[Pkg-gmagick-im-team] Bug#868469: imagemagick: Incomplete fix for CVE-2017-9144
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 17 04:27:31 UTC 2017
Control: retitle -1 imagemagick: CVE-2017-11352 (Incomplete fix for CVE-2017-9144)
Hi
On Sat, Jul 15, 2017 at 09:43:14PM +0200, Salvatore Bonaccorso wrote:
> Source: imagemagick
> Version: 8:6.9.7.4+dfsg-11
> Severity: serious
> Tags: upstream patch security
> Justification: incomplete fix for previous security fix
> Forwarded: https://github.com/ImageMagick/ImageMagick/issues/502
> Control: fixed -1 8:6.9.7.4+dfsg-12
> Control: found -1 8:6.9.7.4+dfsg-9
> Control: found -1 8:6.8.9.9-5+deb8u9
>
> As noted in the upstream bug [1] the original fix for CVE-2017-9144
> was incomplete.
>
> [1] https://github.com/ImageMagick/ImageMagick/issues/502
>
> As the incomplete fix has security implications itself (DoS at least?)
> this might warrant a new CVE id.
This is CVE-2017-11352.
Regards,
Salvatore
More information about the Pkg-gmagick-im-team
mailing list