Date: Thu, 12 Aug 2004 13:46:55 +0400 From: Andrey Chernov <ache@nagual.pp.ru> To: Oliver Eikemeier <eikemeier@fillmore-labs.com> Cc: security@FreeBSD.ORG Subject: Re: False vuxml alarms (ImageMagick) Message-ID: <20040812094655.GB89851@nagual.pp.ru> In-Reply-To: <CFAB5818-EC42-11D8-887A-00039312D914@fillmore-labs.com> References: <20040812043214.GA37372@nagual.pp.ru> <CFAB5818-EC42-11D8-887A-00039312D914@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 12, 2004 at 11:34:30AM +0200, Oliver Eikemeier wrote: > Andrey Chernov wrote: > > >Hi. When I try to build ImageMagick, I got error below, but it is false > >alarm about libpng, which is already patched to remove overflow (and > >freshly installed on my machine). I have no idea how to fix ImageMagick > >building properly, please somebody do. > > > >===> ImageMagick-6.0.2.7 has known vulnerabilities: > >>>libpng stack-based buffer overflow and other code concerns. > > Reference: > ><http://www.FreeBSD.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d. > >html> > >>>Please update your ports tree and try again. > > http://secunia.com/advisories/12236 > and > http://www.imagemagick.org/www/Changelog.html > > list ImageMagick-6.0.2.7 as vulnerable. You can build it nevertheless > with make DISABLE_VULNERABILITIES=yes ... I talk not about workaround, I know it. I talk about the way of fixing it _properly_. It is NOT vulnerable really. -- Andrey Chernov | http://ache.pp.ru/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040812094655.GB89851>