Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 12 Nov 2014 01:22:41 -0500 (EST)
From: cve-assign@...re.org
To: roucaries.bastien@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Asking for CVE for imagemagick

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456

Use CVE-2014-8716 for this issue related to:

  - the example command line of: convert $filename png:/dev/null

  - the fix involving a test of "(offset < 0) || (size_t) offset >= length"
    in property.c

  - the fixed version of 6.8.9-10 Beta


[ Note that this CVE ID is NOT for the recently discussed
"convert -rotate 270" issue. For that issue, the primary affected
product is apparently still unknown; see the
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#57 message. ]

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUYvueAAoJEKllVAevmvmsxCcH/2/TSIqvO+kkKuSoBmR4uC8h
bSojneYCqybk0TVruQncWBwVBTaqj9xPiIScse+A2S61B8rvWjiA97fflMRowN9E
p9wg2L5M+bw6S/ziiDZvDVeZIcIspqUODYGJhYN3jyXAq635hS0Ios6FAH9C1xs7
L/9DgFhzaqEJSYiNdZ+BUOkT/Vzzn5UxQ7YroMkcLyDY6NYUGTfJPCGP++I534aJ
zYx5LBQg6ZpYJzKgbBw/HAFD51N1cIqYecYemETSTGYXvd6hwKe2LhYmMRgkxO1i
YafJbIoGOit+9lcHyB4YHZk8RsxlhQ3YVz2YkCcqIdyaLpB6g/SLQLZtSzAza7Y=
=Sl2h
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ