Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: serious Tags: upstream patch security Justification: incomplete fix for previous security fix Forwarded: https://github.com/ImageMagick/ImageMagick/issues/502 Control: fixed -1 8:6.9.7.4+dfsg-12 Control: found -1 8:6.9.7.4+dfsg-9 Control: found -1 8:6.8.9.9-5+deb8u9
As noted in the upstream bug [1] the original fix for CVE-2017-9144 was incomplete. [1] https://github.com/ImageMagick/ImageMagick/issues/502 As the incomplete fix has security implications itself (DoS at least?) this might warrant a new CVE id. Regards, Salvatore