Package: imagemagick Version: 6:6.0.6.2-2.2 Severity: grave Justification: user security hole
See http://www.securityfocus.com/bid/12873 for more information. In summary: > ImageMagick is prone to a heap-based buffer overflow vulnerability. > This vulnerability exists in the SGI image file parser. > Successful exploitation may result in execution of arbitrary code. > This issue may potentially be exploited through the ImageMagick > application or in other applications that import the SGI image file > parser component. > It is noted that the SGI codec is enabled by default in ImageMagick. Seems Sid and Sarge with their newer versions are not affected. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Versions of packages imagemagick depends on: ii libmagick6 6:6.0.6.2-2.2 Image manipulation library -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
