oss-sec mailing list archives

CVE request: ImageMagick opens config files in $CWD

From: Vincent Danen <vdanen () redhat com>
Date: Fri, 12 Nov 2010 18:30:12 -0700

Noticed this in the Debian BTS.  It's been fixed in upstream svn, and
would be a fairly low impact issue.  The Debian report has a proof of
concept.

Could we get a CVE assigned for this issue?  Thanks.

References:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601824
https://bugzilla.redhat.com/show_bug.cgi?id=652860

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE request: ImageMagick opens config files in $CWD Vincent Danen (Nov 12)
- Re: CVE request: ImageMagick opens config files in $CWD Josh Bressers (Nov 15)