[Pkg-gmagick-im-team] Bug#685903: libmagick++5: Fails an assertion due to OpenMP related problem

Bastien ROUCARIES roucaries.bastien at gmail.com
Sun Aug 26 10:51:40 UTC 2012 

Dear willi,

Could you send this bug to security mailling list asking fir a dsa?

Thank you
Le 26 août 2012 11:39, "Willi Mann" <willi at wm1.at> a écrit :

> Package: libmagick++5
> Version: 8:6.7.7.10-3.1
> Severity: important
> Tags: upstream patch fixed-upstream
>
> On some PNG images, ImageMagick fails with an assertion in the read method.
> This happens because ImageMagick does not determine the maximum number of
> threads in a uniform way. In my case, this broke a django web application,
> so this problem could be used to conduct a DoS attack in some environments.
>
> I have reported the problem upstream at
>
> http://www.imagemagick.org/discourse-server/viewtopic.php?f=23&t=21741
>
> It turned out that the problem has been fixed after the release that's
> currently in Debian wheezy.
>
> Could this problem be fixed please for wheezy?
>
> Patch extracted from upstream SVN attached.
>
> -- System Information:
> Debian Release: wheezy/sid
>   APT prefers testing
>   APT policy: (900, 'testing'), (300, 'unstable'), (1, 'experimental')
> Architecture: i386 (x86_64)
>
> Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
> Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages libmagick++5 depends on:
> ii  libbz2-1.0         1.0.6-4
> ii  libc6              2.13-35
> ii  libfontconfig1     2.9.0-7
> ii  libfreetype6       2.4.9-1
> ii  libgcc1            1:4.7.1-2
> ii  libglib2.0-0       2.32.3-1
> ii  libgomp1           4.7.1-2
> ii  libice6            2:1.0.8-2
> ii  libjpeg8           8d-1
> ii  liblcms2-2         2.2+git20110628-2.2
> ii  liblqr-1-0         0.4.1-2
> ii  libltdl7           2.4.2-1.1
> ii  liblzma5           5.1.1alpha+20120614-1
> ii  libmagickcore5     8:6.7.7.10-3.1
> ii  libmagickwand5     8:6.7.7.10-3.1
> ii  libsm6             2:1.2.1-2
> ii  libstdc++6         4.7.1-2
> ii  libtiff4           3.9.6-7
> ii  libx11-6           2:1.5.0-1
> ii  libxext6           2:1.3.1-2
> ii  libxt6             1:1.1.3-1
> ii  multiarch-support  2.13-35
> ii  zlib1g             1:1.2.7.dfsg-13
>
> libmagick++5 recommends no packages.
>
> libmagick++5 suggests no packages.
>
> -- no debconf information
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-gmagick-im-team/attachments/20120826/ff112484/attachment-0003.html>

More information about the Pkg-gmagick-im-team mailing list