guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes CVE-2016-{8677, 8

From: Leo Famulari
Subject: Re: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes CVE-2016-{8677, 8862}].
Date: Tue, 25 Oct 2016 21:42:19 -0400
User-agent: Mutt/1.7.0 (2016-08-17) 
On Tue, Oct 25, 2016 at 04:12:50PM -0400, Kei Kebreau wrote:
> From 82f792a33f55e6514d3d4f8285e9be3b8c6e161a Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <address@hidden>
> Date: Tue, 25 Oct 2016 16:03:26 -0400
> Subject: [PATCH] gnu: imagemagick: Update to 7.0.3-4 [Fixes
>  CVE-2016-{8677,8862}].
> 
> * gnu/packages/imagemagick.scm (imagemagick): Update to 7.0.3-4.

So far, we've packaged ImageMagick 6, which is still maintained.
Apparently the API changed in 7. I don't know the status of adoption of
the new version.

> See:
> https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c

On the ImageMagick-6 branch, this was fixed in
524349d2b3fed7fa0e53de2c908458474eb24418 and released as 6.9.5-10.

http://git.imagemagick.org/repos/ImageMagick/commit/524349d2b3fed7fa0e53de2c908458474eb24418

> and
> https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/.

I don't see this fix on the 6 branch, but a similar change was made
earlier in 3c9533980a9476caa649de3b248dfefd3f182866 and released in
6.9.4-0.

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]