Source: imagemagick Version: 8:6.9.10.8+dfsg-1 Severity: important Tags: patch security upstream
Hi, The following vulnerability was published for imagemagick. CVE-2018-16323[0]: | ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data | uninitialized when processing an XBM file that has a negative pixel | value. If the affected code is used as a library loaded into a process | that includes sensitive information, that information sometimes can be | leaked via the image data. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16323 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16323 [1] https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786 Please adjust the affected versions in the BTS as needed, looking at the code this at least seem to affect 8:6.9.10.8+dfsg-1 for unstable, but please double check as I might have missed something. Regards, Salvatore