oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: ImageMagick opens config files in $CWD

From: Josh Bressers <bressers () redhat com>
Date: Mon, 15 Nov 2010 12:40:37 -0500 (EST)
----- "Vincent Danen" <vdanen () redhat com> wrote:


Noticed this in the Debian BTS.  It's been fixed in upstream svn, and
would be a fairly low impact issue.  The Debian report has a proof of
concept.

Could we get a CVE assigned for this issue?  Thanks.

References:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601824
https://bugzilla.redhat.com/show_bug.cgi?id=652860



Please use CVE-2010-4167.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: