From ${URL} : GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. Upstream patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9 References: https://bugzilla.novell.com/show_bug.cgi?id=1050617 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Created attachment 490596 [details, diff] CVE-2017-11642.patch
@maintainer(s), please clean the vulnerable version from the tree.
cleanup will be tracked in bug #640690 GLSA Vote: No