[Secure-testing-team] Bug#833735: Coder path transversal

[Bastien ROUCARIES]

Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org


Imagemagick arbitrary module loading due to not escaping relative path



commit 3ed665639d7665fabdff33d77e3b8428854726da
Author: Cristy <urban-warrior at imagemagick.org>
Date:   Thu Jun 2 13:44:20 2016 -0400

    Coder path traversal is not authorized

    Bug report provided by Masaaki Chida

    Commit mix two thing, fix only the module problem

    Fix loading arbitrary module from user side

    origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb