FreeBSD Bugzilla – Attachment 177007 Details for
Bug 214514
security/vuxml: Multiple security vulnerabilities in ImageMagick7
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
VuXML entry for ImageMagick7
security_vuxml.patch (text/plain), 2.38 KB, created by
VK
on 2016-11-14 22:15:57 UTC
(
hide
)
Description:
VuXML entry for ImageMagick7
Filename:
MIME Type:
Creator:
VK
Created:
2016-11-14 22:15:57 UTC
Size:
2.38 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 426137) >+++ security/vuxml/vuln.xml (working copy) >@@ -58,6 +58,46 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="e1f67063-aab4-11e6-b2d3-60a44ce6887b"> >+ <topic>ImageMagick7 -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>ImageMagick7</name> >+ <range><le>7.0.3.6</le></range> >+ </package> >+ <package> >+ <name>ImageMagick7-nox11</name> >+ <range><le>7.0.3.6</le></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Multiple sources report:</p> >+ <blockquote cite="https://github.com/ImageMagick/ImageMagick/issues/296"> >+ <p>CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31</p> >+ </blockquote> >+ <blockquote cite="https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/"> >+ <p>CVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.</p> >+ </blockquote> >+ <blockquote cite="https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/"> >+ <p>CVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/ImageMagick/ImageMagick/issues/296</url> >+ <url>https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/</url> >+ <url>https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/</url> >+ <cvename>CVE-2016-9298</cvename> >+ <cvename>CVE-2016-8866</cvename> >+ <cvename>CVE-2016-8862</cvename> >+ </references> >+ <dates> >+ <discovery>2016-09-14</discovery> >+ <entry>2016-11-14</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84"> > <topic>lives -- insecure files permissions</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=177007">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 214514
: 177007