Ubuntu
imagemagick package

multiple memory leaks

Bug #1079209 reported by broucaries
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
imagemagick (Ubuntu)
Fix Released
Undecided
Micah Gersten

Bug Description

Please upgrade to lastest debian version. It fix quite a few secuirty bug

Related branches

lp:ubuntu/raring/imagemagick

CVE References

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Could you please be more specific about what the security issues it fixes are, and what release of Ubuntu you are requesting this for?

information type: Private Security → Public Security
Changed in imagemagick (Ubuntu):
status: New → Incomplete
Revision history for this message
broucaries (roucaries-bastien+bugs) wrote :

   * Fix three security bug (Closes: #692367):
   - Fix a memory leak: after setjmp used variable need to be volatile.
     Fix jpeg and png coder.
   - Fix a memory leak: in webp handling add a forgotten WebPPictureFree
   - Fix another memory leak in case of corrupted image in magick++ read method.

Revision history for this message
broucaries (roucaries-bastien+bugs) wrote :

I think all the current version unde"r ubuntu are affected

Revision history for this message
broucaries (roucaries-bastien+bugs) wrote :

Please I am the debian mainteners of this package. I think it is a really good idea to sync or to apply the lastest debian patches.

Thanks

Bastien

Changed in imagemagick (Ubuntu):
status: Incomplete → Opinion
status: Opinion → New
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I don't consider memory leaks in client software to be a security issue. If someone wants to SRU these into stable releases to fix reliability, they can do so.

summary: - Appl;y security fix from debian
+ multiple memory leaks
information type: Public Security → Public
Changed in imagemagick (Ubuntu):
status: New → Confirmed
Revision history for this message
Micah Gersten (micahg) wrote :

I'm working on a merge which will fix these.

Changed in imagemagick (Ubuntu):
assignee: nobody → Micah Gersten (micahg)
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package imagemagick - 8:6.7.7.10-5ubuntu1

---------------
imagemagick (8:6.7.7.10-5ubuntu1) raring; urgency=low

  * Merge from Debian unstable. (LP: #1079209) Remaining changes:
    - Make ufraw-batch (universe) a suggestion instead of a recommendation.
    - Don't set MAKEFLAGS in debian/rules; just pass it to the build.
    - Build-Depend on libtiff5-dev instead of libtiff-dev
    - Depend on fftw3-dev as it's in main, not fftw-dev.
    - Don't build depend on graphicsmagick-imagemagick-compat (universe)
    - Don't use graphicmagick's convert executable just to convert our
      svg into a menu xpm. Instead, run the convert we build.
  * Mark Vcs-* as XS-Debian-Vcs-*
    - update debian/control

imagemagick (8:6.7.7.10-5) unstable; urgency=high

  * Fix three security bug (Closes: #692367):
  - Fix a memory leak: after setjmp used variable need to be volatile.
    Fix jpeg and png coder.
  - Fix a memory leak: in webp handling add a forgotten WebPPictureFree
  - Fix another memory leak in case of corrupted image in magick++ read method.

imagemagick (8:6.7.7.10-4) unstable; urgency=high

  * Security Bug fix: "Fails an assertion due to OpenMP related problem",
    thanks to Willi Mann (Closes: #685903).

imagemagick (8:6.7.7.10-3) unstable; urgency=high

  * Bug fix: "CVE-2012-3437", ImageMagick: Magick_png_malloc() size
    argument thanks to Moritz Muehlenhoff (Closes: #683285).
 -- Micah Gersten <email address hidden> Tue, 22 Jan 2013 21:38:05 -0600

Changed in imagemagick (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.