False vuxml alarms (ImageMagick)
Oliver Eikemeier
eikemeier at fillmore-labs.com
Thu Aug 12 02:32:54 PDT 2004
Andrey Chernov wrote:
> Hi. When I try to build ImageMagick, I got error below, but it is false
> alarm about libpng, which is already patched to remove overflow (and
> freshly installed on my machine). I have no idea how to fix ImageMagick
> building properly, please somebody do.
>
> ===> ImageMagick-6.0.2.7 has known vulnerabilities:
>>> libpng stack-based buffer overflow and other code concerns.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.
> html>
>>> Please update your ports tree and try again.
http://secunia.com/advisories/12236
and
http://www.imagemagick.org/www/Changelog.html
list ImageMagick-6.0.2.7 as vulnerable. You can build it nevertheless
with make DISABLE_VULNERABILITIES=yes ...
-Oliver
More information about the freebsd-ports
mailing list