Your message dated Wed, 22 Feb 2012 22:32:39 +0000
with message-id <e1s0kjn-0006zp...@franck.debian.org>
and subject line Bug#659339: fixed in imagemagick 8:6.6.9.7-6
has caused the Debian Bug report #659339,
regarding imagemagick: Invalid validation DoS CVE-2012-0247/CVE-2012-02478
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
659339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659339
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Version: 8:6.6.0.4-3
Severity: important
Tags: security
Concerning ImageMagick 6.7.5-0 and earlier:
CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset
and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes
into an invalid address.
CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all
IOP tags' value offsets point to the beginning of the IFD itself. As a result,
ImageMagick parses the IFD structure indefinitely, causing a denial of service.
For more details please read:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages imagemagick depends on:
ii libbz2-1.0 1.0.5-6+squeeze1 high-quality block-sorting file co
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1+squeeze3 FreeType 2 font engine, shared lib
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgomp1 4.4.5-8 GCC OpenMP (GOMP) support library
ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii liblcms1 1.18.dfsg-1.2+b3 Color management library
ii liblqr-1-0 0.4.1-1 converts plain array images into m
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libmagickcore3 8:6.6.0.4-3 low-level image manipulation libra
ii libmagickwand3 8:6.6.0.4-3 image manipulation library
ii libsm6 2:1.1.1-1 X11 Session Management library
ii libtiff4 3.9.4-5+squeeze3 Tag Image File Format (TIFF) libra
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages imagemagick recommends:
ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF
ii libmagickcore3-extra 8:6.6.0.4-3 low-level image manipulation libra
ii netpbm 2:10.0-12.2+b1 Graphics conversion tools between
ii ufraw-batch 0.16-3+b1 batch importer for raw camera imag
Versions of packages imagemagick suggests:
pn autotrace <none> (no description available)
pn cups-bsd | lpr <none> (no description available)
ii curl 7.21.0-2.1+squeeze1 Get a file from an HTTP, HTTPS or
pn enscript <none> (no description available)
pn ffmpeg <none> (no description available)
ii gimp 2.6.10-1+squeeze1 The GNU Image Manipulation Program
ii gnuplot 4.4.0-1.1 A command-line driven interactive
pn grads <none> (no description available)
ii groff-base 1.20.1-10 GNU troff text-formatting system (
pn hp2xx <none> (no description available)
pn html2ps <none> (no description available)
pn imagemagick-doc <none> (no description available)
pn libwmf-bin <none> (no description available)
ii mplayer 2:1.0~rc3++final.dfsg1-1 movie player for Unix-like systems
pn povray <none> (no description available)
pn radiance <none> (no description available)
ii sane-utils 1.0.21-9 API library for scanners -- utilit
ii texlive-binarie 2009-8 Binaries for TeX Live
ii transfig 1:3.2.5.c-1 Utilities for converting XFig figu
ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities from
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.6.9.7-6
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick-common_6.6.9.7-6_all.deb
to main/i/imagemagick/imagemagick-common_6.6.9.7-6_all.deb
imagemagick-dbg_6.6.9.7-6_amd64.deb
to main/i/imagemagick/imagemagick-dbg_6.6.9.7-6_amd64.deb
imagemagick-doc_6.6.9.7-6_all.deb
to main/i/imagemagick/imagemagick-doc_6.6.9.7-6_all.deb
imagemagick_6.6.9.7-6.debian.tar.bz2
to main/i/imagemagick/imagemagick_6.6.9.7-6.debian.tar.bz2
imagemagick_6.6.9.7-6.dsc
to main/i/imagemagick/imagemagick_6.6.9.7-6.dsc
imagemagick_6.6.9.7-6_amd64.deb
to main/i/imagemagick/imagemagick_6.6.9.7-6_amd64.deb
libmagick++-dev_6.6.9.7-6_amd64.deb
to main/i/imagemagick/libmagick++-dev_6.6.9.7-6_amd64.deb
libmagick++4_6.6.9.7-6_amd64.deb
to main/i/imagemagick/libmagick++4_6.6.9.7-6_amd64.deb
libmagickcore-dev_6.6.9.7-6_amd64.deb
to main/i/imagemagick/libmagickcore-dev_6.6.9.7-6_amd64.deb
libmagickcore4-extra_6.6.9.7-6_amd64.deb
to main/i/imagemagick/libmagickcore4-extra_6.6.9.7-6_amd64.deb
libmagickcore4_6.6.9.7-6_amd64.deb
to main/i/imagemagick/libmagickcore4_6.6.9.7-6_amd64.deb
libmagickwand-dev_6.6.9.7-6_amd64.deb
to main/i/imagemagick/libmagickwand-dev_6.6.9.7-6_amd64.deb
libmagickwand4_6.6.9.7-6_amd64.deb
to main/i/imagemagick/libmagickwand4_6.6.9.7-6_amd64.deb
perlmagick_6.6.9.7-6_amd64.deb
to main/i/imagemagick/perlmagick_6.6.9.7-6_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 659...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Fourmond <fourm...@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 22 Feb 2012 23:08:56 +0100
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc
libmagickcore4 libmagickcore4-extra libmagickcore-dev libmagickwand4
libmagickwand-dev libmagick++4 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.6.9.7-6
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Vincent Fourmond <fourm...@debian.org>
Description:
imagemagick - image manipulation programs
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development
files
libmagick++4 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore4 - low-level image manipulation library
libmagickcore4-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand4 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 659339
Changes:
imagemagick (8:6.6.9.7-6) unstable; urgency=high
.
* Security bug fix: "Invalid validation DoS
CVE-2012-0247/CVE-2012-02478", thanks to Henri Salo (Closes: #659339).
* Bumping urgency to high to fix open security issue in testing
* Apply patch from revision r6606 to fix compilation with newer zlib.
Checksums-Sha1:
781652fc80afd6b6e6ead603d69eec7ac233285e 2418 imagemagick_6.6.9.7-6.dsc
a58f0e3de997c7480e4421ce97522e5dc791eef4 43574
imagemagick_6.6.9.7-6.debian.tar.bz2
f9cb5fd3d7ec5c1a29721620b0a53d87067331d8 124604 imagemagick_6.6.9.7-6_amd64.deb
bad0ce1426d14b032179934c746c378ffcb65854 4611590
imagemagick-dbg_6.6.9.7-6_amd64.deb
8aefe1431f8cd5fb687674e501f3f7b29017c19a 112658
imagemagick-common_6.6.9.7-6_all.deb
f551313295b8de643220a9852271e5b227612571 5538198
imagemagick-doc_6.6.9.7-6_all.deb
341ce34ceb45b124b6d73c4339fd40c52c957ce7 1950666
libmagickcore4_6.6.9.7-6_amd64.deb
ddc7eaf80f9c8294bb090628f8dc4228825b280b 124966
libmagickcore4-extra_6.6.9.7-6_amd64.deb
ba120e601097cd936e09c7a15f8964fec1907f1b 1295020
libmagickcore-dev_6.6.9.7-6_amd64.deb
938adedd56e8a81464271360a6eae4c767453523 442506
libmagickwand4_6.6.9.7-6_amd64.deb
96d7374d126e6ccda81ecfabadb21c2b07c886a7 524138
libmagickwand-dev_6.6.9.7-6_amd64.deb
92be883d65c36fe0f278cb8b29cb90f920f1bc94 217794
libmagick++4_6.6.9.7-6_amd64.deb
770facde14c46013d66123301ff15fbd4bbd9c1a 268874
libmagick++-dev_6.6.9.7-6_amd64.deb
f49d408e2b3a6c44cc96116fb519bc7a3f60ae9c 240112 perlmagick_6.6.9.7-6_amd64.deb
Checksums-Sha256:
1e648ba06f1f4e84ac0728b4fe79d85f7ce568ca93b6d0befa7d1f9e23f15eb6 2418
imagemagick_6.6.9.7-6.dsc
673cf0bb0bec51022e656e1b92cd927eccc09d838d3b8b4340764d75800b5d53 43574
imagemagick_6.6.9.7-6.debian.tar.bz2
aae20f3060e90f1889965a35f0904ae6b15b4f6d2b9d060984aac00a8279a028 124604
imagemagick_6.6.9.7-6_amd64.deb
be4ebede0600e103985542ada073faf48581c5a605bd378ed4b80f71c6c7f752 4611590
imagemagick-dbg_6.6.9.7-6_amd64.deb
439c7e7d0aad58ea1c73e170eebd07c94adbfc3b2205fa717724a8235431a5f5 112658
imagemagick-common_6.6.9.7-6_all.deb
abf4c32b73a34b3dd5d02630791e20987e7b9f7b5c40aec010437748642cf8ab 5538198
imagemagick-doc_6.6.9.7-6_all.deb
80c975fdb5ddc2db51b0ab64c0e4d6906f1b7083948863859edcab22d5369495 1950666
libmagickcore4_6.6.9.7-6_amd64.deb
e409138829c7acf8f6c99821baa488849a5a51faef6226b64105a41fd391e0d0 124966
libmagickcore4-extra_6.6.9.7-6_amd64.deb
17466c9c735ee40b0a052c293e6382f00c558e85a1dadb1e3f8497c9763d2d75 1295020
libmagickcore-dev_6.6.9.7-6_amd64.deb
27b41a3da5038c399c9166299d059121ba45620f1b268d2c16a3a94b509512e4 442506
libmagickwand4_6.6.9.7-6_amd64.deb
9a4cc6d614a8a32a85d810cc92ebb5b33c2b2dbad0c0d0808e16ed91b634ac0d 524138
libmagickwand-dev_6.6.9.7-6_amd64.deb
42cc929acc5237819cb954f2f703010c746764102d05ef1f3ccbd253207ed671 217794
libmagick++4_6.6.9.7-6_amd64.deb
8bfa690a2447129a1ae386144fcdfc5d246442d775564d13fb6787f48ab3d2f8 268874
libmagick++-dev_6.6.9.7-6_amd64.deb
50f7c52f606b07317a84a0e21cfc4a9338196de79c208cb33a86d2bfc39a13b7 240112
perlmagick_6.6.9.7-6_amd64.deb
Files:
bd88f2342e2ac785ee51deea333c598b 2418 graphics optional
imagemagick_6.6.9.7-6.dsc
c683dc9a5013501e2b73e59b96c18d86 43574 graphics optional
imagemagick_6.6.9.7-6.debian.tar.bz2
de2b65229d4f30c1990a1e5983b8a8f0 124604 graphics optional
imagemagick_6.6.9.7-6_amd64.deb
d8c3fecaf4215a26416a791aa2d236fd 4611590 debug extra
imagemagick-dbg_6.6.9.7-6_amd64.deb
e67efe11f907be930000e3084d830578 112658 graphics optional
imagemagick-common_6.6.9.7-6_all.deb
f7babe9e45567b9f0af2b5c2a950b65c 5538198 doc optional
imagemagick-doc_6.6.9.7-6_all.deb
bcdeec1cc6202a089b750a2af6e6665f 1950666 libs optional
libmagickcore4_6.6.9.7-6_amd64.deb
4e058fecc0a50130cdcc58251d6c87a8 124966 libs optional
libmagickcore4-extra_6.6.9.7-6_amd64.deb
62078e149317c73f15932ebe3d47d3f4 1295020 libdevel optional
libmagickcore-dev_6.6.9.7-6_amd64.deb
5d2734bdb281d32a936e0a841e3b491d 442506 libs optional
libmagickwand4_6.6.9.7-6_amd64.deb
2cc3c1f69318f379a25091a2d5cc612d 524138 libdevel optional
libmagickwand-dev_6.6.9.7-6_amd64.deb
0cdb106829036b05709a17ce444a7c6a 217794 libs optional
libmagick++4_6.6.9.7-6_amd64.deb
bd8fa45cc7a987af8236d91a7f9c1d4b 268874 libdevel optional
libmagick++-dev_6.6.9.7-6_amd64.deb
55ca8ab9611c3e15108195d09800d7f5 240112 perl optional
perlmagick_6.6.9.7-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk9FatUACgkQx/UhwSKygsrkwACfYo8nHi+kE/dEaIRWnDgC0nPw
0XUAn2vYNspeZfcGNXvzFJIrbZ1Z2O/h
=mKZT
-----END PGP SIGNATURE-----
--- End Message ---
