Package: imagemagick Version: 8:6.7.7.10-4 Severity: serious Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Current imagemagick version 8:6.7.7.10-4 is unsuitable for realease due to (under my own analysis) three memory leaks: * Fix a memory leak: after setjmp used variable need to be volatile. Fix jpeg and png coder. * Fix a memory leak: in webp handling add a forgotten WebPPictureFree * Fix another memory leak in case of corrupted image in magick++ read method. According to my own analysis the risk is only a local dos. These bug should be nevertheless fixed before wheezy. I have prepared a package for stable-security if needed and I could upload in a few minutes to mentors if needed by security team. Bastien -- Dr-Ing Bastien ROUCARIÈS uUniversité de Cergy/SATIE ENS Cachan _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team