svn commit: r427815 - head/security/vuxml
Mark Felder
feld at FreeBSD.org
Sun Dec 4 22:52:27 UTC 2016
Author: feld
Date: Sun Dec 4 22:52:26 2016
New Revision: 427815
URL: https://svnweb.freebsd.org/changeset/ports/427815
Log:
Document ImageMagick vulnerability
PR: 214520
Security: CVE-2016-9298
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Dec 4 22:51:00 2016 (r427814)
+++ head/security/vuxml/vuln.xml Sun Dec 4 22:52:26 2016 (r427815)
@@ -58,6 +58,44 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="19d35b0f-ba73-11e6-b1cf-14dae9d210b8">
+ <topic>ImageMagick -- heap overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>ImageMagick</name>
+ <name>ImageMagick-nox11</name>
+ <range><lt>6.9.6.4,1</lt></range>
+ </package>
+ <package>
+ <name>ImageMagick7</name>
+ <name>ImageMagick7-nox11</name>
+ <range><lt>7.0.3.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Bastien Roucaries reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2016/q4/413">
+ <p>Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b
+ suffer from a heap overflow in WaveletDenoiseImage(). This problem is
+ easelly trigerrable from a perl script.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2016/q4/413</url>
+ <url>https://github.com/ImageMagick/ImageMagick/issues/296</url>
+ <cvename>CVE-2016-9298</cvename>
+ <freebsdpr>ports/214517</freebsdpr>
+ <freebsdpr>ports/214511</freebsdpr>
+ <freebsdpr>ports/214520</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-11-13</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e5dcb942-ba6f-11e6-b1cf-14dae9d210b8">
<topic>py-cryptography -- vulnerable HKDF key generation</topic>
<affects>
More information about the svn-ports-head
mailing list