Date: Thu, 12 Aug 2004 11:34:30 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: Andrey Chernov <ache@nagual.pp.ru> Cc: security@freebsd.org Subject: Re: False vuxml alarms (ImageMagick) Message-ID: <CFAB5818-EC42-11D8-887A-00039312D914@fillmore-labs.com> In-Reply-To: <20040812043214.GA37372@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey Chernov wrote: > Hi. When I try to build ImageMagick, I got error below, but it is false > alarm about libpng, which is already patched to remove overflow (and > freshly installed on my machine). I have no idea how to fix ImageMagick > building properly, please somebody do. > > ===> ImageMagick-6.0.2.7 has known vulnerabilities: >>> libpng stack-based buffer overflow and other code concerns. > Reference: > <http://www.FreeBSD.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d. > html> >>> Please update your ports tree and try again. http://secunia.com/advisories/12236 and http://www.imagemagick.org/www/Changelog.html list ImageMagick-6.0.2.7 as vulnerable. You can build it nevertheless with make DISABLE_VULNERABILITIES=yes ... -Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CFAB5818-EC42-11D8-887A-00039312D914>