Dear willi, Could you send this bug to security mailling list asking fir a dsa?
Thank you Le 26 août 2012 11:39, "Willi Mann" <[email protected]> a écrit : > Package: libmagick++5 > Version: 8:6.7.7.10-3.1 > Severity: important > Tags: upstream patch fixed-upstream > > On some PNG images, ImageMagick fails with an assertion in the read method. > This happens because ImageMagick does not determine the maximum number of > threads in a uniform way. In my case, this broke a django web application, > so this problem could be used to conduct a DoS attack in some environments. > > I have reported the problem upstream at > > http://www.imagemagick.org/discourse-server/viewtopic.php?f=23&t=21741 > > It turned out that the problem has been fixed after the release that's > currently in Debian wheezy. > > Could this problem be fixed please for wheezy? > > Patch extracted from upstream SVN attached. > > -- System Information: > Debian Release: wheezy/sid > APT prefers testing > APT policy: (900, 'testing'), (300, 'unstable'), (1, 'experimental') > Architecture: i386 (x86_64) > > Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) > Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages libmagick++5 depends on: > ii libbz2-1.0 1.0.6-4 > ii libc6 2.13-35 > ii libfontconfig1 2.9.0-7 > ii libfreetype6 2.4.9-1 > ii libgcc1 1:4.7.1-2 > ii libglib2.0-0 2.32.3-1 > ii libgomp1 4.7.1-2 > ii libice6 2:1.0.8-2 > ii libjpeg8 8d-1 > ii liblcms2-2 2.2+git20110628-2.2 > ii liblqr-1-0 0.4.1-2 > ii libltdl7 2.4.2-1.1 > ii liblzma5 5.1.1alpha+20120614-1 > ii libmagickcore5 8:6.7.7.10-3.1 > ii libmagickwand5 8:6.7.7.10-3.1 > ii libsm6 2:1.2.1-2 > ii libstdc++6 4.7.1-2 > ii libtiff4 3.9.6-7 > ii libx11-6 2:1.5.0-1 > ii libxext6 2:1.3.1-2 > ii libxt6 1:1.1.3-1 > ii multiarch-support 2.13-35 > ii zlib1g 1:1.2.7.dfsg-13 > > libmagick++5 recommends no packages. > > libmagick++5 suggests no packages. > > -- no debconf information >
