Your message dated Tue, 06 Nov 2012 00:47:51 +0000
with message-id <e1tvxkz-0006vn...@franck.debian.org>
and subject line Bug#692367: fixed in imagemagick 8:6.7.7.10-5
has caused the Debian Bug report #692367,
regarding [imagemagick][patch][mentors] Three Security leading to DOS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
692367: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692367
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Version: 8:6.7.7.10-4
Severity: serious
Tags: patch security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
Current imagemagick version 8:6.7.7.10-4 is unsuitable for realease due to
(under my own analysis) three memory leaks:
* Fix a memory leak: after setjmp used variable need to be volatile.
Fix jpeg and png coder.
* Fix a memory leak: in webp handling add a forgotten WebPPictureFree
* Fix another memory leak in case of corrupted image in magick++ read
method.
According to my own analysis the risk is only a local dos.
These bug should be nevertheless fixed before wheezy. I have prepared a package
for stable-security if needed and I could upload in a few minutes to mentors
if needed by security team.
Bastien
--
Dr-Ing Bastien ROUCARIÈS uUniversité de Cergy/SATIE ENS Cachan
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.7.7.10-5
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 692...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated
imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 05 Nov 2012 13:55:44 +0100
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc
libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5
libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.7.7.10-5
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com>
Description:
imagemagick - image manipulation programs
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development
files
libmagick++5 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore5 - low-level image manipulation library
libmagickcore5-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand5 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 692367
Changes:
imagemagick (8:6.7.7.10-5) unstable; urgency=high
.
* Fix three security bug (Closes: #692367):
- Fix a memory leak: after setjmp used variable need to be volatile.
Fix jpeg and png coder.
- Fix a memory leak: in webp handling add a forgotten WebPPictureFree
- Fix another memory leak in case of corrupted image in magick++ read method.
Checksums-Sha1:
a6a8bda9335163f1f75cd8b8f3a8924981c6ab14 2505 imagemagick_6.7.7.10-5.dsc
3eaef858a716942d1dd6b185ada072ee8b98a126 137760
imagemagick_6.7.7.10-5.debian.tar.bz2
9852f7ccb15b0437551d9185d8b9728dbcbae1d1 284802
imagemagick_6.7.7.10-5_amd64.deb
066d5b7363e31a39e36321b7359b8d25b55e99bf 6270914
imagemagick-dbg_6.7.7.10-5_amd64.deb
297be57a36d76e8accb96100184d2fdeb994ef4f 128046
imagemagick-common_6.7.7.10-5_all.deb
f4676d3b0a7a2cabc26f801b6b7f9065eed062ea 5627888
imagemagick-doc_6.7.7.10-5_all.deb
d2d7bdc661b4aa5fe7bfafff0a959d1e021b89c3 2083202
libmagickcore5_6.7.7.10-5_amd64.deb
c38fc8f8d03682e70bfdcdaf16f0b249aaa76033 163546
libmagickcore5-extra_6.7.7.10-5_amd64.deb
d8f7df70d3e59564c0b98e977622da2bcfa23b2b 1386174
libmagickcore-dev_6.7.7.10-5_amd64.deb
b19c4ff486fc09876d6407214bf6e2e818531c94 462030
libmagickwand5_6.7.7.10-5_amd64.deb
cef5d4b655b403bff556a74e9e4c74667b88eabb 544152
libmagickwand-dev_6.7.7.10-5_amd64.deb
8b3537e1bef31388e0f45296e16664216a9273fd 236364
libmagick++5_6.7.7.10-5_amd64.deb
6b7b795287db49aa47cfff8dbbac5b1944fcdc3b 284774
libmagick++-dev_6.7.7.10-5_amd64.deb
0c14623eb4448c5a3c45697c4b3f837b127f328a 255448 perlmagick_6.7.7.10-5_amd64.deb
Checksums-Sha256:
3ce8ab7b4ff8b10bf41fd0197769796175d499d7e0c3fee8149b1ba51f27957e 2505
imagemagick_6.7.7.10-5.dsc
ab804f719cd33f88df173c2cbc78b1ef7dd805206d0c34c4eff99029868b240d 137760
imagemagick_6.7.7.10-5.debian.tar.bz2
2d1078173e7f1ed5a45bf9593d411ca1a22e3216ca63b3b96469e4eb52cd8971 284802
imagemagick_6.7.7.10-5_amd64.deb
3260f54a86ba8cf8310bff8c2d2816cc0cf980eb62a2fb7e9ce2db186e9e2d8c 6270914
imagemagick-dbg_6.7.7.10-5_amd64.deb
ed198ae139a9fd43998a16032216079d0a288a6c6929a4a328ea6bf3317d01e7 128046
imagemagick-common_6.7.7.10-5_all.deb
fc713af4c110d4973525af2c18fa0d93ea743a7944b953765b1f2e0d6cbe6176 5627888
imagemagick-doc_6.7.7.10-5_all.deb
5c9eb8a10dbb6082edf61554cd05c2adada4cf3284f9a783860774f30b7313bd 2083202
libmagickcore5_6.7.7.10-5_amd64.deb
ee36b8e470a8cd568d30b82894b4d26089f744e8e080f246d63c934ec0a457f3 163546
libmagickcore5-extra_6.7.7.10-5_amd64.deb
d1f960886bcb909cc4e45f1f1f0d4f59cb49a10b35e321975059a559e884b335 1386174
libmagickcore-dev_6.7.7.10-5_amd64.deb
c46d4fc86fa655a8d6d3c930e8e4b01de40d1bd4f2db68723415a13ea915eb5f 462030
libmagickwand5_6.7.7.10-5_amd64.deb
8178c5034ef81eb8e35cda52e233074daccde52acdd0e116450865394657d379 544152
libmagickwand-dev_6.7.7.10-5_amd64.deb
fc3b9a0cacd9a85e2020e2121d2625fa28fc6e138e135753f6653ed910dd2fe4 236364
libmagick++5_6.7.7.10-5_amd64.deb
872900e8a093e20e5c15efad10cf5b881c0ed59238c50fad45e277e6fdeba5ce 284774
libmagick++-dev_6.7.7.10-5_amd64.deb
48d197051584719aaa4bff7b10315f4e577e6313037928c3a1db985a9da5ed87 255448
perlmagick_6.7.7.10-5_amd64.deb
Files:
b65e07911650c9f6c99be9e4f81cddf4 2505 graphics optional
imagemagick_6.7.7.10-5.dsc
f8a7f504bc7cfb857152820f9daab52f 137760 graphics optional
imagemagick_6.7.7.10-5.debian.tar.bz2
34018b0cb0a58d340a8bf1781ba8c8ad 284802 graphics optional
imagemagick_6.7.7.10-5_amd64.deb
b969469e2830e5dd7e00c6fdd8a81050 6270914 debug extra
imagemagick-dbg_6.7.7.10-5_amd64.deb
893e4d9bf66df3d19891a29de1675838 128046 graphics optional
imagemagick-common_6.7.7.10-5_all.deb
0b11ba177127396eff952dd0efb9342c 5627888 doc optional
imagemagick-doc_6.7.7.10-5_all.deb
a0b79ee2eaa01480bab8507f561dbc0f 2083202 libs optional
libmagickcore5_6.7.7.10-5_amd64.deb
66436f3d6bbbc56e8ddfaf59cc9a99bb 163546 libs optional
libmagickcore5-extra_6.7.7.10-5_amd64.deb
d1fe7436de6d0a5152c100740d350bf1 1386174 libdevel optional
libmagickcore-dev_6.7.7.10-5_amd64.deb
71a431c1c02b3427d3bc485649dc63a6 462030 libs optional
libmagickwand5_6.7.7.10-5_amd64.deb
28ec4e9845b04affee68e306d52714f6 544152 libdevel optional
libmagickwand-dev_6.7.7.10-5_amd64.deb
84a8d737b6207a6b65a04162bbd8a932 236364 libs optional
libmagick++5_6.7.7.10-5_amd64.deb
adcc2fb2c87a9dd311ccf4fc6dbcfd8e 284774 libdevel optional
libmagick++-dev_6.7.7.10-5_amd64.deb
928e70b4bc266a27b743162b64469511 255448 perl optional
perlmagick_6.7.7.10-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlCYWZIACgkQx/UhwSKygsqR4gCfTbf+xGj0t6E3Cv+RxOHKXg1i
SnQAniXnzG/6oeYFpu0MOAfPF2ynYAiz
=eYl7
-----END PGP SIGNATURE-----
--- End Message ---
