Source: imagemagick Version: 8:6.9.11.60+dfsg-1.6+deb12u1 Severity: important Tags: security upstream X-Debbugs-Cc: syominser...@gmail.com, Debian Security Team <t...@security.debian.org>
Hello! Bug CVE-2023-34151 was not properly closed in imagemagick from Bookworm for mvg. Version of imagemagick is 8:6.9.11.60+dfsg-1.6+deb12u1. You can see instructions how to reproduce it here: https://docs.google.com/document/d/1zjM5MvfFYC317PEPY4_4WRi0hOdpM766FyqpvOmeE90/edit?usp=sharing I have discussed this problem with upstream developers here: https://github.com/ImageMagick/ImageMagick/issues/6341#issuecomment-2063607226 They approved and fixed bug for imagemagick7, but for some reasons they didn't approve bug for imagemagick6. But I think it is still exists and could be reproduced in Debian Bookworm environment as described. p.s. I tried to send message to 1036...@bugs.debian.org, but I received error '550 Unknown or archived bug', so I decided to open new bug. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-20-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
