Your message dated Wed, 02 May 2012 22:32:31 +0000
with message-id <e1spi63-0002pq...@franck.debian.org>
and subject line Bug#665007: fixed in imagemagick 8:6.6.0.4-3+squeeze2
has caused the Debian Bug report #665007,
regarding CVE-2012-1185 / CVE-2012-1186: incomplete ImageMagick fixes for
CVE-2012-0247 / CVE-2012-0248
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
665007: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665007
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The original fixes for the ImageMagick issues CVE-2012-0247 and
CVE-2012-0248 are incomplete.
Please see:
http://seclists.org/oss-sec/2012/q1/685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk9q/WUACgkQNxpp46476arBQgCeLZLei0zKKvxadUhYfFUpLw6f
EF4An30VihPmJDQmyY8MzuOibIoIT5Yx
=mRjI
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.6.0.4-3+squeeze2
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
to main/i/imagemagick/imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
imagemagick_6.6.0.4-3+squeeze2.dsc
to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2.dsc
imagemagick_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2_amd64.deb
libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
perlmagick_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/perlmagick_6.6.0.4-3+squeeze2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 665...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Fourmond <fourm...@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 18 Apr 2012 23:05:08 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-doc libmagickcore3
libmagickcore3-extra libmagickcore-dev libmagickwand3 libmagickwand-dev
libmagick++3 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.6.0.4-3+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Vincent Fourmond <fourm...@debian.org>
Description:
imagemagick - image manipulation programs
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development
files
libmagick++3 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore3 - low-level image manipulation library
libmagickcore3-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand3 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 665007 667635
Changes:
imagemagick (8:6.6.0.4-3+squeeze2) stable-security; urgency=high
.
* Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186 (incomplete fix)"
(Closes: #665007)
* Fix CVE-2012-0259 / CVE-2012-0260 / CVE-2012-1798 /
CVE-2012-1610 (Closes: #667635)
- Vulnerability CVE-2012-0259 can cause a DoS in a system
via handing JPEG files with invalid EXIF XResolution tag.
- Vulnerability CVE-2012-0260 can lead to excessive use of
memory in target system, when processing a malicious JPEG file.
Excessive use of memory can lead to denial of service.
- Vulnerability CVE-2012-1798 can cause program to crash when
reading invalid memory, while parsing EXIF IFD in a TIFF file.
- Vulnerability CVE-2012-1610 Fix a Potential EXIF Integer Overflow
Checksums-Sha1:
e2cb845e70cd066986c6cf0cadebf17e8bfad30e 1914
imagemagick_6.6.0.4-3+squeeze2.dsc
9be53f846b0c17721d6425977c407b353ee870c6 39845
imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
561288cbf24eccb9387c43c3eb4c592142b02ea2 105678
imagemagick_6.6.0.4-3+squeeze2_amd64.deb
936d6d3eab461b5a8631d5ef8353e11be516bbcc 3691536
imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
3115ea171278ab5170eec2a52cb75ac2fcf1ccb7 4176596
imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
3e91dd0748ef1ef31926e2aa80356e5bba774e57 1764922
libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
57f7e32677994a75399136623ebe5020b7c7f01e 120952
libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
e035b6890f149efb5cc4c988b9f6a842388d3702 1190578
libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
8c0ad856f61a9ff83dcfdc940758d04b22e5d86b 417792
libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
b76abd4437d0bd4c3a2d63532087eefbf47637d1 493638
libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
728568de5de726211758c4adfb274a2daa3c848b 209606
libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
0afd88e7604a2eb16c0be75bf6234688010e2166 259554
libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
2cbd39fbd98f5c25a5b1d1bd0b1d7f45f2d37d34 226278
perlmagick_6.6.0.4-3+squeeze2_amd64.deb
Checksums-Sha256:
caa7b926865880c7f802d36f7b0b799ea61e127764c41361cc536f77f702c6e9 1914
imagemagick_6.6.0.4-3+squeeze2.dsc
236a6d5bd5cc20819cea6cd48a05c593035b49b5e0d2b1ed4f4427e9bd7103d5 39845
imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
39ef2a452324d986002f3473a61afe1ce792c993e2db1489488d07fe646c568a 105678
imagemagick_6.6.0.4-3+squeeze2_amd64.deb
d499387cd3c4d4f2e7cf09b3833954a4b3c8a029224365bbd00f90247c053cbb 3691536
imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
ff2acc3f4a7512f5ea9e214cfc3b1433bc03365b1699ee6ac230f2a6b5a9bcf6 4176596
imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
dc6d7f29fffed83a2408c1de4eb429a16038d8092778931feb53880702d1f3ea 1764922
libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
c7d175c6a66395b2e26066d5853d028e6b5971048633f977dc45fc8715425554 120952
libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
2948d6d98bda4a513a218c72869647f2303eaac4fba1647bffeb90b8a079b403 1190578
libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
a664cd1b3e78e4eccde7cc8a61c91739747793c3773e61a35df25dcdfbd19f06 417792
libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
177777438c53bbf1e935697dc18373428e71a84d6605ffa0410ee2864d2af790 493638
libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
324f140e45eaacc5cc66e9f6faca16bb99344abc7c79d956ae91d7d2936b9766 209606
libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
22bce2ee29ab77a5f91f7f947ac0acdbf2c9515cd073f19e5ef57e75d4f94299 259554
libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
1146a1246b6c273b669563feb3a8068ab75f6a4b399ab8cfe7b6d6f240c91f0e 226278
perlmagick_6.6.0.4-3+squeeze2_amd64.deb
Files:
d631468b69eacfdf7d6aba560d7bf993 1914 graphics optional
imagemagick_6.6.0.4-3+squeeze2.dsc
79f34c9902d38ab886e8882446efb0be 39845 graphics optional
imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
51e5952c660ab180ee97041c1f7f23d3 105678 graphics optional
imagemagick_6.6.0.4-3+squeeze2_amd64.deb
f692d337d2cc10e3ac23365fc3900c51 3691536 debug extra
imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
81e33241b1092de87a021d79f3c20b72 4176596 doc optional
imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
6b567c00b8b91798e98c8506d1739f03 1764922 libs optional
libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
993eb589e37f6cd4ff51244ff2c02ed2 120952 libs optional
libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
38b411c0015de2f146607333cde49de0 1190578 libdevel optional
libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
178329c95b35148db5b02d566030a712 417792 libs optional
libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
3d9852d3c2d63d7290a8230fe473b9b5 493638 libdevel optional
libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
8315ccb5913fc96561f2cd62fc20a3bb 209606 libs optional
libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
c4d30d1a41650124c6b127f9bccc736e 259554 libdevel optional
libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
50579e1d3d0c98f3bbba735920f77801 226278 perl optional
perlmagick_6.6.0.4-3+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+ZkU8ACgkQx/UhwSKygsp0IwCguvsvhNBi/IxwDbt+ctuH8UW/
YVsAn1tKSHhh8puLwqDZ/jDX+st9WIdv
=VkXP
-----END PGP SIGNATURE-----
--- End Message ---
