[Secure-testing-team] Bug#833735: Coder path transversal
Bastien ROUCARIES
roucaries.bastien at gmail.com
Mon Aug 8 10:32:57 UTC 2016
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
Imagemagick arbitrary module loading due to not escaping relative path
commit 3ed665639d7665fabdff33d77e3b8428854726da
Author: Cristy <urban-warrior at imagemagick.org>
Date: Thu Jun 2 13:44:20 2016 -0400
Coder path traversal is not authorized
Bug report provided by Masaaki Chida
Commit mix two thing, fix only the module problem
Fix loading arbitrary module from user side
origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
More information about the Secure-testing-team
mailing list