[Pkg-gmagick-im-team] Bug#1070340: Thank you!
Сергей Сёмин
syominsergey at gmail.com
Sat Jun 29 22:23:09 BST 2024
Hi!
Rouca, thank you for installing the latest version of imagemagick in
the Debian FTP archive!
As I see, the new version of imagemagick with fully fixed
CVE-2023-34151 is 8:6.9.13.12+dfsg1-1. And now it is already included
in sid distribution:
https://packages.debian.org/sid/imagemagick
I have checked that method of reproducing CVE-2023-34151 described
earlier (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070340#30)
not working with new version 8:6.9.13.12+dfsg1-1 of imagemagick in
environment of Debian Bookworm:
vagrant at bookworm:~/imagemagick-6.9.13.12+dfsg1$ ./magick.sh identify
mvg:piechart.mvg
identify: width or height exceeds limit `piechart.mvg' @
error/cache.c/OpenPixelCache/3926.
So I think CVE-2023-34151 is really fully fixed in 8:6.9.13.12+dfsg1-1
version of imagemagick.
Rouca, please, could you explain to me, is it true that this version
(or more recent) is expected to appear in Debian Bookworm distribution
in the future?
Is it possible to make a guess how long it could take to appear the
new version of imagemagick in Debian Bookworm with fully fixed
CVE-2023-34151?
My question is because of my interest in fixing this CVE in Debian Bookworm.
Thanks
Sergei
More information about the Pkg-gmagick-im-team
mailing list