[Pkg-gmagick-im-team] Bug#685903: libmagick++5: Fails an assertion due to OpenMP related problem (DoS possible)
Bastien ROUCARIES
roucaries.bastien at gmail.com
Mon Aug 27 10:08:11 UTC 2012
On Mon, Aug 27, 2012 at 11:14 AM, Bastien ROUCARIES
<roucaries.bastien at gmail.com> wrote:
> On Sun, Aug 26, 2012 at 4:41 PM, Florian Weimer <fw at deneb.enyo.de> wrote:
>> * Willi Mann:
>>
>>> I'd like to make you aware of this imagemagick (IM) bug, which could
>>> be used to conduct a DoS attack against web applications using IM as a
>>> library. Note that stable is not affected, the bug only applies to
>>> current testing/unstable. However, other distributions shipping newer
>>> IM versions in their release versions could also be affected.
>>
>> I'm not sure if this is a security issue. Is it necessary that the
>> image is crafted in a particular way?
>>
>> Could you please backport this change:
>>
>> http://trac.imagemagick.org/changeset?reponame=&new=8762%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c&old=8759%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c
>>
>> , upload to unstable, and request a freeze exception from the release
>> team? Thanks.
>
> Will do today in fact. Notice that problem is larger see
> http://trac.imagemagick.org/changeset/8762, we could hit this assert
> during resizing
I have just uploader under mentor. could you please test ?
Vincent could you upload please to unstable ?
Thanks
> Bastien
More information about the Pkg-gmagick-im-team
mailing list