> Looks like I found the issue:
>
> 0224-Ensure-token-does-not-overflow.patch corresponds to [0]. This patch
> was meant for ImageMagick 7.x, not 6.x. The correct patch is [1] (the one
> used in stretch).
>
> This will be fixed in the next security update.
Not completely true. After spending
> I'm working on imagemagick on behalf of the Debian LTS team and just
> noticed this bug report.
>
> I have reproduced this issue in jessie, and can confirm that this
> regression is still present in 8:6.8.9.9-5+deb8u18. I can also confirm
> that the regression was introduced between patch 0224
Hi,
I'm working on imagemagick on behalf of the Debian LTS team and just
noticed this bug report.
I have reproduced this issue in jessie, and can confirm that this
regression is still present in 8:6.8.9.9-5+deb8u18. I can also confirm
that the regression was introduced between patch 0224 and
Package: imagemagick
Version: 8:6.8.9.9-5+deb8u10
Severity: normal
Ubuntu imagemagick security updates are based on Debian security updates.
The latest round of jessie updates introduced a regression.
Please see the downstream bug report for a reproducer script:
4 matches
Mail list logo