Splitting bug 11594 so mga2 can be pushed separately. Advisory: ======================== Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service (DoS). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function found in magick/export.c when exporting 8-bit RGBA images, which can be exploited to cause a crash (SA55288). References: https://secunia.com/advisories/55288/ https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.13-1.6.mga2 libgraphicsmagick3-1.3.13-1.6.mga2 libgraphicsmagickwand2-1.3.13-1.6.mga2 libgraphicsmagick-devel-1.3.13-1.6.mga2 perl-Graphics-Magick-1.3.13-1.6.mga2 graphicsmagick-doc-1.3.13-1.6.mga2 from SRPMS: graphicsmagick-1.3.13-1.6.mga2.src.rpm Reproducible: Steps to Reproduce:
Later advisory.. CVE-2013-4589 has been allocated for this issue: http://openwall.com/lists/oss-security/2013/11/15/14 Updating the advisory. Advisory: ======================== Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service (DoS). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function found in magick/export.c when exporting 8-bit RGBA images, which can be exploited to cause a crash (CVE-2013-4589). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4589 https://secunia.com/advisories/55288/ http://openwall.com/lists/oss-security/2013/11/15/14 https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html
Keywords: (none) => validated_updateWhiteboard: (none) => advisory mga2-32-ok mga2-64-okCC: (none) => sysadmin-bugs
Making a mess of this, sorry. Advisory now uploaded. Could sysadmin please push from 2 core/updates_testing to updates Thanks!
Update pushed: http://advisories.mageia.org/MGASA-2013-0350.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED