[Pkg-gmagick-im-team] Bug#685903: libmagick++5: Fails an assertion due to OpenMP related problem (DoS possible)
Bastien ROUCARIES
roucaries.bastien at gmail.com
Sun Aug 26 15:15:04 UTC 2012
Le 26 août 2012 16:41, "Florian Weimer" <fw at deneb.enyo.de> a écrit :
>
> * Willi Mann:
>
> > I'd like to make you aware of this imagemagick (IM) bug, which could
> > be used to conduct a DoS attack against web applications using IM as a
> > library. Note that stable is not affected, the bug only applies to
> > current testing/unstable. However, other distributions shipping newer
> > IM versions in their release versions could also be affected.
>
> I'm not sure if this is a security issue. Is it necessary that the
> image is crafted in a particular way?
>
> Could you please backport this change:
>
>
http://trac.imagemagick.org/changeset?reponame=&new=8762%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c&old=8759%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c
>
> , upload to unstable, and request a freeze exception from the release
> team? Thanks.
I will do it this evening .
Bedtime
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-gmagick-im-team/attachments/20120826/762fa43d/attachment.html>
More information about the Pkg-gmagick-im-team
mailing list