[Pkg-gmagick-im-team] Bug#740250: imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Bastien ROUCARIES roucaries.bastien+imagemagick at gmail.com
Sun Mar 2 14:35:12 UTC 2014


Corrected waiting a mentors

On Sun, Mar 2, 2014 at 8:57 AM, Bastien ROUCARIES
<roucaries.bastien+imagemagick at gmail.com> wrote:
> Sorry to all we are affected by 1947,
>
> commit 43a7754127073ebf0dce2b59cb370c27ae5fbd58
> Author: cristy <cristy at aa41f4f7-0bf4-0310-aa73-e5a19afd5a74>
> Date:   Sun Feb 16 21:48:05 2014 +0000
>
> Link are incomplete. Will fix asap
>
> On Fri, Feb 28, 2014 at 11:20 AM, Bastien ROUCARIES
> <roucaries.bastien+imagemagick at gmail.com> wrote:
>> We are not affected by CVE-2014-1947: but by CVE-2014-2030
>>
>> On Thu, Feb 27, 2014 at 2:45 PM, Moritz Muehlenhoff <jmm at inutil.org> wrote:
>>> Package: imagemagick
>>> Severity: grave
>>> Tags: security
>>> Justification: user security hole
>>>
>>> The CVE assignments are a bit tricky, please see http://www.openwall.com/lists/oss-security/2014/02/12/2
>>> for the thread on oss-security.
>>>
>>> CVE-2014-1958
>>> http://trac.imagemagick.org/changeset/14801
>>>
>>> CVE-2014-1947:
>>> http://trac.imagemagick.org/changeset/13736
>>>
>>> Cheers,
>>>         Moritz
>>>



More information about the Pkg-gmagick-im-team mailing list