Your message dated Wed, 11 Apr 2012 22:00:37 +0000
with message-id <e1si5af-0007z2...@franck.debian.org>
and subject line Bug#667635: fixed in imagemagick 8:6.7.4.0-4
has caused the Debian Bug report #667635,
regarding CVE-2012-0259 / CVE-2012-0260 / CVE-2012-1798 / CVE-2012-1610
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
667635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667635
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Severity: grave
Tags: security
New Imagemagick issues have been discovered:
http://www.cert.fi/en/reports/2012/vulnerability635606.html
Not that the upstream fix for CVE-2012-0259 was incomplete. For the incomplete
patch, CVE-2012-1610 has been assigned.
Red Hat Bugzilla contains a more detailed writeup:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0260
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1798
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.7.4.0-4
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick-common_6.7.4.0-4_all.deb
to main/i/imagemagick/imagemagick-common_6.7.4.0-4_all.deb
imagemagick-dbg_6.7.4.0-4_amd64.deb
to main/i/imagemagick/imagemagick-dbg_6.7.4.0-4_amd64.deb
imagemagick-doc_6.7.4.0-4_all.deb
to main/i/imagemagick/imagemagick-doc_6.7.4.0-4_all.deb
imagemagick_6.7.4.0-4.debian.tar.bz2
to main/i/imagemagick/imagemagick_6.7.4.0-4.debian.tar.bz2
imagemagick_6.7.4.0-4.dsc
to main/i/imagemagick/imagemagick_6.7.4.0-4.dsc
imagemagick_6.7.4.0-4_amd64.deb
to main/i/imagemagick/imagemagick_6.7.4.0-4_amd64.deb
libmagick++-dev_6.7.4.0-4_amd64.deb
to main/i/imagemagick/libmagick++-dev_6.7.4.0-4_amd64.deb
libmagick++5_6.7.4.0-4_amd64.deb
to main/i/imagemagick/libmagick++5_6.7.4.0-4_amd64.deb
libmagickcore-dev_6.7.4.0-4_amd64.deb
to main/i/imagemagick/libmagickcore-dev_6.7.4.0-4_amd64.deb
libmagickcore5-extra_6.7.4.0-4_amd64.deb
to main/i/imagemagick/libmagickcore5-extra_6.7.4.0-4_amd64.deb
libmagickcore5_6.7.4.0-4_amd64.deb
to main/i/imagemagick/libmagickcore5_6.7.4.0-4_amd64.deb
libmagickwand-dev_6.7.4.0-4_amd64.deb
to main/i/imagemagick/libmagickwand-dev_6.7.4.0-4_amd64.deb
libmagickwand5_6.7.4.0-4_amd64.deb
to main/i/imagemagick/libmagickwand5_6.7.4.0-4_amd64.deb
perlmagick_6.7.4.0-4_amd64.deb
to main/i/imagemagick/perlmagick_6.7.4.0-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 667...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated
imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 10 Apr 2012 17:24:02 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc
libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5
libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.7.4.0-4
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com>
Description:
imagemagick - image manipulation programs
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development
files
libmagick++5 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore5 - low-level image manipulation library
libmagickcore5-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand5 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 667635
Changes:
imagemagick (8:6.7.4.0-4) unstable; urgency=high
.
* Fix CVE-2012-0259 / CVE-2012-0260 / CVE-2012-1798 /
CVE-2012-1610 (Closes: #667635)
- Vulnerability CVE-2012-0259 can cause a DoS in a system
via handing JPEG files with invalid EXIF XResolution tag.
- Vulnerability CVE-2012-0260 can lead to excessive use of
memory in target system, when processing a malicious JPEG file.
Excessive use of memory can lead to denial of service.
- Vulnerability CVE-2012-1798 can cause program to crash when
reading invalid memory, while parsing EXIF IFD in a TIFF file.
- Vulnerability CVE-2012-1610 Fix a Potential EXIF Integer Overflow
* Fix menu file to run display.im6 instead of display (fix lintian warning)
Checksums-Sha1:
90c66df5a283f4f30d325873da1fd61e9e889837 2434 imagemagick_6.7.4.0-4.dsc
864e52435d1398faa605ee975c44f59392a92520 43735
imagemagick_6.7.4.0-4.debian.tar.bz2
1a6d94d4367e8de4cf711db2fa57a508c3ecdd50 130028 imagemagick_6.7.4.0-4_amd64.deb
ab9bcfae072e03824df353082163cdb02eb40520 4762214
imagemagick-dbg_6.7.4.0-4_amd64.deb
e2b58b3218d7c5b68e8cd0efae1651da2446fc5e 175554
imagemagick-common_6.7.4.0-4_all.deb
447cee930dab09c7b548b7adfb5f9750c4389b88 5576876
imagemagick-doc_6.7.4.0-4_all.deb
d1fc9159ce3d19406c5e82b3ced6d63cf18dd16d 2040648
libmagickcore5_6.7.4.0-4_amd64.deb
40eb8ae5dff353ec13f1fb102a4fea5154f91f5e 131524
libmagickcore5-extra_6.7.4.0-4_amd64.deb
c773167cf969b53cefc80b9de41634726201f292 1361784
libmagickcore-dev_6.7.4.0-4_amd64.deb
b5124fab160cea86e0c75efc770eadd9249c29ee 447772
libmagickwand5_6.7.4.0-4_amd64.deb
efd04b25c8970f71f6a32277271a21c7c37cd73f 528644
libmagickwand-dev_6.7.4.0-4_amd64.deb
97f87b1e618467be24d83097fc6c48b151f7d6e5 224352
libmagick++5_6.7.4.0-4_amd64.deb
ff5a2c985d10995b3c81f396c1c2eb7509d8465a 274474
libmagick++-dev_6.7.4.0-4_amd64.deb
e9b54d7f7b192c0926788d7fa3a5a4f465cb810b 241162 perlmagick_6.7.4.0-4_amd64.deb
Checksums-Sha256:
6d5a30cb98e4240c38f4609166d82fd5be824cd28022b90029e0b35667c86c2b 2434
imagemagick_6.7.4.0-4.dsc
15b1755a5ec888b83f8d790b01638d9fd0fb9288aafa46bbac27bd44229117a0 43735
imagemagick_6.7.4.0-4.debian.tar.bz2
f6eaae6419d0283a92196987fd9194abca3c27a15feeb6b88d6fcb448c12a3a1 130028
imagemagick_6.7.4.0-4_amd64.deb
565e60582d1fc80898b6abd0675934dee4d670d369b87d819e9e04b459224233 4762214
imagemagick-dbg_6.7.4.0-4_amd64.deb
7bad6d384c142357348d3dce9f0a6869d3322b33b9c54558f430fedd036651e8 175554
imagemagick-common_6.7.4.0-4_all.deb
7dfdfdd0af4ee9df9232e4d59ddc9e9ba4738e1aae7416b9d3289e5565a21790 5576876
imagemagick-doc_6.7.4.0-4_all.deb
0685ccc7973f9388d67a1c5ba10fccd012209ed6e7a6da61faceb433219078c2 2040648
libmagickcore5_6.7.4.0-4_amd64.deb
b6fd0f272d408231c6257f11c272340164844c5a87fc0826186f81f504a77ba1 131524
libmagickcore5-extra_6.7.4.0-4_amd64.deb
45f35d0f5df87a91e6f37af5e64ba7a00ac7e92c62dbe6580594d0fc10d71432 1361784
libmagickcore-dev_6.7.4.0-4_amd64.deb
5dc9e0d57ccbc94331c9ba6827fd5f67fb9bd7848fdf821a847b63bf683d7f32 447772
libmagickwand5_6.7.4.0-4_amd64.deb
fff98afe23e74754191197192a7324b314df95335869c0ca7a9c1b4cfac8756e 528644
libmagickwand-dev_6.7.4.0-4_amd64.deb
495b8d50d1df5983140dc0b36f103677ad9d103dcbfcd9be6b227c0dba0266a7 224352
libmagick++5_6.7.4.0-4_amd64.deb
be874acf4b04dbc09aecf6dc22dee975dd49edf2a81d8b2536d8dab929c6ab5a 274474
libmagick++-dev_6.7.4.0-4_amd64.deb
c828635c1973a1208f9a8644ed124bcb040e5e8e7d5c4fce6ba7794ef0bb8d38 241162
perlmagick_6.7.4.0-4_amd64.deb
Files:
19cede33d2acb4caabfc9f30a7548397 2434 graphics optional
imagemagick_6.7.4.0-4.dsc
be86112b8c55205771ef370571633dcc 43735 graphics optional
imagemagick_6.7.4.0-4.debian.tar.bz2
0f457a324d62ce22ffd55f70aa45631f 130028 graphics optional
imagemagick_6.7.4.0-4_amd64.deb
859792ec510281d735c4061de7cd237a 4762214 debug extra
imagemagick-dbg_6.7.4.0-4_amd64.deb
e4789415be833710533f260d10ccab5b 175554 graphics optional
imagemagick-common_6.7.4.0-4_all.deb
d62bcf6ada70b9fe16891d80eb6b3a35 5576876 doc optional
imagemagick-doc_6.7.4.0-4_all.deb
4716014ba28666ca0c1c37a73c1638b8 2040648 libs optional
libmagickcore5_6.7.4.0-4_amd64.deb
39776b04adf49e02e81edeb5586597ba 131524 libs optional
libmagickcore5-extra_6.7.4.0-4_amd64.deb
232e6d74361731c7afeac6cc37701b72 1361784 libdevel optional
libmagickcore-dev_6.7.4.0-4_amd64.deb
c903e5d241e06ef5ce76737370c52485 447772 libs optional
libmagickwand5_6.7.4.0-4_amd64.deb
9ea4ea2734785f28cf6bab83bfbd23f6 528644 libdevel optional
libmagickwand-dev_6.7.4.0-4_amd64.deb
e3ac1936b6f87e64bbcc177c1152d7c4 224352 libs optional
libmagick++5_6.7.4.0-4_amd64.deb
24ed9f66ec8ab396e68d221e0d6d7d6d 274474 libdevel optional
libmagick++-dev_6.7.4.0-4_amd64.deb
f3a468384cc59a07c16d1a83ee587f93 241162 perl optional
perlmagick_6.7.4.0-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+F9WwACgkQx/UhwSKygsqZswCfcMuv9mXEpvnLD2tEol+A2RPw
GFYAnj1HGRkGqq0S4+qI3aD2mS86IH3I
=jZvE
-----END PGP SIGNATURE-----
--- End Message ---
