Subject: CVS commit: pkgsrc/graphics/ImageMagick
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 01/28/2006 02:36:55
Module Name: pkgsrc
Committed By: salo
Date: Sat Jan 28 02:36:55 UTC 2006
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile distinfo
Added Files:
pkgsrc/graphics/ImageMagick/patches: patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag patch-ah
Log Message:
Security fixes for CVE-2006-0082 and Debian bug #345595:
"Format string vulnerabilities in ImageMagick allow user-complicit attackers
to cause a denial of service (crash) and possibly execute arbitrary code via
a numeric format string specifier such as %d in the file name, a variant of
CVE-2005-0397, and as demonstrated using the convert program."
Patches from Debian.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595
To generate a diff of this commit:
cvs rdiff -r1.136 -r1.137 pkgsrc/graphics/ImageMagick/Makefile
cvs rdiff -r1.57 -r1.58 pkgsrc/graphics/ImageMagick/distinfo
cvs rdiff -r0 -r1.16 pkgsrc/graphics/ImageMagick/patches/patch-ab
cvs rdiff -r0 -r1.12 pkgsrc/graphics/ImageMagick/patches/patch-ac
cvs rdiff -r0 -r1.9 pkgsrc/graphics/ImageMagick/patches/patch-ad
cvs rdiff -r0 -r1.6 pkgsrc/graphics/ImageMagick/patches/patch-ae \
pkgsrc/graphics/ImageMagick/patches/patch-af
cvs rdiff -r0 -r1.4 pkgsrc/graphics/ImageMagick/patches/patch-ag
cvs rdiff -r0 -r1.3 pkgsrc/graphics/ImageMagick/patches/patch-ah
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.