Your message dated Sat, 19 Sep 2015 21:23:57 +0000
with message-id <e1zdpbx-0003rt...@franck.debian.org>
and subject line Bug#799524: fixed in imagemagick 8:6.8.9.9-6
has caused the Debian Bug report #799524,
regarding multiple security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
799524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799524
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:imagemagick
Version: 8:6.8.9.9-5
Severity: serious
Tags: security
Current version of imagemagick in stable/unstable is affected by
multiple security bugs:
- A DOS on specially crafted MIFF file (TEMP-0000000-FDAC72).
- A DOS on specially crafted Vicar file (TEMP-0000000-EEF23C).
- A DOS on specially crafted HDR file (TEMP-0000000-7C079F).
- A DOS on specially crafted PDB file (TEMP-0000000-2FC21E).
- Avoid a null pointer dereference in JNG decoder.
- Avoid a DOS for RLE file.
- Avoid double free on TGA file.
- Avoid a bufer overflow by using field limit in sprintf.
- Avoid a stack overflow in fx handling.
More info there:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
This bug report is just for tracking.
Vincent
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-6
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated
imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 12 Sep 2015 23:06:08 +0200
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2
libmagickwand-6.q16-dev libmagick++-6.q16-5v5 libmagick++-6.q16-dev
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev
libmagickwand-dev libmagick++-dev
Architecture: source amd64 all
Version: 8:6.8.9.9-6
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines
-- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header
files
libmagick++-6.q16-5v5 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick -
development files
libmagick++-dev - object-oriented C++ interface to ImageMagick
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth
Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library - extra
codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development
files (Q16)
libmagickcore-dev - low-level image manipulation library -- transition package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library - transition for development
files
perlmagick - Perl interface to ImageMagick -- transition package
Closes: 763799 770009 799524
Changes:
imagemagick (8:6.8.9.9-6) unstable; urgency=high
.
* Fix build on mips by printing progress (Closes: #770009).
* Fix a few security bugs: (closes: #799524)
- A DOS on specially crafted MIFF file (TEMP-0000000-FDAC72).
- A DOS on specially crafted Vicar file (TEMP-0000000-EEF23C).
- A DOS on specially crafted HDR file (TEMP-0000000-7C079F).
- A DOS on specially crafted PDB file (TEMP-0000000-2FC21E).
- Avoid a null pointer dereference in JNG decoder.
- Avoid a DOS for RLE file.
- Avoid double free on TGA file.
- Avoid a bufer overflow by using field limit in sprintf.
- Avoid a stack overflow in fx handling.
* Replace density of 1 for JPEG by unknown working around
a TeX bug (Closes: #763799).
Checksums-Sha1:
f3fb32e4432285f51b88b337bc0029de6b1d2149 3856 imagemagick_6.8.9.9-6.dsc
9608c388e2e0bd9c94feb4598d5c3573372d3f02 198560
imagemagick_6.8.9.9-6.debian.tar.xz
8a60dd469a574fed549e92846b4c017f715cdcef 511946
imagemagick-6.q16_6.8.9.9-6_amd64.deb
dbd5e51d309e91dd22d42dce9e401288105cb1a6 148548
imagemagick-common_6.8.9.9-6_all.deb
2fb9b518841dc4c18583c53ea2640471c52bc707 6400584
imagemagick-dbg_6.8.9.9-6_amd64.deb
a929a119faf63f308e0ee2ad5386e55defaaeabc 7032324
imagemagick-doc_6.8.9.9-6_all.deb
ac626ff8039974cc79e02c4d9bc74ed8a1ac1e98 155126 imagemagick_6.8.9.9-6_amd64.deb
1935facafcfb6bcf4266c565bc806bd8eb7574f3 173624
libimage-magick-perl_6.8.9.9-6_all.deb
c1f3c9d180eb0e839bdbdc6183ad97d386aa170c 219306
libimage-magick-q16-perl_6.8.9.9-6_amd64.deb
5c37705df6a1179242f33b8f384ff1239d298ab7 165944
libmagick++-6-headers_6.8.9.9-6_all.deb
f575cd59345cacf8af9f485acaba8efefcbac04e 249458
libmagick++-6.q16-5v5_6.8.9.9-6_amd64.deb
7a1ce2144ae72c1b1906ecc14e8d190d79769705 220804
libmagick++-6.q16-dev_6.8.9.9-6_amd64.deb
1faa8fc1a28c285cc17fe7af54146ad0e6d7417c 121600
libmagick++-dev_6.8.9.9-6_all.deb
918d08a7763d8474afab3653ebf4a6ab34bff2aa 129066
libmagickcore-6-arch-config_6.8.9.9-6_amd64.deb
be53c002c47113137b6c0e23d65733d41365ef29 166978
libmagickcore-6-headers_6.8.9.9-6_all.deb
7c23e8807e51731f0407d437a72b283fe798ca2f 168220
libmagickcore-6.q16-2-extra_6.8.9.9-6_amd64.deb
8c9d71c85ec82613e91394b0ae16d9c12190c438 1674050
libmagickcore-6.q16-2_6.8.9.9-6_amd64.deb
08cc7db0a061dededecadc158d5f4a5c877edd86 1027442
libmagickcore-6.q16-dev_6.8.9.9-6_amd64.deb
61a4f531c0770d5fff9d712315ea1139a123eb00 121574
libmagickcore-dev_6.8.9.9-6_all.deb
899a3718c9f98c39efdd1e7b4d9eac97cb7e94fb 130292
libmagickwand-6-headers_6.8.9.9-6_all.deb
85253466cba0474d28e0344acd4c23268283ed83 399428
libmagickwand-6.q16-2_6.8.9.9-6_amd64.deb
97935c5dc4fb8e792888f1a5e95acae4eacaf576 389860
libmagickwand-6.q16-dev_6.8.9.9-6_amd64.deb
435409706eed77fee9f85559daa329fc6cb33a0b 121566
libmagickwand-dev_6.8.9.9-6_all.deb
9312096bf4042e111e26a28a36665f29c0060d01 121604 perlmagick_6.8.9.9-6_all.deb
Checksums-Sha256:
a447cc600ce29521620959eee4b3254f9afddb796b637abdf11844df85403b0d 3856
imagemagick_6.8.9.9-6.dsc
a1c1a69240dcdd3e723fa5f79caf1dec02cdbc9f1a48e0e5fba2c9511fec6a35 198560
imagemagick_6.8.9.9-6.debian.tar.xz
ba33fde40b9754c76a5ba98385bf280b56b0bf3d8b8347a00e8c9535d5597af7 511946
imagemagick-6.q16_6.8.9.9-6_amd64.deb
6ba5cab3eb2a95e1b847a5c404a9ceb3cee6f6f4f560d302a68be8597f6ea959 148548
imagemagick-common_6.8.9.9-6_all.deb
c598e629569256284d1fad88ca55432a18c6c9513c447a23ccbfe762fe31f147 6400584
imagemagick-dbg_6.8.9.9-6_amd64.deb
054faaeec00bb8a045de0f5e715adf497abeca99974d64a5bf74bbd531239bbe 7032324
imagemagick-doc_6.8.9.9-6_all.deb
63796d01576696d1d7f8f461eef9a5dc35fb9452667831ec742905fe274a0f99 155126
imagemagick_6.8.9.9-6_amd64.deb
0ea9b0293bdcf7a8cbfdc0373e9b1b9678a314c300f8a65f1779abc7cc1287ca 173624
libimage-magick-perl_6.8.9.9-6_all.deb
a590086b18107a0c11b9e0364af0e1c67c8c99d2210d99b9cfad1cee090c778c 219306
libimage-magick-q16-perl_6.8.9.9-6_amd64.deb
36ea5cfca0a0e19fafe737bb482cd8bb851db1f4a1cff13a901c660f77e8bef8 165944
libmagick++-6-headers_6.8.9.9-6_all.deb
f67a7d09eb725933887feef0809068a0bdfe462e554f36e9c4e52a8e30d7b992 249458
libmagick++-6.q16-5v5_6.8.9.9-6_amd64.deb
012e37e17468189dcd15a7f159523e0729baf8d33fb6968764b8ee2ac2c10aa0 220804
libmagick++-6.q16-dev_6.8.9.9-6_amd64.deb
2de4f570d581c7411ce4b4f47f552d627f4b9bfc79c69e9d33272a4fb3615c99 121600
libmagick++-dev_6.8.9.9-6_all.deb
7148e30fdf2fdd3650914d26aace11f0b84e2c690c4257aaa0dc6ae3c4b1017c 129066
libmagickcore-6-arch-config_6.8.9.9-6_amd64.deb
bc9cf03d9ea5bed71be6e4b2fbbf151551f8d445cdc5df6efb4e49672f970c07 166978
libmagickcore-6-headers_6.8.9.9-6_all.deb
337e33b70bed2bc0a768ec7bd7776ea13fcc515e70f510bd3af70515e6467f16 168220
libmagickcore-6.q16-2-extra_6.8.9.9-6_amd64.deb
2a739357eddcc92415445be6ef60166f9672ef3269d2a87baad5f8d5e906b18d 1674050
libmagickcore-6.q16-2_6.8.9.9-6_amd64.deb
71be9073f0734e48705aa7d74b41eb17541876465362b1577586529eef6a4e54 1027442
libmagickcore-6.q16-dev_6.8.9.9-6_amd64.deb
cbdf73467803123cb9ff8721e267150a432c8759c4a02679615a2e5dd83d29b4 121574
libmagickcore-dev_6.8.9.9-6_all.deb
52370acb364f217fd197bdecdd11b725c479f50193b5a23b491b2f7d4fbf2451 130292
libmagickwand-6-headers_6.8.9.9-6_all.deb
468e62ce6a7a577028171f65fd18862f013a6e1cf225a876acc9c34602d4c803 399428
libmagickwand-6.q16-2_6.8.9.9-6_amd64.deb
5ed56d77645226ad9a86c8108944a68ccd9303306dee5e077bc256d8aa51abd2 389860
libmagickwand-6.q16-dev_6.8.9.9-6_amd64.deb
b6c4a5751d552b72fb75464cee46e955686b4049c921611eca2603b50377887e 121566
libmagickwand-dev_6.8.9.9-6_all.deb
eb2a30e6edb45c7e26dcd9f2c6c364f3a78838499508bad74f82e4a76dc73295 121604
perlmagick_6.8.9.9-6_all.deb
Files:
97164b7027c758cf3bd1316036681ede 3856 graphics optional
imagemagick_6.8.9.9-6.dsc
160d3112a97871c85bd31856336cee20 198560 graphics optional
imagemagick_6.8.9.9-6.debian.tar.xz
d8fb8b252ff9e5222ea19dd0ce4a8818 511946 graphics optional
imagemagick-6.q16_6.8.9.9-6_amd64.deb
f4785b7b87379d352b5a7ca4bfca1690 148548 graphics optional
imagemagick-common_6.8.9.9-6_all.deb
40c3afdbcd04562c17268cf2367c78cf 6400584 debug extra
imagemagick-dbg_6.8.9.9-6_amd64.deb
d19cc5678a9e4a808fc581beb5fb4bec 7032324 doc optional
imagemagick-doc_6.8.9.9-6_all.deb
8ca482da2634898d18e49f57b59c4426 155126 graphics optional
imagemagick_6.8.9.9-6_amd64.deb
9d2e2b9040401a8c18f751ad38d341a6 173624 perl optional
libimage-magick-perl_6.8.9.9-6_all.deb
b64911ce9585cd8fd89b80d016ba6d34 219306 perl optional
libimage-magick-q16-perl_6.8.9.9-6_amd64.deb
7ef624e6b804dbc3262123dd24790b3b 165944 libdevel optional
libmagick++-6-headers_6.8.9.9-6_all.deb
f7224de5c1018947cb63b133f041b86e 249458 libs optional
libmagick++-6.q16-5v5_6.8.9.9-6_amd64.deb
680efe1bfda390d57a25fed5b95c31ee 220804 libdevel optional
libmagick++-6.q16-dev_6.8.9.9-6_amd64.deb
476fb49756fdf927f6459a9426717708 121600 oldlibs extra
libmagick++-dev_6.8.9.9-6_all.deb
5a7811b136048f91c964401c796ca630 129066 libdevel optional
libmagickcore-6-arch-config_6.8.9.9-6_amd64.deb
6b621215efd91c854e016948599c7321 166978 libdevel optional
libmagickcore-6-headers_6.8.9.9-6_all.deb
1ea2113cae75043eed2f8cef7ca75a09 168220 libs optional
libmagickcore-6.q16-2-extra_6.8.9.9-6_amd64.deb
aa32a5f26ed1445215b483795ec014c3 1674050 libs optional
libmagickcore-6.q16-2_6.8.9.9-6_amd64.deb
dc977cbd87e403cc93340e0633b1347c 1027442 libdevel optional
libmagickcore-6.q16-dev_6.8.9.9-6_amd64.deb
11121d48389c42c3c26c451db4a432b3 121574 oldlibs extra
libmagickcore-dev_6.8.9.9-6_all.deb
ddceb34ad8d6ee5d124184ccaf0ea579 130292 libdevel optional
libmagickwand-6-headers_6.8.9.9-6_all.deb
5bff670f1a2988a0d5c162ede3c6f2db 399428 libs optional
libmagickwand-6.q16-2_6.8.9.9-6_amd64.deb
944898e26b33ad743daf10306211d175 389860 libdevel optional
libmagickwand-6.q16-dev_6.8.9.9-6_amd64.deb
b5891e7b83ae03ca3b24ee5d7831b70e 121566 oldlibs extra
libmagickwand-dev_6.8.9.9-6_all.deb
06cdb39d13111fe36d2e5f7e6d1be4bf 121604 oldlibs extra
perlmagick_6.8.9.9-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV/cbNAAoJEO3GeJm/E8RXcisIAIN2YCDfVJnPl+FVI3zhDH/+
2gSfcwH2Xm8LO7+PqIedXnHAzksXLz9t8z7Fi5pG3HJfPwMaAIvk9UxoDmKPb9L5
YP0/UfFizNJHMWL/QvUzXpix8X6WVe5QQZZqIUZPnfqRlLuKysDNseqPTdtlJ/cQ
kfpv1/toLzuHhzse6hVasFHc47Ea+lkxlFq3R5yD0vo8pTPUwI9G1mezJGxb0gAO
TOPf8Io3T+L8U5eLKG1boyoNMxkXr8DLRjrGc0hT4+9OB4syLsRdkz8M9sDAUTw7
O0izMiJsAOO8DjwuMMb31NlZYx5Vq8MQL+eJpFbPFc/gPTKKaUAMFoPIQAZqbCI=
=a8h5
-----END PGP SIGNATURE-----
--- End Message ---
