Web space? - fixing FC1 ImageMagick bugs (bugzilla #2052)
David Eisenstein
deisenst at gtw.net
Wed Nov 10 08:31:32 UTC 2004
Hi People,
The bugzilla bug # 2052 for ImageMagick only has QA packages for RH9 and
RH7.3. However, it seems to me that FC1's ImageMagick should also be
affected by one of more of those bugs. The bugs identified so far in #
2052 appear to be:
* CAN-2003-0455 - "The imagemagick libmagick library 5.5 and earlier
creates temporary files insecurely, which allows local users to
create or overwrite arbitrary files."
* CAN-2004-0827 - DoS - Multiple buffer overflows in the AVI,
BMP, and DIB parsers/decoders.
* CAN-2004-0981 - Buffer overflow in EXIF parser.
I am thinking that FC1's ImageMagick may be affected by any of those CVE
candidates. Am investigating it. If I find that they are affected by it,
I plan to submit .src.rpm's for QA under Bug #2052. This would be my
first attempt to submit patched .src.rpm's &c.
However, I have a bit of a problem. I have no online web accounts with
enough disk space to hold a FC1 ImageMagick .src.rpm, along with the
.i386.rpm's that folks usually submit along with it.
Can anyone who has plenty of disk space help me out with some place I can
upload rpm's for QA testing to you so you could post them on the web for
me? I would appreciate it.
Thanks in advance for any help!
- David Eisenstein
More information about the fedora-legacy-list
mailing list