Your message dated Sun, 30 Sep 2007 10:47:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#444267: fixed in imagemagick 7:6.2.4.5.dfsg1-1.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: imagemagick
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for imagemagick.
CVE-2007-4985[0]:
| ImageMagick before 6.3.5-9 allows context-dependent attackers to cause
| a denial of service via a crafted image file that triggers (1) an
| infinite loop in the ReadDCMImage function, related to ReadBlobByte
| function calls; or (2) an infinite loop in the ReadXCFImage function,
| related to ReadBlobMSBLong function calls.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
Since this could happen in for example an automatic image
upload web service I set the severity to grave.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp1UaVNPGmSg.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 7:6.2.4.5.dfsg1-1.1
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick_6.2.4.5.dfsg1-1.1.diff.gz
to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1.1.diff.gz
imagemagick_6.2.4.5.dfsg1-1.1.dsc
to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1.1.dsc
imagemagick_6.2.4.5.dfsg1-1.1_i386.deb
to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1.1_i386.deb
libmagick++9-dev_6.2.4.5.dfsg1-1.1_i386.deb
to pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-1.1_i386.deb
libmagick++9c2a_6.2.4.5.dfsg1-1.1_i386.deb
to pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-1.1_i386.deb
libmagick9-dev_6.2.4.5.dfsg1-1.1_i386.deb
to pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-1.1_i386.deb
libmagick9_6.2.4.5.dfsg1-1.1_i386.deb
to pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-1.1_i386.deb
perlmagick_6.2.4.5.dfsg1-1.1_i386.deb
to pool/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-1.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Sep 2007 00:20:38 +0200
Source: imagemagick
Binary: perlmagick libmagick9 libmagick9-dev imagemagick libmagick++9-dev
libmagick++9c2a
Architecture: source i386
Version: 7:6.2.4.5.dfsg1-1.1
Distribution: unstable
Urgency: high
Maintainer: Luciano Bello <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
imagemagick - Image manipulation programs
libmagick++9-dev - The object-oriented C++ API to the ImageMagick
library--developme
libmagick++9c2a - The object-oriented C++ API to the ImageMagick library
libmagick9 - Image manipulation library
libmagick9-dev - Image manipulation library -- development
perlmagick - A perl interface to the libMagick graphics routines
Closes: 444267
Changes:
imagemagick (7:6.2.4.5.dfsg1-1.1) unstable; urgency=high
.
* Non-maintainer upload by testing security team.
* Ported Jonathan Smith' patches to 6.2.4.5 to fix infinite loop
via crafted image (CVE-2007-4985), sign extension error in
ReadDIBImage function which could allow arbitrary code execution
(CVE-2007-4988), off-by-one programming error in ReadBlobString
which could lead to code execution (CVE-2007-4987) and multiple
integer overflow via crafted image files which could lead to a
heap overflow (CVE-2007-4986) (Closes: #444267).
Files:
6ee2c814dee29982b30951333faeeff1 1055 graphics optional
imagemagick_6.2.4.5.dfsg1-1.1.dsc
c70eefaea2131df5f018c1bc1221572b 102450 graphics optional
imagemagick_6.2.4.5.dfsg1-1.1.diff.gz
be04cf6d71b8c939646ef30d6af2d1d3 746340 graphics optional
imagemagick_6.2.4.5.dfsg1-1.1_i386.deb
facb61f7a0d5b0dfcdfcdc1616cc5982 1278972 libs optional
libmagick9_6.2.4.5.dfsg1-1.1_i386.deb
dcfd013d4bf2c5246e9c975cf347688c 1578372 libdevel optional
libmagick9-dev_6.2.4.5.dfsg1-1.1_i386.deb
6b2364de76f533f5f6331909d5261b0d 191044 libs optional
libmagick++9c2a_6.2.4.5.dfsg1-1.1_i386.deb
6472cd41c130bf06e8b8b1e5cf9fbed3 228338 libdevel optional
libmagick++9-dev_6.2.4.5.dfsg1-1.1_i386.deb
38a26df3065c071a8c9c2781a778414b 170764 perl optional
perlmagick_6.2.4.5.dfsg1-1.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG/3sGHYflSXNkfP8RAh+qAKCLSW5fR9WXMnX8aVztcvIsWelevACgglAr
n2gJqMjdGAIR/wwIIBzi66o=
=ln/K
-----END PGP SIGNATURE-----
--- End Message ---
