[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ImageMagick - marking issue as not affecting wheezy?

On Fri, Oct 28, 2016 at 09:41:42AM -0400, Antoine Beaupré wrote:
> On 2016-10-28 07:53:39, Roberto C. Sánchez wrote:
> > It appears to me that the upstream diff is ensuring that the allocated
> > memory area is not too small, hence the change of "number_planes_filled"
> > to "MagickMax(number_planes_filled,4)" in two places.  However, in the
> > code currently in wheezy, "pixel_info_length" is already calculated to
> > include the product of "MagickMax(number_planes,4)".  Based on this, it
> > would seem that the ImageMagick in wheezy will not encounter the same
> > RLE segfault that was addressed by the upstream commit.
> >
> > Based on this analysis (hi Raphael :-), I am inclined to consider wheezy
> > unaffected by this.  Would anyone else out there care to look over this
> > and agree/disagree with me?
> I agree as well.
Thanks.  I have annotated it appropriately in data/CVE/list.



Roberto C. Sánchez

Attachment: signature.asc
Description: Digital signature

Reply to: