Your message dated Wed, 12 Aug 2009 19:57:16 +0000
with message-id <e1mbjwi-0008mh...@ries.debian.org>
and subject line Bug#530838: fixed in imagemagick 7:6.3.7.9.dfsg2-1~lenny3
has caused the Debian Bug report #530838,
regarding CVE-2009-1882: ImageMagick Integer Overflow Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
530838: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530838
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for imagemagick:
SA35216[0]:
> DESCRIPTION:
> Tielei Wang has discovered a vulnerability in ImageMagick, which can
> be exploited by malicious people to potentially compromise a user's
> system.
>
> The vulnerability is caused due to an integer overflow error within
> the "XMakeImage()" function in magick/xwindow.c. This can be
> exploited to cause a buffer overflow via e.g. a specially crafted
> TIFF file.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerability is confirmed in version 6.5.2-8. Prior versions may
> also be affected.
>
> SOLUTION:
> Update to version 6.5.2-9.
>
> PROVIDED AND/OR DISCOVERED BY:
> Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
> Security, Institute of Computer Science and Technology, Peking
> University)
>
> ORIGINAL ADVISORY:
> ImageMagick:
> http://imagemagick.org/script/changelog.php
If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.
[0]http://secunia.com/advisories/35216/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoeOU8ACgkQNxpp46476apsTACfeXUukW4HpJRAEzEv/EuPfOHZ
8sIAn2iR9jkY0FdIPJVJ6ewcY3UB853d
=yTEV
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 7:6.3.7.9.dfsg2-1~lenny3
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
to pool/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
to pool/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
to pool/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
to pool/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
to pool/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 530...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luciano Bello <luci...@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 07 Aug 2009 19:56:02 -0300
Source: imagemagick
Binary: imagemagick libmagick10 libmagick9-dev libmagick++10 libmagick++9-dev
perlmagick
Architecture: source i386
Version: 7:6.3.7.9.dfsg2-1~lenny3
Distribution: stable-security
Urgency: high
Maintainer: Luciano Bello <luci...@debian.org>
Changed-By: Luciano Bello <luci...@debian.org>
Description:
imagemagick - image manipulation programs
libmagick++10 - C++ API to the ImageMagick library
libmagick++9-dev - C++ API to the ImageMagick library - development files
libmagick10 - image manipulation library
libmagick9-dev - image manipulation library - development files
perlmagick - Perl interface to the libMagick graphics routines
Closes: 530838
Changes:
imagemagick (7:6.3.7.9.dfsg2-1~lenny3) stable-security; urgency=high
.
* Apply upstream patch to fix integer overflow in XMakeImage()
(CVE-2009-1882). Closes: #530838
Checksums-Sha1:
70f5f44cddfdee775781d91a641e4db0707fd44a 1714
imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
1acad213a7ec314dddf017e2c459fea8d4a6076b 8227844
imagemagick_6.3.7.9.dfsg2.orig.tar.gz
ca45e53c666a3a81c8126b4b94d1e53ce2e3353c 88277
imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
762a20a70af76068c2177ff5da8f4b8cafca6f9e 1428358
imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
ae5ca7b58cb93b0eb5633456cc4bdf2a4f774d47 4027048
libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
2b9ea1fbcc4a2dd85d235c3ce8bf0d4a3f92fd9b 1195668
libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
820afb04382a18de6f063e3e1109e65e3af4caa9 174864
libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
7ea40976d8c4d18776a390fb5f312923ae5c4cd7 202288
libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
ba219b7906114f3a5f8f32d32e790d096cc81bef 170000
perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
Checksums-Sha256:
d4f3d8c15616f34ed0c2bdd9c78f98399a441505a6d9b6c3d4aea7e7cdb6a569 1714
imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
681fe3dc1ff9671e38c4409396baaa03dc5331df2c6fc16648c139db24fcd813 8227844
imagemagick_6.3.7.9.dfsg2.orig.tar.gz
c25ac73dd33252de7c610b9fc742329554df4f8297401ccf9524ba4943d3b714 88277
imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
b06491a0b71666ece8a6f2f084b917638a1aeeab74bd7289d537a514d6c02530 1428358
imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
b52b9a47a7abe0466f3a6b81e2e7bf0e76123971c6ec4bbf86ca373f83002b90 4027048
libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
a58ef321d5ff681b2ef143297e434752e5c66577574dff58a646520f6403c5f3 1195668
libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
b90119c925b65f2a40fe6a0bd03b42c6f0b117c3722afe6b285551ec5d533a88 174864
libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
ede1961e9fd89c12f9ff075e901999fa8941a08b1038422287a2bdb4afa65f3a 202288
libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
80a9fbcc0cd2a9ca602e68c6b6bf42d2f4f30239abb6be11e7a2ed74a4b368bb 170000
perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
Files:
22f4afd84d6362ebceb44ceaead527b9 1714 graphics optional
imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
14425de4d5d78b7726973af967e1f9e6 8227844 graphics optional
imagemagick_6.3.7.9.dfsg2.orig.tar.gz
49ac2394a701ce7bf273dfa76d27b24d 88277 graphics optional
imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
b6770fe23b426f787145f155ecc96cbf 1428358 graphics optional
imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
3dac656cd42811ff7c57e39a37992f28 4027048 libs optional
libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
70bc31bb80ec24755d3ee398db3599d8 1195668 libdevel optional
libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
ef32b51ff99d7b2f2b1948710024349f 174864 libs optional
libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
c70896121f72ba54e6cde6fe39a880e9 202288 libdevel optional
libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
9246afbdf5752af72e1ae72fb2cef44b 170000 perl optional
perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp+5y0ACgkQQWTRs4lLtHmq+ACeJIgb22kUAlAvaYyHr0ChwBSu
m+EAnj/jOzuaKxff2dnDUzmKYKjsZQhf
=VxID
-----END PGP SIGNATURE-----
--- End Message ---
