Your message dated Sun, 01 Sep 2013 09:33:46 +0000 with message-id <e1vg42u-0004ad...@franck.debian.org> and subject line Bug#721273: fixed in imagemagick 8:6.7.7.10-6 has caused the Debian Bug report #721273, regarding Fwd: [Bug 1218248] Re: DoS: memory corruption while processing GIF comments. to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 721273: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721273 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ImageMagick Control: severity -1 serious Control: tags -1 + security Control: tags -1 + patch Control: tags -1 + fixed-upstream Control: tags -1 + fixed-in-experimental Control: tag -1 confirmed > > ---------- Message transféré ---------- > De : "Bastien ROUCARIES" <roucaries.bast...@gmail.com> > Date : 29 août 2013 21:05 > Objet : Fwd: [Bug 1218248] Re: DoS: memory corruption while processing GIF comments. > À : <secur...@debian.org> > Cc : > >> Will take care asap for stable and latter old stable testing and unstable. >> >> Bastien >> >> ---------- Message transféré ---------- >> De : "Seth Arnold" <1218...@bugs.launchpad.net> >> Date : 29 août 2013 20:25 >> Objet : [Bug 1218248] Re: DoS: memory corruption while processing GIF comments. >> À : <roucaries.bastien+b...@gmail.com> >> Cc : >> >> ** Information type changed from Private Security to Public Security >> >> -- >> You received this bug notification because you are subscribed to >> imagemagick in Ubuntu. >> https://bugs.launchpad.net/bugs/1218248 >> >> Title: >> DoS: memory corruption while processing GIF comments. >> >> Status in “imagemagick” package in Ubuntu: >> New >> >> Bug description: >> Memory corruption while processing GIF comments. As the result >> malloc's private stuctures are corrupted and it causes SIGABRT and >> application crashes. >> >> Here is a topic on imagemagick forum: http://www.imagemagick.org >> /discourse-server/viewtopic.php?f=3&t=23921 . You can easily reproduce >> problem with images from this topic. >> >> >> It was a problem with handling comments. '\0' symbol was places after allocated memory buffer. >> To fix this problem raw memory handling functions was replaced with ConcatenateString. >> Original code that solves this problem: http://trac.imagemagick.org/changeset/8770/ImageMagick/trunk/coders/gif.c >> >> Patch that solves problem is attached to this bug report and tested in >> Yandex. >> >> To manage notifications about this bug go to: >> https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1218248/+subscriptions
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.7.7.10-6 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 721...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 30 Aug 2013 00:29:40 +0200 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.7.7.10-6 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Description: imagemagick - image manipulation programs imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++5 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore5 - low-level image manipulation library libmagickcore5-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand5 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 721273 Changes: imagemagick (8:6.7.7.10-6) unstable; urgency=high . * Security Fix: Buffer overflow "Memory corruption while processing GIF comments.", (Closes: #721273). Checksums-Sha1: 4089d2b1b7359baeaf6a2a563a74833b85209941 2505 imagemagick_6.7.7.10-6.dsc 0124116e0ed53f46a9230d57014e8a9042eefd21 138207 imagemagick_6.7.7.10-6.debian.tar.bz2 10ba300ac3b2a23d83f1455fddcdbd8372e0e85e 280268 imagemagick_6.7.7.10-6_amd64.deb b65e451c58c8fcad442b09b2a71a7a4ed6b31e3f 5877226 imagemagick-dbg_6.7.7.10-6_amd64.deb 307443c2a7b54189310a69b1ada7e0168e6c3f98 123028 imagemagick-common_6.7.7.10-6_all.deb 06d2cb3b8d4cc1536faa8c185cfde084a64907ca 4362820 imagemagick-doc_6.7.7.10-6_all.deb c90c1748bf801fcb26ddc4f40baf29380a4e7a18 1559560 libmagickcore5_6.7.7.10-6_amd64.deb 3ac2401a3b8d20b12115334b70a7a4a23b7ed76c 146758 libmagickcore5-extra_6.7.7.10-6_amd64.deb 06484b67ee1ae8036d61d65a8fcb472c073f1363 991592 libmagickcore-dev_6.7.7.10-6_amd64.deb 93e02da36e0c623ef968e025e0bb5127717d2015 357544 libmagickwand5_6.7.7.10-6_amd64.deb 874360154ea3518607a5269c6d9d271c0f8202bf 359720 libmagickwand-dev_6.7.7.10-6_amd64.deb 8cf0e3f2b80e062cfa437acea6b3f9fcbcd942bc 193726 libmagick++5_6.7.7.10-6_amd64.deb d2ea579a8de5cc719f30b338784944d033f73475 218514 libmagick++-dev_6.7.7.10-6_amd64.deb 6542fe861339bc92f76d2f09147ee05965a7445d 227172 perlmagick_6.7.7.10-6_amd64.deb Checksums-Sha256: 43f8dae4d09e50f962e59c9564c009f4794d2751ea1687b9d8acea32e6c2221e 2505 imagemagick_6.7.7.10-6.dsc a7cf85bf190ea04786f72816b90bf19fc4e61dd155f4920a183944a16870d4b1 138207 imagemagick_6.7.7.10-6.debian.tar.bz2 084a656a441f920a91b15bad2ff4e49b7aaae774ae0f4b010b241300525911bd 280268 imagemagick_6.7.7.10-6_amd64.deb 73aab65c2ea48492fad42d2c85d0549cce9f55bd870f431db1ee4557cbd48a56 5877226 imagemagick-dbg_6.7.7.10-6_amd64.deb 1320198d79e9d374932af44e17c9ec964687c11da293beab7608577e86f8cbd7 123028 imagemagick-common_6.7.7.10-6_all.deb 70c126c6e2886f532f6a5c6245952d20d1d137276e6d08918c11e111e0cb07c1 4362820 imagemagick-doc_6.7.7.10-6_all.deb d4a5dba6d7b55fc6b50fe4bda81908fb40ac18585e03b8bf764252e2d2d843e0 1559560 libmagickcore5_6.7.7.10-6_amd64.deb d15e937068c4216e72fa577a84a0da0f41a42ebd9a3bd31265aef6e3c1b0888e 146758 libmagickcore5-extra_6.7.7.10-6_amd64.deb 29b46b5c60be24312fd1f287f68e3529d60acdf2579c0b7a49e9d7dd6716d5b2 991592 libmagickcore-dev_6.7.7.10-6_amd64.deb c509595abff099efa1b64f0ac3379b274d99feb9cbaf2e7236ebeef38f850b3c 357544 libmagickwand5_6.7.7.10-6_amd64.deb 6546b7ae02f75d1a01f67eb41f11a6c50ce51ebe2c31335f31de1a371b8dfb71 359720 libmagickwand-dev_6.7.7.10-6_amd64.deb f2bddc25b45aa84c6c7d944bfc4e28aa8a6a20043b69199050a5d879336b8fe8 193726 libmagick++5_6.7.7.10-6_amd64.deb 86144e36f049226e17306f5f73e240d07d806e55be575e03726c52dd4fee0776 218514 libmagick++-dev_6.7.7.10-6_amd64.deb 97d1aae9dafd0979a591637743e729d5370e6f8f953583bfe4077fbd61d18b74 227172 perlmagick_6.7.7.10-6_amd64.deb Files: c540fdc56f92714189513adf052179e2 2505 graphics optional imagemagick_6.7.7.10-6.dsc eb5bd2f76b74e92fb7c8e6b90df6ec51 138207 graphics optional imagemagick_6.7.7.10-6.debian.tar.bz2 c67f8917fefd4bdc7ef70cf766368000 280268 graphics optional imagemagick_6.7.7.10-6_amd64.deb 76519e880f86ebd517e547a3c1ef1fe8 5877226 debug extra imagemagick-dbg_6.7.7.10-6_amd64.deb 75b0f56250551f446269c24d25bf37bd 123028 graphics optional imagemagick-common_6.7.7.10-6_all.deb be23fcc4d007be5132d7c472b02e518a 4362820 doc optional imagemagick-doc_6.7.7.10-6_all.deb e2f08bfddbf132b7c452c6903a9740f1 1559560 libs optional libmagickcore5_6.7.7.10-6_amd64.deb 502a8ae4b786b8d236de050dd4879cb3 146758 libs optional libmagickcore5-extra_6.7.7.10-6_amd64.deb a9f633dcc4e51b78e2324f67b8c06874 991592 libdevel optional libmagickcore-dev_6.7.7.10-6_amd64.deb b66de1fd0243160d3f00ac26945951ce 357544 libs optional libmagickwand5_6.7.7.10-6_amd64.deb 69f6557df722955c57326cbf29ea3f0b 359720 libdevel optional libmagickwand-dev_6.7.7.10-6_amd64.deb 0a6a9773612f27452b259f26240e5322 193726 libs optional libmagick++5_6.7.7.10-6_amd64.deb a1c4244585d916afe13e99d14331e559 218514 libdevel optional libmagick++-dev_6.7.7.10-6_amd64.deb 8b11c732054befd8ce3dcec67c9b1373 227172 perl optional perlmagick_6.7.7.10-6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlIjBUMACgkQx/UhwSKygsohegCbBG6htEH/2QTYv4w1ODCvb13L b4gAnjuMn7TP1zPp40oKxR7UL/jnF1t+ =peFm -----END PGP SIGNATURE-----
--- End Message ---
