Fedora has issued an advisory on August 21: http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086029.html Patched package uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated graphicsmagick packages fix security vulnerability: The Magick_png_malloc function in coders/png.c in GraphicsMagick 1.3.16 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3438). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086029.html ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.12-3.3.mga1 libgraphicsmagick3-1.3.12-3.3.mga1 libgraphicsmagickwand2-1.3.12-3.3.mga1 libgraphicsmagick-devel-1.3.12-3.3.mga1 perl-Graphics-Magick-1.3.12-3.3.mga1 graphicsmagick-doc-1.3.12-3.3.mga1 graphicsmagick-1.3.13-1.5.mga2 libgraphicsmagick3-1.3.13-1.5.mga2 libgraphicsmagickwand2-1.3.13-1.5.mga2 libgraphicsmagick-devel-1.3.13-1.5.mga2 perl-Graphics-Magick-1.3.13-1.5.mga2 graphicsmagick-doc-1.3.13-1.5.mga2 from SRPMS: graphicsmagick-1.3.12-3.3.mga1.src.rpm graphicsmagick-1.3.13-1.5.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
Testing on Mga2 i586 Carolyn
CC: (none) => isolde
Followed the testing procedure on Mga2 i586. Assuming the animation is supposed to come out with the first picture static and the other two moving on top of it, everything's fine. Carolyn
Works ok on Mageia 2 x86_64.
CC: (none) => ed_rus099Whiteboard: MGA1TOO => MGA1TOO MGA2-32-OK? MGA2-64-OK
Testing procedure: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick
Whiteboard: MGA1TOO MGA2-32-OK? MGA2-64-OK => MGA1TOO MGA2-32-OK? MGA2-64-OK has_procedure
Tested with the procedure on Mageia 2 x86_64.
Whiteboard: MGA1TOO MGA2-32-OK? MGA2-64-OK has_procedure => MGA1TOO MGA2-64-OK has_procedure
Whiteboard: MGA1TOO MGA2-64-OK has_procedure => MGA1TOO mga2-32-OK MGA2-64-OK has_procedure
Testing complete on Mageia 1 i586. I found I had to fully qualify the path for the images in the test.pl, but otherwise had no problems with it. Testing Mageia 1 x86-64 shortly.
CC: (none) => davidwhodginsWhiteboard: MGA1TOO mga2-32-OK MGA2-64-OK has_procedure => MGA1TOO mga2-32-OK MGA2-64-OK has_procedure MGA1-32-OK
Testing complete on Mageia 1 x86-64. Could someone from the sysadmin team push the srpm graphicsmagick-1.3.13-1.5.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm graphicsmagick-1.3.12-3.3.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated graphicsmagick packages fix security vulnerability: The Magick_png_malloc function in coders/png.c in GraphicsMagick 1.3.16 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3438). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086029.html https://bugs.mageia.org/show_bug.cgi?id=7396
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO mga2-32-OK MGA2-64-OK has_procedure MGA1-32-OK => MGA1TOO mga2-32-OK MGA2-64-OK has_procedure MGA1-32-OK MGA1-64-OK
Testing complete on Mageia 2 i568/x86. This package was not tested with the procedure on Mageia 2 i568/x86...
(In reply to comment #8) > Testing complete on Mageia 2 i568/x86. > > This package was not tested with the procedure on Mageia 2 i568/x86... i586, not i568. Please fix that in your notes if you're copy-pasting it.
Ok, I am not copy-pasting even if I report with the same phrase always. Thank you.
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0267
CC: (none) => tmb
.
Status: NEW => RESOLVEDResolution: (none) => FIXED