[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: imagemagick: regression in 8:6.8.9.9-5+deb8u10



> Looks like I found the issue:
> 
> 0224-Ensure-token-does-not-overflow.patch corresponds to [0]. This patch
> was meant for ImageMagick 7.x, not 6.x. The correct patch is [1] (the one
> used in stretch).
> 
> This will be fixed in the next security update.

Not completely true. After spending some more time on this issue, I found
out that the following three patches are missing in jessie:

https://github.com/ImageMagick/ImageMagick6/commit/fc8ccba0f20ca330d959fcbb17a791e5b52ac53e
https://github.com/ImageMagick/ImageMagick6/commit/7573b8712697a3d34143eb3e6ea814287cc4c6a7
https://github.com/ImageMagick/ImageMagick6/commit/4cc316818e5b841ff5a9394a0730d5be6e8686ce

backporting them is sufficient to fix the issue.

cheers,
Hugo

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature


Reply to: