[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: imagemagick: regression in 8:

> I'm working on imagemagick on behalf of the Debian LTS team and just
> noticed this bug report.
> I have reproduced this issue in jessie, and can confirm that this
> regression is still present in 8:  I can also confirm
> that the regression was introduced between patch 0224 and 0227.
> I'll try to ship a patch for this along with the next jessie update.

Looks like I found the issue:

0224-Ensure-token-does-not-overflow.patch corresponds to [0]. This patch
was meant for ImageMagick 7.x, not 6.x. The correct patch is [1] (the one
used in stretch).

This will be fixed in the next security update.


[0] https://github.com/ImageMagick/ImageMagick/commit/4b85d29608d5bc0ab641f49e80b6cf8965928fb4
[1] https://github.com/ImageMagick/ImageMagick6/commit/663e70e90257797f4634ea8dd4a31e0947d1f266

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: