This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

SECURITY: ImageMagick, GraphicsMagick


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yaakov S (Cygwin Ports) wrote:
> ImageMagick contains several format string vulnerabilities, which may
> allow an attacker to execute arbitrary code.
> 
> Solution: update to 6.2.5.5 or 6.2.6 (our current is 6.0.4-1 !!!)
> 
> More information:
> http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml
> http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml

First, ping.

Second, I just knew this was going to happen... GraphicsMagick is also
similarly affected.

Solution: upgrade to 1.1.7.

More information:
http://security.gentoo.org/glsa/glsa-200602-13.xml


Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEBNh+piWmPGlmQSMRAvwiAKDfqWRK3i9ca7VPCe8Sd6J0Iw/z/gCg6UGQ
msCPNAz11VIWlD0WFabS+CA=
=WtIw
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]