Hi People, The bugzilla bug # 2052 for ImageMagick only has QA packages for RH9 and RH7.3. However, it seems to me that FC1's ImageMagick should also be affected by one of more of those bugs. The bugs identified so far in # 2052 appear to be: * CAN-2003-0455 - "The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files." * CAN-2004-0827 - DoS - Multiple buffer overflows in the AVI, BMP, and DIB parsers/decoders. * CAN-2004-0981 - Buffer overflow in EXIF parser. I am thinking that FC1's ImageMagick may be affected by any of those CVE candidates. Am investigating it. If I find that they are affected by it, I plan to submit .src.rpm's for QA under Bug #2052. This would be my first attempt to submit patched .src.rpm's &c. However, I have a bit of a problem. I have no online web accounts with enough disk space to hold a FC1 ImageMagick .src.rpm, along with the .i386.rpm's that folks usually submit along with it. Can anyone who has plenty of disk space help me out with some place I can upload rpm's for QA testing to you so you could post them on the web for me? I would appreciate it. Thanks in advance for any help! - David Eisenstein -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list