Attached is the diff I used to NMU for this security hole. -- see shy jo
diff -ur old/imagemagick-6.0.6.2/debian/changelog
imagemagick-6.0.6.2/debian/changelog
--- old/imagemagick-6.0.6.2/debian/changelog 2005-03-03 15:52:05.000000000
-0500
+++ imagemagick-6.0.6.2/debian/changelog 2005-03-03 16:07:21.000000000
-0500
@@ -1,3 +1,12 @@
+imagemagick (6:6.0.6.2-2.2) unstable; urgency=HIGH
+
+ * NMU
+ * magick/image.c: FormatMagickString() was called with the file name as
+ format string, rather than through "%s". Fix with patch from Ubuntu.
+ Closes: #297990 (CAN-2005-0397)
+
+ -- Joey Hess <[EMAIL PROTECTED]> Thu, 3 Mar 2005 15:49:06 -0500
+
imagemagick (6:6.0.6.2-2.1) unstable; urgency=high
* Non-maintainer upload.
diff -ur old/imagemagick-6.0.6.2/magick/image.c
imagemagick-6.0.6.2/magick/image.c
--- old/imagemagick-6.0.6.2/magick/image.c 2004-08-19 13:33:43.000000000
-0400
+++ imagemagick-6.0.6.2/magick/image.c 2005-03-03 15:49:02.000000000 -0500
@@ -3918,7 +3918,7 @@
/*
Rectify multi-image file support.
*/
- (void) FormatMagickString(filename,MaxTextExtent,image_info->filename,0);
+ (void)
FormatMagickString(filename,MaxTextExtent,"%s",image_info->filename,0);
if ((LocaleCompare(filename,image_info->filename) != 0) &&
(strchr(filename,'%') == (char *) NULL))
image_info->adjoin=MagickFalse;
signature.asc
Description: Digital signature
