Your message dated Sun, 13 Sep 2009 17:19:57 +0000
with message-id <e1mmsk1-0002lp...@ries.debian.org>
and subject line Bug#530946: fixed in graphicsmagick 1.3.5-5.1
has caused the Debian Bug report #530946,
regarding CVE-2009-1882: ImageMagick Integer Overflow Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
530946: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530946
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for imagemagick:
SA35216[0]:
> DESCRIPTION:
> Tielei Wang has discovered a vulnerability in ImageMagick, which can
> be exploited by malicious people to potentially compromise a user's
> system.
>
> The vulnerability is caused due to an integer overflow error within
> the "XMakeImage()" function in magick/xwindow.c. This can be
> exploited to cause a buffer overflow via e.g. a specially crafted
> TIFF file.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerability is confirmed in version 6.5.2-8. Prior versions may
> also be affected.
>
> SOLUTION:
> Update to version 6.5.2-9.
>
> PROVIDED AND/OR DISCOVERED BY:
> Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
> Security, Institute of Computer Science and Technology, Peking
> University)
>
> ORIGINAL ADVISORY:
> ImageMagick:
> http://imagemagick.org/script/changelog.php
If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.
[0]http://secunia.com/advisories/35216/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoeOU8ACgkQNxpp46476apsTACfeXUukW4HpJRAEzEv/EuPfOHZ
8sIAn2iR9jkY0FdIPJVJ6ewcY3UB853d
=yTEV
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.3.5-5.1
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive:
graphicsmagick-dbg_1.3.5-5.1_amd64.deb
to pool/main/g/graphicsmagick/graphicsmagick-dbg_1.3.5-5.1_amd64.deb
graphicsmagick-imagemagick-compat_1.3.5-5.1_all.deb
to
pool/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.3.5-5.1_all.deb
graphicsmagick-libmagick-dev-compat_1.3.5-5.1_all.deb
to
pool/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.3.5-5.1_all.deb
graphicsmagick_1.3.5-5.1.diff.gz
to pool/main/g/graphicsmagick/graphicsmagick_1.3.5-5.1.diff.gz
graphicsmagick_1.3.5-5.1.dsc
to pool/main/g/graphicsmagick/graphicsmagick_1.3.5-5.1.dsc
graphicsmagick_1.3.5-5.1_amd64.deb
to pool/main/g/graphicsmagick/graphicsmagick_1.3.5-5.1_amd64.deb
libgraphics-magick-perl_1.3.5-5.1_amd64.deb
to pool/main/g/graphicsmagick/libgraphics-magick-perl_1.3.5-5.1_amd64.deb
libgraphicsmagick++1-dev_1.3.5-5.1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.3.5-5.1_amd64.deb
libgraphicsmagick++3_1.3.5-5.1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++3_1.3.5-5.1_amd64.deb
libgraphicsmagick1-dev_1.3.5-5.1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick1-dev_1.3.5-5.1_amd64.deb
libgraphicsmagick3_1.3.5-5.1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick3_1.3.5-5.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 530...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuse...@iuculano.it> (supplier of updated graphicsmagick
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 10 Sep 2009 19:08:13 +0200
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev
libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl
graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat
graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.5-5.1
Distribution: unstable
Urgency: high
Maintainer: Daniel Kobras <kob...@debian.org>
Changed-By: Giuseppe Iuculano <giuse...@iuculano.it>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing
ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing
ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++1-dev - format-independent image processing - C++
development files
libgraphicsmagick++3 - format-independent image processing - C++ shared library
libgraphicsmagick1-dev - format-independent image processing - C development
files
libgraphicsmagick3 - format-independent image processing - C shared library
Closes: 530946
Changes:
graphicsmagick (1.3.5-5.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fixed integer overflow in XMakeImage function in xwindow.c
(Closes: #530946) (CVE-2009-1882)
Checksums-Sha1:
f1f4c2d2204eba1898f3a5040fed39284b62dbb0 2163 graphicsmagick_1.3.5-5.1.dsc
8ae1eb46c02fee7d9177a229da42910fd88ab3fd 158094
graphicsmagick_1.3.5-5.1.diff.gz
920dab69fa2354145c020d40bdc82bdef102ecf4 1138160
graphicsmagick_1.3.5-5.1_amd64.deb
173277615ce054ce38a742dd2a3faff4ffd915d6 1284596
libgraphicsmagick3_1.3.5-5.1_amd64.deb
d74aeb54d0d11b623928794c7fd45ab2944f3784 1782182
libgraphicsmagick1-dev_1.3.5-5.1_amd64.deb
952263ea66229cf0350390c97000bfda671b27d4 177644
libgraphicsmagick++3_1.3.5-5.1_amd64.deb
347b348f08021a6c2cb5f217f8fc2ecceaf6aad5 467878
libgraphicsmagick++1-dev_1.3.5-5.1_amd64.deb
9976bba8825fc43679a13dd800148f5a4b8358b0 102552
libgraphics-magick-perl_1.3.5-5.1_amd64.deb
74e679ccef0c2764dd535738d92ed92300811555 2168272
graphicsmagick-dbg_1.3.5-5.1_amd64.deb
24d6acd070ab307e6f703cd8772707e168ff0e4e 14480
graphicsmagick-imagemagick-compat_1.3.5-5.1_all.deb
87481788c5d15e929c8f5bd7cc1d21ec056ae414 18050
graphicsmagick-libmagick-dev-compat_1.3.5-5.1_all.deb
Checksums-Sha256:
dbca8cc96d6b8c3189260a7747eeb4434bb6f9bab7187654df9fd3751449ea0a 2163
graphicsmagick_1.3.5-5.1.dsc
0e421b11d86b4eb9ccbe424080070dcd3430481e5955ccc61cb3a8137ca02c75 158094
graphicsmagick_1.3.5-5.1.diff.gz
e58227e76156dcb0cd31914a3afdd91b20b0b924a4db6b6d35973bc44786fecb 1138160
graphicsmagick_1.3.5-5.1_amd64.deb
f15b719c298a53bc778171da3125f886209545441deca1a2062210700ab1d39e 1284596
libgraphicsmagick3_1.3.5-5.1_amd64.deb
d1ea3d1a53de39375109d3ed507e1d34dfbae305cc8e139ab5784f87a5bff26c 1782182
libgraphicsmagick1-dev_1.3.5-5.1_amd64.deb
52b2268dfeb327c541ebb2ae39f22af73ac8ca39a4c3213f566d13f1a41d90e2 177644
libgraphicsmagick++3_1.3.5-5.1_amd64.deb
f1cd81421a293eda499816402cc12fc8f2f2ca41e4da4d0fd2086253a03d2787 467878
libgraphicsmagick++1-dev_1.3.5-5.1_amd64.deb
4f45b77077550194fd27d026055023150bbba1643c7165d0876dd9c9464e3af8 102552
libgraphics-magick-perl_1.3.5-5.1_amd64.deb
f5552d3b4b0c7c806496b2255c4c6fd42dbbc51be0f403b4d1dbc765ad0990d3 2168272
graphicsmagick-dbg_1.3.5-5.1_amd64.deb
b402593d57be89bc4f01f50c2ae1d696a948f7e4d41bd0b08af54626d43312cb 14480
graphicsmagick-imagemagick-compat_1.3.5-5.1_all.deb
1d91d341ac7b4b55f922abf26771722fc0a76dfa0da6b90f9f4808870d4fe5bf 18050
graphicsmagick-libmagick-dev-compat_1.3.5-5.1_all.deb
Files:
46f1a8d5c89189bd8b64da0c5bcf6c63 2163 graphics optional
graphicsmagick_1.3.5-5.1.dsc
b7164fb42e91f6a742ba8604d29de236 158094 graphics optional
graphicsmagick_1.3.5-5.1.diff.gz
530d0fe2f790ba20ccdca988950f6f2c 1138160 graphics optional
graphicsmagick_1.3.5-5.1_amd64.deb
878dad9c3fb251d3110c84f51337e885 1284596 libs optional
libgraphicsmagick3_1.3.5-5.1_amd64.deb
ba07e307b60e131697215e163e239790 1782182 libdevel optional
libgraphicsmagick1-dev_1.3.5-5.1_amd64.deb
95a529733299f9d945dfc82bdc4d186f 177644 libs optional
libgraphicsmagick++3_1.3.5-5.1_amd64.deb
5cddd991f6f2f35aa5823aecfdf4a89d 467878 libdevel optional
libgraphicsmagick++1-dev_1.3.5-5.1_amd64.deb
aaffaf0dde9f2a695991d364c113bd76 102552 perl optional
libgraphics-magick-perl_1.3.5-5.1_amd64.deb
b96f32697d9ecd726e738e14c72f4e74 2168272 debug extra
graphicsmagick-dbg_1.3.5-5.1_amd64.deb
8064714a345fab2bd8351e6ac853056f 14480 graphics extra
graphicsmagick-imagemagick-compat_1.3.5-5.1_all.deb
a9b1a89db3a9ad45e47a929f2e371749 18050 graphics extra
graphicsmagick-libmagick-dev-compat_1.3.5-5.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJKrQa8AAoJEB5qw/OH8O2sU8UP/AlE0KJpZ9XN4BXiyX4AQdXR
Xwjv6vxlOycLqHEhXbop2IobIRYQe7vjVHEkFH2025ulxUGjg7BZRj4PsklMpMyJ
YKyJryo5XWETIsCK2I1BBYXfX53BJtjvvhZf8dA/pnIQIjQZjEEbqbyvBK6OqIiK
n1UsF+tKDrB5K+vPv+9aubj7hy/1TSi6o+Hrxps/epG4mgZn064/wbtzTZnwEWZH
Hrkovo1u7NvPJelBWF4h0Mwj8TmDujJlSHiXcbsj9zPvQMFBVowcXM/dGxwonlrn
8dj2Eh3ngM0IvlnNW+tYZBPuSAK6+0Yu8uKDOJ0hTjwf6k/nDPJTpWis0u84amt4
jMWHd/JRyhJpltT9mQ8dfRyKqKmm+K9/7SYw6if5gqKkt6USSo+i5vOOve1NogFt
MugMX/fUaMQGwpSAr69yIQnHK/HtVQ7ljeBk4T2k0Vn+HYLlaHwlmAhNZlUhXPv/
O5vDxns7sM0rmSBq9eJFQgVQK8zVyeKBGLPrzAUvVEpftqMpno4BJvBxljP/V1Xx
hO+lqcgl3iOMjCaz2PoAXFwthJcNJyi7M8ryK+zQFWmKtlH7MWitQ3xNzwmV7SdK
XfiDn/IXbPVeCGbxIGIMxtLsyNyiCgLZjXQI6Gas+nI3su+DY1wU7l7FeESD+/+4
N90WtTsob3ooi/VjZBv8
=5s3S
-----END PGP SIGNATURE-----
--- End Message ---
