214520 – security/vuxml: Security vulnerability in ImageMagick (CVE-2016-9298)

Bug 214520 - security/vuxml: Security vulnerability in ImageMagick (CVE-2016-9298)

Summary: security/vuxml: Security vulnerability in ImageMagick (CVE-2016-9298)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Mark Felder

URL:
Keywords:	needs-patch, security

Depends on:
Blocks:	214517
	Show dependency tree / graph

Reported:	2016-11-15 00:56 UTC by VK
Modified:	2016-12-04 22:53 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description VK freebsd_triage

2016-11-15 00:56:30 UTC

There's a security vulnerability in ImageMagick, fixed in the latest version.

* Heap overflow (CVE-2016-9298)
  https://github.com/ImageMagick/ImageMagick/issues/296

Comment 1 VK freebsd_triage

2016-11-15 00:57:38 UTC

More info here, CVE request:

* http://seclists.org/oss-sec/2016/q4/413

Comment 2 commit-hook freebsd_committer

2016-12-04 22:53:05 UTC

A commit references this bug:

Author: feld
Date: Sun Dec  4 22:52:26 UTC 2016
New revision: 427815
URL: https://svnweb.freebsd.org/changeset/ports/427815

Log:
  Document ImageMagick vulnerability

  PR:		214520
  Security:	CVE-2016-9298

Changes:
  head/security/vuxml/vuln.xml