[Pkg-gmagick-im-team] Bug#685903: libmagick++5: Fails an assertion due to OpenMP related problem

Willi Mann willi at wm1.at
Sun Aug 26 09:29:16 UTC 2012 

Package: libmagick++5
Version: 8:6.7.7.10-3.1
Severity: important
Tags: upstream patch fixed-upstream

On some PNG images, ImageMagick fails with an assertion in the read method.
This happens because ImageMagick does not determine the maximum number of
threads in a uniform way. In my case, this broke a django web application,
so this problem could be used to conduct a DoS attack in some environments.

I have reported the problem upstream at 

http://www.imagemagick.org/discourse-server/viewtopic.php?f=23&t=21741

It turned out that the problem has been fixed after the release that's 
currently in Debian wheezy.

Could this problem be fixed please for wheezy?

Patch extracted from upstream SVN attached.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libmagick++5 depends on:
ii  libbz2-1.0         1.0.6-4
ii  libc6              2.13-35
ii  libfontconfig1     2.9.0-7
ii  libfreetype6       2.4.9-1
ii  libgcc1            1:4.7.1-2
ii  libglib2.0-0       2.32.3-1
ii  libgomp1           4.7.1-2
ii  libice6            2:1.0.8-2
ii  libjpeg8           8d-1
ii  liblcms2-2         2.2+git20110628-2.2
ii  liblqr-1-0         0.4.1-2
ii  libltdl7           2.4.2-1.1
ii  liblzma5           5.1.1alpha+20120614-1
ii  libmagickcore5     8:6.7.7.10-3.1
ii  libmagickwand5     8:6.7.7.10-3.1
ii  libsm6             2:1.2.1-2
ii  libstdc++6         4.7.1-2
ii  libtiff4           3.9.6-7
ii  libx11-6           2:1.5.0-1
ii  libxext6           2:1.3.1-2
ii  libxt6             1:1.1.3-1
ii  multiarch-support  2.13-35
ii  zlib1g             1:1.2.7.dfsg-13

libmagick++5 recommends no packages.

libmagick++5 suggests no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cache_view_fix_number_threads.diff
Type: text/x-diff
Size: 1421 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gmagick-im-team/attachments/20120826/d9ad20be/attachment.diff>

More information about the Pkg-gmagick-im-team mailing list