Hi secteam, I believe the fix for bug#845196 shipped with DSA-3726-1 is incomplete, at least in stable. It does ship with this patch:
https://github.com/ImageMagick/ImageMagick/commit/1be809ae06f2fcb094836960edb707f81422e964 but not this one: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7 so it is missing one fputc check in convert. On 2016-12-20 13:34:03, Bastien Roucaries wrote: > Please reopen and.notify sécurity team The bug report is actually still opened in stable, according to the BTS, so I don't believe a change is required there. I have removed the fixed marker from the security tracker and added a relevant note. a. -- Education is the most powerful weapon which we can use to change the world. - Nelson Mandela
