Control: retitle -1 imagemagick: CVE-2017-11352 (Incomplete fix for CVE-2017-9144)
Hi On Sat, Jul 15, 2017 at 09:43:14PM +0200, Salvatore Bonaccorso wrote: > Source: imagemagick > Version: 8:6.9.7.4+dfsg-11 > Severity: serious > Tags: upstream patch security > Justification: incomplete fix for previous security fix > Forwarded: https://github.com/ImageMagick/ImageMagick/issues/502 > Control: fixed -1 8:6.9.7.4+dfsg-12 > Control: found -1 8:6.9.7.4+dfsg-9 > Control: found -1 8:6.8.9.9-5+deb8u9 > > As noted in the upstream bug [1] the original fix for CVE-2017-9144 > was incomplete. > > [1] https://github.com/ImageMagick/ImageMagick/issues/502 > > As the incomplete fix has security implications itself (DoS at least?) > this might warrant a new CVE id. This is CVE-2017-11352. Regards, Salvatore

