Package: imagemagick Version: 6:6.0.6.2-2.1 Severity: grave Tags: security Justification: user security hole
Imagemagick (at least convert and mogrify) does not delete or update exif thumbnails when changing an image. Therefore the thumbnail might still contain information (like a face) that has been removed from the image. This is CAN-2005-0406 [1]. [1] http://seclists.org/lists/fulldisclosure/2005/Feb/0361.html -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Versions of packages imagemagick depends on: ii libmagick6 6:6.0.6.2-2.1 Image manipulation library -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]