[Pkg-gmagick-im-team] Bug#685903: libmagick++5: Fails an assertion due to OpenMP related problem (DoS possible)
Florian Weimer
fw at deneb.enyo.de
Sun Aug 26 14:41:00 UTC 2012
* Willi Mann:
> I'd like to make you aware of this imagemagick (IM) bug, which could
> be used to conduct a DoS attack against web applications using IM as a
> library. Note that stable is not affected, the bug only applies to
> current testing/unstable. However, other distributions shipping newer
> IM versions in their release versions could also be affected.
I'm not sure if this is a security issue. Is it necessary that the
image is crafted in a particular way?
Could you please backport this change:
http://trac.imagemagick.org/changeset?reponame=&new=8762%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c&old=8759%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c
, upload to unstable, and request a freeze exception from the release
team? Thanks.
More information about the Pkg-gmagick-im-team
mailing list