Medium |
|
2007-10-01 20:43:02 |
Kees Cook |
graphicsmagick: assignee |
|
keescook |
|
2007-10-01 20:43:02 |
Kees Cook |
graphicsmagick: status |
New |
In Progress |
|
2007-10-01 20:43:15 |
Kees Cook |
graphicsmagick: importance |
Undecided |
Medium |
|
2007-10-01 20:43:15 |
Kees Cook |
graphicsmagick: assignee |
|
keescook |
|
2007-10-01 20:43:15 |
Kees Cook |
graphicsmagick: status |
New |
In Progress |
|
2007-10-01 20:43:29 |
Kees Cook |
graphicsmagick: importance |
Undecided |
Medium |
|
2007-10-01 20:43:29 |
Kees Cook |
graphicsmagick: assignee |
|
keescook |
|
2007-10-01 20:43:29 |
Kees Cook |
graphicsmagick: status |
New |
In Progress |
|
2007-10-01 20:43:46 |
Kees Cook |
graphicsmagick: importance |
Undecided |
Medium |
|
2007-10-01 20:43:46 |
Kees Cook |
graphicsmagick: status |
New |
Confirmed |
|
2007-10-01 20:44:01 |
Kees Cook |
graphicsmagick: status |
In Progress |
Confirmed |
|
2007-10-01 20:44:01 |
Kees Cook |
graphicsmagick: assignee |
keescook |
|
|
2007-10-02 20:58:47 |
Kees Cook |
graphicsmagick: status |
In Progress |
Confirmed |
|
2007-10-02 20:58:47 |
Kees Cook |
graphicsmagick: assignee |
keescook |
|
|
2007-10-02 20:58:52 |
Kees Cook |
graphicsmagick: status |
In Progress |
Confirmed |
|
2007-10-02 20:58:52 |
Kees Cook |
graphicsmagick: assignee |
keescook |
|
|
2007-10-02 20:59:01 |
Kees Cook |
imagemagick: importance |
Undecided |
Medium |
|
2007-10-02 20:59:01 |
Kees Cook |
imagemagick: assignee |
|
keescook |
|
2007-10-02 20:59:01 |
Kees Cook |
imagemagick: status |
New |
In Progress |
|
2007-10-02 20:59:06 |
Kees Cook |
imagemagick: importance |
Undecided |
Medium |
|
2007-10-02 20:59:06 |
Kees Cook |
imagemagick: assignee |
|
keescook |
|
2007-10-02 20:59:06 |
Kees Cook |
imagemagick: status |
New |
In Progress |
|
2007-10-02 20:59:10 |
Kees Cook |
imagemagick: importance |
Undecided |
Medium |
|
2007-10-02 20:59:10 |
Kees Cook |
imagemagick: assignee |
|
keescook |
|
2007-10-02 20:59:10 |
Kees Cook |
imagemagick: status |
New |
In Progress |
|
2007-10-02 20:59:51 |
Kees Cook |
imagemagick: importance |
Undecided |
Medium |
|
2007-10-02 20:59:51 |
Kees Cook |
imagemagick: assignee |
|
keescook |
|
2007-10-02 20:59:51 |
Kees Cook |
imagemagick: status |
New |
In Progress |
|
2007-10-03 18:23:39 |
Kees Cook |
imagemagick: status |
In Progress |
Fix Released |
|
2007-10-03 18:23:41 |
Kees Cook |
imagemagick: status |
In Progress |
Fix Released |
|
2007-10-03 18:23:49 |
Kees Cook |
imagemagick: status |
In Progress |
Fix Released |
|
2007-10-03 18:23:53 |
Kees Cook |
imagemagick: status |
In Progress |
Fix Released |
|
2007-11-09 12:04:19 |
William Grant |
bug |
|
|
added subscriber MOTU SWAT Team |
2007-11-09 12:05:38 |
William Grant |
bug |
|
|
assigned to graphicsmagick (Debian) |
2007-11-10 10:26:29 |
Bug Watch Updater |
graphicsmagick: status |
Unknown |
New |
|
2008-02-27 08:50:44 |
Bug Watch Updater |
graphicsmagick: status |
New |
Fix Released |
|
2008-03-23 07:30:58 |
William Grant |
graphicsmagick: status |
Confirmed |
In Progress |
|
2008-03-23 07:30:58 |
William Grant |
graphicsmagick: assignee |
|
fujitsu |
|
2008-04-09 15:35:52 |
Emanuele Gentili |
bug |
|
|
assigned to graphicsmagick (Gentoo Linux) |
2008-04-09 17:17:21 |
Bug Watch Updater |
graphicsmagick: status |
Unknown |
Fix Released |
|
2008-04-22 07:57:10 |
William Grant |
graphicsmagick: status |
In Progress |
Fix Released |
|
2008-07-24 17:06:48 |
Hew |
graphicsmagick: status |
Confirmed |
Won't Fix |
|
2008-12-15 02:04:38 |
Hew |
graphicsmagick: status |
Confirmed |
Won't Fix |
|
2008-12-15 02:04:38 |
Hew |
graphicsmagick: statusexplanation |
|
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix. |
|
2009-05-07 10:05:24 |
Sergio Zanchetta |
graphicsmagick (Ubuntu Gutsy): status |
Confirmed |
Won't Fix |
|
2011-02-04 07:56:54 |
Bug Watch Updater |
graphicsmagick (Gentoo Linux): importance |
Unknown |
High |
|
2011-10-14 20:16:33 |
Jamie Strandboge |
graphicsmagick (Ubuntu Dapper): status |
Confirmed |
Won't Fix |
|
2011-10-15 01:00:11 |
Hew |
removed subscriber Hew McLachlan |
|
|
|
2020-04-03 13:19:55 |
Bug Watch Updater |
bug watch added |
|
https://bugs.gentoo.org/show_bug.cgi?id=191001 |
|