On Sun, Aug 26, 2012 at 4:41 PM, Florian Weimer <[email protected]> wrote: > * Willi Mann: > >> I'd like to make you aware of this imagemagick (IM) bug, which could >> be used to conduct a DoS attack against web applications using IM as a >> library. Note that stable is not affected, the bug only applies to >> current testing/unstable. However, other distributions shipping newer >> IM versions in their release versions could also be affected. > > I'm not sure if this is a security issue. Is it necessary that the > image is crafted in a particular way? > > Could you please backport this change: > > http://trac.imagemagick.org/changeset?reponame=&new=8762%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c&old=8759%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c > > , upload to unstable, and request a freeze exception from the release > team? Thanks.
Will do today in fact. Notice that problem is larger see http://trac.imagemagick.org/changeset/8762, we could hit this assert during resizing Bastien -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
