[Pkg-gmagick-im-team] Bug#868469: imagemagick: Incomplete fix for CVE-2017-9144
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 15 19:43:14 UTC 2017
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: serious
Tags: upstream patch security
Justification: incomplete fix for previous security fix
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/502
Control: fixed -1 8:6.9.7.4+dfsg-12
Control: found -1 8:6.9.7.4+dfsg-9
Control: found -1 8:6.8.9.9-5+deb8u9
As noted in the upstream bug [1] the original fix for CVE-2017-9144
was incomplete.
[1] https://github.com/ImageMagick/ImageMagick/issues/502
As the incomplete fix has security implications itself (DoS at least?)
this might warrant a new CVE id.
Regards,
Salvatore
More information about the Pkg-gmagick-im-team
mailing list