[Pkg-gmagick-im-team] Bug#845196: imagemagick 8:6.8.9.9-5+deb8u6 still vulnerable to Bug#845196
Antoine Beaupré
anarcat at orangeseeds.org
Tue Dec 20 19:58:21 UTC 2016
Hi secteam,
I believe the fix for bug#845196 shipped with DSA-3726-1 is incomplete,
at least in stable. It does ship with this patch:
https://github.com/ImageMagick/ImageMagick/commit/1be809ae06f2fcb094836960edb707f81422e964
but not this one:
https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
so it is missing one fputc check in convert.
On 2016-12-20 13:34:03, Bastien Roucaries wrote:
> Please reopen and.notify sécurity team
The bug report is actually still opened in stable, according to the BTS,
so I don't believe a change is required there. I have removed the fixed
marker from the security tracker and added a relevant note.
a.
--
Education is the most powerful weapon which we can use to change the
world.
- Nelson Mandela
More information about the Pkg-gmagick-im-team
mailing list