From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Korsgaard Date: Fri, 28 Apr 2017 14:28:39 +0200 Subject: [Buildroot] [PATCH] imagemagick: add upstream security fix for CVE-2017-7606 In-Reply-To: <20170425153554.27006-1-peter@korsgaard.com> (Peter Korsgaard's message of "Tue, 25 Apr 2017 17:35:54 +0200") References: <20170425153554.27006-1-peter@korsgaard.com> Message-ID: <87y3ukhg20.fsf@dell.be.48ers.dk> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: buildroot@busybox.net >>>>> "Peter" == Peter Korsgaard writes: > This is not yet part of any release. > coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of > representable values of type unsigned char" undefined behavior issue, which > might allow remote attackers to cause a denial of service (application > crash) or possibly have unspecified other impact via a crafted image. > For more details, see: > https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/ > Signed-off-by: Peter Korsgaard Committed to 2017.02.x, thanks. -- Bye, Peter Korsgaard