[{"id":1772840,"web_url":"http://patchwork.ozlabs.org/comment/1772840/","msgid":"<87ingcuo1b.fsf@dell.be.48ers.dk>","list_archive_url":null,"date":"2017-09-21T14:25:20","subject":"Re: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to\n\tversion 7.0.7-1","submitter":{"id":42365,"url":"http://patchwork.ozlabs.org/api/people/42365/","name":"Peter Korsgaard","email":"peter@korsgaard.com"},"content":">>>>> \"Bernd\" == Bernd Kuhls writes:\n\n > Quoting CVE-related issues from\n > https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog\n\n > 2017-07-29 7.0.6-5 Glenn Randers-Pehrson \n > * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference\n > https://github.com/ImageMagick/ImageMagick/issues/632).\n\n > 2017-07-24 7.0.6-4 Cristy \n > * Fixed numerous memory leaks (reference\n > https://github.com/ImageMagick/ImageMagick/issues) including\n > https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).\n\n > 2017-07-23 7.0.6-3 Glenn Randers-Pehrson \n > * Fix memory leaks when reading a malformed JNG image:\n > https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),\n > https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).\n\n > 2017-07-19 7.0.6-2 Cristy \n > * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference\n > https://github.com/ImageMagick/ImageMagick/issues/582\n > * coders/png.c: fixed NULL dereference when trying to write an empty MNG\n > (CVE-2017-11522, reference\n > https://github.com/ImageMagick/ImageMagick/issues/586).\n\n > 2017-06-22 7.0.6-1 Glenn Randers-Pehrson \n > * Stop a memory leak in read_user_chunk_callback() (reference\n > https://github.com/ImageMagick/ImageMagick/issues/517,\n > CVE 2017-11310).\n\n > Signed-off-by: Bernd Kuhls \n\nCommitted to 2017.02.x, thanks.","headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.137; helo=fraxinus.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"EINwmzHo\"; dkim-atps=neutral"],"Received":["from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xyf642nWGz9sRq\n\tfor ;\n\tFri, 22 Sep 2017 00:25:31 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 4698E84E7A;\n\tThu, 21 Sep 2017 14:25:28 +0000 (UTC)","from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id ChnsauSAEi2T; Thu, 21 Sep 2017 14:25:26 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 7EDF684B7D;\n\tThu, 21 Sep 2017 14:25:26 +0000 (UTC)","from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\tby ash.osuosl.org (Postfix) with ESMTP id 195E71C2569\n\tfor ;\n\tThu, 21 Sep 2017 14:25:25 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 1303384B67\n\tfor ;\n\tThu, 21 Sep 2017 14:25:25 +0000 (UTC)","from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id wvls8nKyMk0d for ;\n\tThu, 21 Sep 2017 14:25:24 +0000 (UTC)","from mail-wm0-f49.google.com (mail-wm0-f49.google.com\n\t[74.125.82.49])\n\tby fraxinus.osuosl.org (Postfix) with ESMTPS id 0156B84A1B\n\tfor ; Thu, 21 Sep 2017 14:25:23 +0000 (UTC)","by mail-wm0-f49.google.com with SMTP id r74so2342779wme.4\n\tfor ; Thu, 21 Sep 2017 07:25:23 -0700 (PDT)","from dell.be.48ers.dk ([91.183.172.93])\n\tby smtp.gmail.com with ESMTPSA id\n\tm1sm1014362edd.56.2017.09.21.07.25.21\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tThu, 21 Sep 2017 07:25:21 -0700 (PDT)","from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from )\n\tid 1dv2Po-000640-57; Thu, 21 Sep 2017 16:25:20 +0200"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:references:date:in-reply-to:message-id\n\t:user-agent:mime-version;\n\tbh=8WFyjSz6zNCfdtq23IQ44l+JDVs8GmndsgUMY2Oh+PQ=;\n\tb=EINwmzHoNjS9rrxPeNMv7gNDtjo8eIIo7J158ya5LzB4cOnus4GxkAo7DAO5ViCK0e\n\tDUm7xMkslw1RilK0y5SVWCzTDPw68TKqH/C/0uL4PkOFJ/g0S2rCzrrbKCA0s14/Vbkp\n\tuUfH634rOtuzs4X97GbB0l8vveNs/PBhc5IJj4tLJVQUy5X+CuCi6O8PLyYCzm6NsyOH\n\tRx5FrvSjRAPTu7a6bMDNrnDGlZ5zW7wXGGxAseAJrtMIXnjRibM1AXFH9ZrtMuD0Yauz\n\tk5eRDp6QN5AHbg4rUmRi97jngRMfoRPvy25+VLepYf1bv8zsyauC8NbhN2ITiJ1KJO5I\n\tOWnA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:references:date\n\t:in-reply-to:message-id:user-agent:mime-version;\n\tbh=8WFyjSz6zNCfdtq23IQ44l+JDVs8GmndsgUMY2Oh+PQ=;\n\tb=tvzNwGixptdOqDBYWgdO54NKgZj6EOA02tLRVnmpXeGY2VNP8xusHu7liAMB899pNr\n\twhFaQXIzbDjjsjUhQ0vQB8bfo+PXoh/S/1FwvSNvYXr9abmkRuFGWT0yYd+E/bzZ/tzr\n\tHzuktwYStFhGAudA75H7JUCJjwsQrpuizf+lpHN4C1OU3S6svyYWmHWRjcbKRir3RDh8\n\tD5sMtCJZnPmp5YRlv3eJGHvP9NUSEpVusvJ4g8wPaqIX6gG0/Q7Lj6kZADp/BCS4jbwf\n\tsHdSkPJ51Vm9d8uD53TiS7ZkDhD+uzCVnJ+YQFLuVFNRGw+IPUJqY+MGaGYDsHFpgbyJ\n\t/+8A==","X-Gm-Message-State":"AHPjjUhvGzdcrj2KBZgC3ioksGFJyNui3Gubaa1b0HbooJzSjS9U8eJC\n\tbEpcJL+ANa8rvf8HDglGn9Ozajo0","X-Google-Smtp-Source":"AOwi7QBVlBhExua4jhaRVPjZYjtpYzMXLINl+2VaNdzyPdcjFMGKhSmLg0iFcn2wRU0bE+EFSJcC1A==","X-Received":"by 10.80.165.200 with SMTP id b8mr1447525edc.186.1506003922295; \n\tThu, 21 Sep 2017 07:25:22 -0700 (PDT)","From":"Peter Korsgaard ","To":"Bernd Kuhls ","References":"<20170917091652.18140-1-bernd.kuhls@t-online.de>","Date":"Thu, 21 Sep 2017 16:25:20 +0200","In-Reply-To":"<20170917091652.18140-1-bernd.kuhls@t-online.de> (Bernd Kuhls's\n\tmessage of \"Sun, 17 Sep 2017 11:16:52 +0200\")","Message-ID":"<87ingcuo1b.fsf@dell.be.48ers.dk>","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)","MIME-Version":"1.0","Cc":"buildroot@buildroot.org","Subject":"Re: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to\n\tversion 7.0.7-1","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" "}},{"id":1787809,"web_url":"http://patchwork.ozlabs.org/comment/1787809/","msgid":"<8760besqpm.fsf@dell.be.48ers.dk>","list_archive_url":null,"date":"2017-10-16T21:55:17","subject":"Re: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to\n\tversion 7.0.7-1","submitter":{"id":42365,"url":"http://patchwork.ozlabs.org/api/people/42365/","name":"Peter Korsgaard","email":"peter@korsgaard.com"},"content":">>>>> \"Bernd\" == Bernd Kuhls writes:\n\n > Quoting CVE-related issues from\n > https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog\n\n > 2017-07-29 7.0.6-5 Glenn Randers-Pehrson \n > * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference\n > https://github.com/ImageMagick/ImageMagick/issues/632).\n\n > 2017-07-24 7.0.6-4 Cristy \n > * Fixed numerous memory leaks (reference\n > https://github.com/ImageMagick/ImageMagick/issues) including\n > https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).\n\n > 2017-07-23 7.0.6-3 Glenn Randers-Pehrson \n > * Fix memory leaks when reading a malformed JNG image:\n > https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),\n > https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).\n\n > 2017-07-19 7.0.6-2 Cristy \n > * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference\n > https://github.com/ImageMagick/ImageMagick/issues/582\n > * coders/png.c: fixed NULL dereference when trying to write an empty MNG\n > (CVE-2017-11522, reference\n > https://github.com/ImageMagick/ImageMagick/issues/586).\n\n > 2017-06-22 7.0.6-1 Glenn Randers-Pehrson \n > * Stop a memory leak in read_user_chunk_callback() (reference\n > https://github.com/ImageMagick/ImageMagick/issues/517,\n > CVE 2017-11310).\n\n > Signed-off-by: Bernd Kuhls \n\nCommitted to 2017.08.x, thanks.","headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.137; helo=fraxinus.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"kOlGinbf\"; dkim-atps=neutral"],"Received":["from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3yGBvd75Prz9sRW\n\tfor ;\n\tTue, 17 Oct 2017 08:55:25 +1100 (AEDT)","from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 77F84868B5;\n\tMon, 16 Oct 2017 21:55:24 +0000 (UTC)","from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id OXXXcYg87sh8; Mon, 16 Oct 2017 21:55:22 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id D582686432;\n\tMon, 16 Oct 2017 21:55:22 +0000 (UTC)","from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 433611CEC57\n\tfor ;\n\tMon, 16 Oct 2017 21:55:22 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 3A02887087\n\tfor ;\n\tMon, 16 Oct 2017 21:55:22 +0000 (UTC)","from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id ZAGDzM2TTmiY for ;\n\tMon, 16 Oct 2017 21:55:21 +0000 (UTC)","from mail-wm0-f51.google.com (mail-wm0-f51.google.com\n\t[74.125.82.51])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id 49EC68707A\n\tfor ; Mon, 16 Oct 2017 21:55:21 +0000 (UTC)","by mail-wm0-f51.google.com with SMTP id b189so115141wmd.4\n\tfor ; Mon, 16 Oct 2017 14:55:21 -0700 (PDT)","from dell.be.48ers.dk (d51a5bc31.access.telenet.be.\n\t[81.165.188.49]) by smtp.gmail.com with ESMTPSA id\n\tc30sm4638372edf.65.2017.10.16.14.55.18\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tMon, 16 Oct 2017 14:55:18 -0700 (PDT)","from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from )\n\tid 1e4DLx-0003YM-MV; Mon, 16 Oct 2017 23:55:18 +0200"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:references:date:in-reply-to:message-id\n\t:user-agent:mime-version;\n\tbh=7y6AZ+IeD9+n7eKoeaAGTRSRkfBO8iP6JPtxbXTZBio=;\n\tb=kOlGinbfnn82jVpGn7IQcAzeKQbVLcD0O2rFKETNCsXNyymrSrJ8SbIQoWtIPaCLn4\n\te9IHXYNqkH5HdT/eHSl3q5F4U4YDX7rgsLu9F5gSz60RcKMOxu6BdoA/x9niPiwiGP3e\n\tIA48FfA5MHlGOwUR079iKpvhCZbEcmN5DVdVd5aLZ0VnKFln1ZkkC6Gb2KVl54y9SZBQ\n\tXGPOKY/Z0xD9w8P1iZOIGvgn4UMmb/dYQPx51TBxowJOrhZjh2Ha7NHCj1p57WxMVBAq\n\tNe17CsAn+CBLwMpDmyHBTekwcMSwhCzZ2o+NK8Id6u+DdWOjkoa2926LLvy2rUY8qVqf\n\tfclA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:references:date\n\t:in-reply-to:message-id:user-agent:mime-version;\n\tbh=7y6AZ+IeD9+n7eKoeaAGTRSRkfBO8iP6JPtxbXTZBio=;\n\tb=fzGhUJQp2RdZI0huVw0znAYcMSONNcnZRea3WNQILYJ9OPVf3udtDVf5c1AezTelDG\n\tX422hh9zV11x89kLVj8GZuNr/s+UrAC1wtWbKs5FRjww1m/Sbv+s9IPf+VnJsLHLmf8R\n\tpXcbVtZ9lvY8WmqCyEsd1a/xN1KUfV23hVKdvDM+kOqbwBD43voU0R/eO5GVVxBFW2P0\n\tssn+pc/ue22leglieiwNxZbl2h6b3SixpM3Ro69y0iZymyNweIFsBtzQM+p+kn6Y7Vpt\n\t9Amh8rP21rzbhmWJi2gnGwe22Rs84IOCamZHhm4m8SoIDWptyy/dWH5X8nWTLA+Kg2j9\n\tnnVw==","X-Gm-Message-State":"AMCzsaUSciWkzwNzZi/mYy8rLMxWm0FOYYsnemgNNVUCvhX2i9/tnN3X\n\tgLFDjz1HEI0mA5m8AxP9FX4=","X-Google-Smtp-Source":"AOwi7QCXTkpQPeJEdfj6fj1kHmS4rTGou+G66Fd5NW07e762m5YB0D0sEdz56QQyR5IUIaTJkIHWTA==","X-Received":"by 10.80.219.66 with SMTP id b2mr14420521edl.259.1508190919782; \n\tMon, 16 Oct 2017 14:55:19 -0700 (PDT)","From":"Peter Korsgaard ","To":"Bernd Kuhls ","References":"<20170917091652.18140-1-bernd.kuhls@t-online.de>","Date":"Mon, 16 Oct 2017 23:55:17 +0200","In-Reply-To":"<20170917091652.18140-1-bernd.kuhls@t-online.de> (Bernd Kuhls's\n\tmessage of \"Sun, 17 Sep 2017 11:16:52 +0200\")","Message-ID":"<8760besqpm.fsf@dell.be.48ers.dk>","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)","MIME-Version":"1.0","Cc":"buildroot@buildroot.org","Subject":"Re: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to\n\tversion 7.0.7-1","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" "}}]