[Pkg-gmagick-im-team] Bug#685903: libmagick++5: Fails an assertion due to OpenMP related problem (DoS possible)

Bastien ROUCARIES roucaries.bastien at gmail.com
Mon Aug 27 10:08:11 UTC 2012

On Mon, Aug 27, 2012 at 11:14 AM, Bastien ROUCARIES
<roucaries.bastien at gmail.com> wrote:
> On Sun, Aug 26, 2012 at 4:41 PM, Florian Weimer <fw at deneb.enyo.de> wrote:
>> * Willi Mann:
>>> I'd like to make you aware of this imagemagick (IM) bug, which could
>>> be used to conduct a DoS attack against web applications using IM as a
>>> library. Note that stable is not affected, the bug only applies to
>>> current testing/unstable. However, other distributions shipping newer
>>> IM versions in their release versions could also be affected.
>> I'm not sure if this is a security issue.  Is it necessary that the
>> image is crafted in a particular way?
>> Could you please backport this change:
>> http://trac.imagemagick.org/changeset?reponame=&new=8762%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c&old=8759%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c
>> , upload to unstable, and request a freeze exception from the release
>> team?  Thanks.
> Will do today in fact. Notice that problem is larger see
> http://trac.imagemagick.org/changeset/8762, we could hit this assert
> during resizing

I have just uploader under mentor. could you please test ?

Vincent could you upload please to unstable ?


> Bastien

More information about the Pkg-gmagick-im-team mailing list