Bug#811024: jessie-pu: package imagemagick/8:6.8.9.9-5

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + moreinfo

On Thu, 2016-01-14 at 22:33 +0100, Vincent Fourmond wrote:
>   The imagemagick maintainers (mostly Bastien) have prepared a new
> version of imagemagick for stable that fixes a series of minor
> security issues that the security team did not deem worthy of an
> upload to stable-security. Can we upload the following package ? Here
> is the changelog:

While I've not checked each fix individually (mostly due to the lack of
Debian bugs referenced), at least these changes:

>     - Fix an integer overflow that can lead to a buffer overrun
>       in the icon parsing code (LP: #1459747, closes: #806441)
>     - Fix an integer overflow that can lead to a double free in
>       pict parsing (LP: #1448803, closes: #806441).

claim not to be fixed in unstable according to the BTS metadata, which
is a pre-requisite for fixing them in stable. Please could you clarify
the status of those and the other fixes.

Regards,

Adam