Package: imagemagick
Version: 8:6.7.7.10-4
Severity: serious
Tags: patch security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
Current imagemagick version 8:6.7.7.10-4 is unsuitable for realease due to
(under my own analysis) three memory leaks:
* Fix a memory leak: after setjmp used variable need to be volatile.
Fix jpeg and png coder.
* Fix a memory leak: in webp handling add a forgotten WebPPictureFree
* Fix another memory leak in case of corrupted image in magick++ read
method.
According to my own analysis the risk is only a local dos.
These bug should be nevertheless fixed before wheezy. I have prepared a package
for stable-security if needed and I could upload in a few minutes to mentors
if needed by security team.
Bastien
--
Dr-Ing Bastien ROUCARIÈS uUniversité de Cergy/SATIE ENS Cachan
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
