[Pkg-gmagick-im-team] Bug#806441: Buffer overflow in coders/icon.c and integer truncation in coders/pict.c
Raphael Hertzog
hertzog at debian.org
Fri Nov 27 14:13:23 UTC 2015
Source: imagemagick
Version: 8:6.6.0.4-3
Tags: security patch
Severity: important
Control: fixed -1 8:6.6.0.4-3+squeeze7
This bug is about two security issues in image parsing code that had been
reported to Ubuntu (and are tracked in the Debian security tracker):
The one in coders/icon.c:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
The one in coders/pict.c:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
The attached patches fix both of those issues in squeeze. I guess they
will be easy to forward-port to other versions.
Both of those issues apply to all versions currently in Debian.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-overflow-in-icon-parsing.patch
Type: text/x-diff
Size: 982 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gmagick-im-team/attachments/20151127/f8719cc6/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-overflow-in-pict-parsing.patch
Type: text/x-diff
Size: 1366 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gmagick-im-team/attachments/20151127/f8719cc6/attachment-0001.patch>
More information about the Pkg-gmagick-im-team
mailing list