Your message dated Tue, 26 Feb 2008 23:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#444266: fixed in graphicsmagick 1.1.11-1
has caused the Debian Bug report #444266,
regarding CVE-2007-4985, CVE-2007-4986, CVE-2007-4988 multiple vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
444266: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444266
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: graphicsmagick
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for graphicsmagick.
CVE-2007-4985[0]:
| ImageMagick before 6.3.5-9 allows context-dependent attackers to cause
| a denial of service via a crafted image file that triggers (1) an
| infinite loop in the ReadDCMImage function, related to ReadBlobByte
| function calls; or (2) an infinite loop in the ReadXCFImage function,
| related to ReadBlobMSBLong function calls.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
Since this could happen in for example an automatic image
upload web service I set the severity to grave.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpFU04mlihWk.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.1.11-1
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive:
graphicsmagick-dbg_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-1_amd64.deb
graphicsmagick-imagemagick-compat_1.1.11-1_all.deb
to
pool/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.1.11-1_all.deb
graphicsmagick-libmagick-dev-compat_1.1.11-1_all.deb
to
pool/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.1.11-1_all.deb
graphicsmagick_1.1.11-1.diff.gz
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-1.diff.gz
graphicsmagick_1.1.11-1.dsc
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-1.dsc
graphicsmagick_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-1_amd64.deb
graphicsmagick_1.1.11.orig.tar.gz
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11.orig.tar.gz
libgraphics-magick-perl_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-1_amd64.deb
libgraphicsmagick++1-dev_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-1_amd64.deb
libgraphicsmagick++1_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-1_amd64.deb
libgraphicsmagick1-dev_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-1_amd64.deb
libgraphicsmagick1_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kobras <[EMAIL PROTECTED]> (supplier of updated graphicsmagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 26 Feb 2008 21:33:02 +0100
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick1 libgraphicsmagick1-dev
libgraphicsmagick++1 libgraphicsmagick++1-dev libgraphics-magick-perl
graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat
graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.1.11-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Daniel Kobras <[EMAIL PROTECTED]>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing
ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing
ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++1 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++
development files
libgraphicsmagick1 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development
files
Closes: 444266 462113
Changes:
graphicsmagick (1.1.11-1) unstable; urgency=medium
.
* New upstream version, containing multiple security fixes. Closes: #444266
+ Fixes denial-of-service via malicious DCM and XCF files. (CVE-2007-4985)
+ Fixes integer overflows in multiple coders. (CVE-2007-4986)
+ Fixes sign extension error when reading DIB images. (CVE-2007-4988)
+ For reference, GraphicsMagick was not affected by an off-by-one error
in ImageMagick's ReadBlobString() function. (CVE-2007-4987)
* Magick++/lib/Geometry.cpp: Add missing cstring include to fix build with
gcc 4.3. Closes: #462113
* utilities/gm.1: Fix formatting errors in man page gm(1).
* debian/control: Packages comply with version 3.7.3 of Debian policy.
* debian/graphicsmagick.menu: Move section of gm utility from obsolete
section 'Apps' to current 'Applications'.
Files:
493f58f8c67e47fd8dc705873a912ac6 1072 graphics optional
graphicsmagick_1.1.11-1.dsc
16a032350a153d822ac07cae01961a91 6046139 graphics optional
graphicsmagick_1.1.11.orig.tar.gz
1aa844828aa04c2c99b7fd001a436b0c 134429 graphics optional
graphicsmagick_1.1.11-1.diff.gz
4ea93969f20205de4763b961649867e5 951392 graphics optional
graphicsmagick_1.1.11-1_amd64.deb
5be4465724c1c54dd85bdddb3c63833c 1217400 libs optional
libgraphicsmagick1_1.1.11-1_amd64.deb
86b220c97a3c3df59aa2730a6d211044 1589496 libdevel optional
libgraphicsmagick1-dev_1.1.11-1_amd64.deb
a8863f05224b0b48db5fb6c638223af3 260414 libs optional
libgraphicsmagick++1_1.1.11-1_amd64.deb
e391665f10a582956b36d69d90c477ed 543848 libdevel optional
libgraphicsmagick++1-dev_1.1.11-1_amd64.deb
9cbd830876202c8de60983eb5f38b2f3 165340 perl optional
libgraphics-magick-perl_1.1.11-1_amd64.deb
44899ed3a3865f45973b2a99a58afa5f 1460764 graphics extra
graphicsmagick-dbg_1.1.11-1_amd64.deb
850c0ba36f954d148a0617a056cb10bc 11806 graphics extra
graphicsmagick-imagemagick-compat_1.1.11-1_all.deb
9f15ea71ff95fbc2d8b2be8021911711 15336 graphics extra
graphicsmagick-libmagick-dev-compat_1.1.11-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHxJcXpOKIA4m/fisRAr6TAKC4Y/3447qIvNB+874vHNbB0f8qZACcCyIQ
P79IzNAHvXRNzbe7O8N3onM=
=74TW
-----END PGP SIGNATURE-----
--- End Message ---
