Source: imagemagick Version: 8:6.8.9.9-5 Severity: important Tags: upstream security
Hi, the following vulnerability was published for imagemagick. AFAICT, this is not yet fixed up to the version in unstable. the CVE assignment is at[1] and reads as: > > Check return of write function > > ============================== > > > > Debian bug: https://bugs.debian.org/845196 > > Reference URL: https://security-tracker.debian.org/845196 > > Upstream commit: > > - > > https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7 > > - > > https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9 > > Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/196 > > Upstream version fixed: 7.0.1-10 > > > > The above fixes may be incomplete, according to the upstream issue. In > > addition, the -6 branch seems to have an incomplete fix as well. > > Use CVE-2016-10060 for the issue fixed in > 933e96f01a8c889c7bf5ffd30020e86a02a046e7. > Use CVE-2016-10061 for the issue fixed in > 4e914bbe371433f0590cefdf3bd5f3a5710069f9. > > Use CVE-2016-10062 for the fwrite issue in ReadGROUP4Image. This was > specifically noted at the beginning of issues/196, but not fixed in > either of these commits. It is not the same as the fputc issue in > ReadGROUP4Image. CVE-2016-10062[0]: fwrite issue in ReadGROUP4Image If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10062 [1] http://www.openwall.com/lists/oss-security/2016/12/26/9 Regards, Salvatore
