False vuxml alarms (ImageMagick)
Andrey Chernov
ache at nagual.pp.ru
Thu Aug 12 02:49:47 PDT 2004
On Thu, Aug 12, 2004 at 11:34:30AM +0200, Oliver Eikemeier wrote:
> Andrey Chernov wrote:
>
> >Hi. When I try to build ImageMagick, I got error below, but it is false
> >alarm about libpng, which is already patched to remove overflow (and
> >freshly installed on my machine). I have no idea how to fix ImageMagick
> >building properly, please somebody do.
> >
> >===> ImageMagick-6.0.2.7 has known vulnerabilities:
> >>>libpng stack-based buffer overflow and other code concerns.
> > Reference:
> ><http://www.FreeBSD.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.
> >html>
> >>>Please update your ports tree and try again.
>
> http://secunia.com/advisories/12236
> and
> http://www.imagemagick.org/www/Changelog.html
>
> list ImageMagick-6.0.2.7 as vulnerable. You can build it nevertheless
> with make DISABLE_VULNERABILITIES=yes ...
I talk not about workaround, I know it. I talk about the way of fixing it
_properly_. It is NOT vulnerable really.
--
Andrey Chernov | http://ache.pp.ru/
More information about the freebsd-ports
mailing list