Bug#414045: [ldoolitt@recycle.lbl.gov: graphicsmagick and bug 414045]
clone 414045 -1
reopen -1
reassign -1 graphicsmagick
notforwarded -1
thanks
Hi Larry,
On Tue, Apr 03, 2007 at 10:36:40PM -0700, ldoolitt@recycle.lbl.gov wrote:
> I suspect the RMs are ignoring it because it's tagged
> security, and "we can always put out security fixes
> post-release".
> This bug sits in a misleading status, though, because
> the patches I posted apply to both graphicsmagick and
> libx11. So the BTS doesn't currently have an RC bug
> applied to graphicsmagick.
> I suggest you do the following:
> - clone the bug to graphicsmagick
> - add "patched" tags
> - post clarifications (and links, maybe with md5sums) as to
> what image files generate the two bugs.
> I don't want to take those first two steps myself,
> since IANADD, and I'd probably bungle them. If you want
> to delegate the last step to me, I can do that.
Well, you don't have to be a DD to make those changes; and anyway, there are
plenty of eyeballs on the release-critical bugs who will help if you do
misstep. :)
Anyway, I've done the first two bits, the third seems like something for
someone closer to the bug.
I don't see any particular reason that graphicsmagick should be specially
discriminated against by the security team when it comes to segfaults on
untrusted input, so I'm leaving the severity at 'grave' for now.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: