Bug#665007: marked as done (CVE-2012-1185 / CVE-2012-1186: incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248)

Thu, 29 Mar 2012 14:21:22 -0700 

Your message dated Thu, 29 Mar 2012 21:19:10 +0000
with message-id <e1sdmkq-0004aa...@franck.debian.org>
and subject line Bug#665007: fixed in imagemagick 8:6.6.9.7-7
has caused the Debian Bug report #665007,
regarding CVE-2012-1185 / CVE-2012-1186: incomplete ImageMagick fixes for 
CVE-2012-0247 / CVE-2012-0248
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
665007: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665007
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: imagemagick
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The original fixes for the ImageMagick issues CVE-2012-0247 and
CVE-2012-0248 are incomplete.

Please see:

http://seclists.org/oss-sec/2012/q1/685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9q/WUACgkQNxpp46476arBQgCeLZLei0zKKvxadUhYfFUpLw6f
EF4An30VihPmJDQmyY8MzuOibIoIT5Yx
=mRjI
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: imagemagick
Source-Version: 8:6.6.9.7-7

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:

imagemagick-common_6.6.9.7-7_all.deb
  to main/i/imagemagick/imagemagick-common_6.6.9.7-7_all.deb
imagemagick-dbg_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/imagemagick-dbg_6.6.9.7-7_amd64.deb
imagemagick-doc_6.6.9.7-7_all.deb
  to main/i/imagemagick/imagemagick-doc_6.6.9.7-7_all.deb
imagemagick_6.6.9.7-7.debian.tar.bz2
  to main/i/imagemagick/imagemagick_6.6.9.7-7.debian.tar.bz2
imagemagick_6.6.9.7-7.dsc
  to main/i/imagemagick/imagemagick_6.6.9.7-7.dsc
imagemagick_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/imagemagick_6.6.9.7-7_amd64.deb
libmagick++-dev_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/libmagick++-dev_6.6.9.7-7_amd64.deb
libmagick++4_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/libmagick++4_6.6.9.7-7_amd64.deb
libmagickcore-dev_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/libmagickcore-dev_6.6.9.7-7_amd64.deb
libmagickcore4-extra_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/libmagickcore4-extra_6.6.9.7-7_amd64.deb
libmagickcore4_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/libmagickcore4_6.6.9.7-7_amd64.deb
libmagickwand-dev_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/libmagickwand-dev_6.6.9.7-7_amd64.deb
libmagickwand4_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/libmagickwand4_6.6.9.7-7_amd64.deb
perlmagick_6.6.9.7-7_amd64.deb
  to main/i/imagemagick/perlmagick_6.6.9.7-7_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 665...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated 
imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 27 Mar 2012 16:47:41 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc 
libmagickcore4 libmagickcore4-extra libmagickcore-dev libmagickwand4 
libmagickwand-dev libmagick++4 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.6.9.7-7
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com>
Description: 
 imagemagick - image manipulation programs
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libmagick++-dev - object-oriented C++ interface to ImageMagick - development 
files
 libmagick++4 - object-oriented C++ interface to ImageMagick
 libmagickcore-dev - low-level image manipulation library - development files
 libmagickcore4 - low-level image manipulation library
 libmagickcore4-extra - low-level image manipulation library - extra codecs
 libmagickwand-dev - image manipulation library - development files
 libmagickwand4 - image manipulation library
 perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 665007
Changes: 
 imagemagick (8:6.6.9.7-7) unstable; urgency=high
 .
   * Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186"
   (Closes: #665007)
   * Bumping urgency to high to fix open security issue in testing
Checksums-Sha1: 
 eb996dc7a57eb423d132f2e77e058a8e4fd815e4 2418 imagemagick_6.6.9.7-7.dsc
 35b1b847d01bfccf5da6e72bb577e2a4377b4b18 44411 
imagemagick_6.6.9.7-7.debian.tar.bz2
 895094f098c2a5122e244ca6e82bcfe43c160845 124656 imagemagick_6.6.9.7-7_amd64.deb
 61fc6a48e331dd7a3a8a15cb66fea27b1623c1f5 4611484 
imagemagick-dbg_6.6.9.7-7_amd64.deb
 f69bbbe6be22f6faf3ea1e2626a954daeadcdab2 112690 
imagemagick-common_6.6.9.7-7_all.deb
 0934a62c05d8dd047d6b7b8260aa05d297b03abd 5538204 
imagemagick-doc_6.6.9.7-7_all.deb
 d0f85cc30c9328a6e6ba4899d203d1a12f6ef3c4 1950676 
libmagickcore4_6.6.9.7-7_amd64.deb
 bb1b3df981ebda14cc61b052a4cfb99fb76adb19 125032 
libmagickcore4-extra_6.6.9.7-7_amd64.deb
 fb35a0e83ead3cddb4ea82fd43b1af8cc377ce69 1295038 
libmagickcore-dev_6.6.9.7-7_amd64.deb
 043b123189cd248367867e1d1cb66c8f48c716eb 442530 
libmagickwand4_6.6.9.7-7_amd64.deb
 2f06e901c56629ee6a915ec7ed3b79744dc9a979 524140 
libmagickwand-dev_6.6.9.7-7_amd64.deb
 0d973a20c9e2fe4e4310616852d7c28e95bee81a 217874 
libmagick++4_6.6.9.7-7_amd64.deb
 7c66c3419c1b8f99b18e8d397e98d2e95a54c808 268926 
libmagick++-dev_6.6.9.7-7_amd64.deb
 0ed5debd278b47255e2d7d418b3bc8358c4ca969 240176 perlmagick_6.6.9.7-7_amd64.deb
Checksums-Sha256: 
 1cb3de433874f324dba0ef5514c046db800a5795dea0d8075803c144b014127f 2418 
imagemagick_6.6.9.7-7.dsc
 7735b914881d5369b3c347920db688f1d32f470ac0a7f0084d8e7a5916e6e050 44411 
imagemagick_6.6.9.7-7.debian.tar.bz2
 9dbe49528153cc27e608102f576e0a889f957dbc186eefb03262abecd9c0816b 124656 
imagemagick_6.6.9.7-7_amd64.deb
 1090b248b8ed4e3b339ffca59380246351335ec89eead17ca4bc1290b71c86a3 4611484 
imagemagick-dbg_6.6.9.7-7_amd64.deb
 9619986bda0e6ba3b916acaf2215956376440615bf21f4d673d80c0f5fd6be23 112690 
imagemagick-common_6.6.9.7-7_all.deb
 8cf5fd2ef7f44a0db539678960fe2d4652941cc9483b90301bae8f2b24de9667 5538204 
imagemagick-doc_6.6.9.7-7_all.deb
 080ae70f47b1b9a374b7c68b70c9ed4c9748cb4ade9bb821b000b963d4930498 1950676 
libmagickcore4_6.6.9.7-7_amd64.deb
 5939e52dc9b5e714d4d091889c3b6558b72d2862868abff0305cf7f1827d2fb1 125032 
libmagickcore4-extra_6.6.9.7-7_amd64.deb
 6cd0851ab7663da199560c828042ec0847eecd6799a02431f42fec8923c993ad 1295038 
libmagickcore-dev_6.6.9.7-7_amd64.deb
 ac05daf3f7a297acfb830d49e6057445ff36e0705bb6d3252bebd056b34ad736 442530 
libmagickwand4_6.6.9.7-7_amd64.deb
 e9c01a9bf0e3a9a6c853eb380c707d3adf4e9a3fa02fc4539490b99c62f85310 524140 
libmagickwand-dev_6.6.9.7-7_amd64.deb
 e97ca2c772432a9e14376ee4ef3734a230bc1b02368e23ca06170defcc80299a 217874 
libmagick++4_6.6.9.7-7_amd64.deb
 90895f39a0203a339744e820a295429cef86f6627b02b7e2499a3070ae0babee 268926 
libmagick++-dev_6.6.9.7-7_amd64.deb
 0abf9fdf9ce8033fbcfb312f94ff050aff9d692769e4e28b8db6e82b4407a701 240176 
perlmagick_6.6.9.7-7_amd64.deb
Files: 
 4a7803d456a48af8e28c7ae63df21710 2418 graphics optional 
imagemagick_6.6.9.7-7.dsc
 25f7edaecfa88772ff6a3fee57248d05 44411 graphics optional 
imagemagick_6.6.9.7-7.debian.tar.bz2
 78a0033fa259fc021476ce99e6011a5d 124656 graphics optional 
imagemagick_6.6.9.7-7_amd64.deb
 74af50ad60b7ee85a2644194070dc1be 4611484 debug extra 
imagemagick-dbg_6.6.9.7-7_amd64.deb
 c5a1c81d06dfa1fcc07760c7e4122edd 112690 graphics optional 
imagemagick-common_6.6.9.7-7_all.deb
 610c3a9871f2b25088b61046025fbf4b 5538204 doc optional 
imagemagick-doc_6.6.9.7-7_all.deb
 6206f55c3bd2dee2adef4c5fb73aa1bd 1950676 libs optional 
libmagickcore4_6.6.9.7-7_amd64.deb
 0b489ddc474ea4e2ab4a7aedc7dd7eee 125032 libs optional 
libmagickcore4-extra_6.6.9.7-7_amd64.deb
 8ae48236f763bb129f949c69c943b0ba 1295038 libdevel optional 
libmagickcore-dev_6.6.9.7-7_amd64.deb
 a87d6df3120a854f0b60a25ce893db23 442530 libs optional 
libmagickwand4_6.6.9.7-7_amd64.deb
 897426fc85be571314dbdaf0390a7e90 524140 libdevel optional 
libmagickwand-dev_6.6.9.7-7_amd64.deb
 ceb774a9a0cfb5f063d573fbeeca9d4f 217874 libs optional 
libmagick++4_6.6.9.7-7_amd64.deb
 cca048af558c68494dc96a04f0477884 268926 libdevel optional 
libmagick++-dev_6.6.9.7-7_amd64.deb
 e8618445171afbf0ce1936b53554fd26 240176 perl optional 
perlmagick_6.6.9.7-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk90u+8ACgkQx/UhwSKygspR/QCgvbUVmJ1OYcIQ0oDQbiCvuRyp
43sAn1JpN8nPdYzuuJnKO2ZpjaRrqV/m
=/L4i
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to