Your message dated Thu, 13 Apr 2017 17:33:53 +0000 with message-id <e1cyicz-0004jh...@fasolo.debian.org> and subject line Bug#859771: fixed in imagemagick 8:6.9.7.4+dfsg-4 has caused the Debian Bug report #859771, regarding imagemagick: CVE-2017-7606: Undefined behavoir in rle to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859771: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859771 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:imagemagick Version: 8:6.6.0.4-3 Severity: serious Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.7.7.10-5 control: found -1 8:6.8.9.9-5 forwarded: https://github.com/ImageMagick/ImageMagick/issues/415 Undefined behavior in rle coder reading rle file could lead to lack of validation of rle file... Could be triggerd by corrupted file depending of compiler.
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-4 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 12 Apr 2017 23:20:43 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.7.4+dfsg-4 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 847282 859769 859771 Changes: imagemagick (8:6.9.7.4+dfsg-4) unstable; urgency=high . * Security fixes: + CVE-2017-7606: Undefined behavior in rle (Closes: #859771). + CVE-2017-7619: Infinite loop due to rounding error (Closes: #859769). * Bug fix: "fails to upgrade wheezy jessie stretch", thanks to Andreas Beckmann (Closes: #847282). Checksums-Sha1: 2c76a96ff18816103e2b094e12867d7fcc64161b 5133 imagemagick_6.9.7.4+dfsg-4.dsc 6a1c6902e63ad4c71038d545f210348451d2b4ee 206140 imagemagick_6.9.7.4+dfsg-4.debian.tar.xz 1b0eced77a38e025267a41c6525ea6179393a7a1 12901 imagemagick_6.9.7.4+dfsg-4_source.buildinfo Checksums-Sha256: a59e4384d43a0af5caf02dc6a5f763049a5f9f3373d72c1f0e59828f0960a2c2 5133 imagemagick_6.9.7.4+dfsg-4.dsc 9d99a7dcae95bf1a150378e0735d583c9995c6c4d5ca6121cac8625d3e1cb109 206140 imagemagick_6.9.7.4+dfsg-4.debian.tar.xz 2825f649b5299cdeb934c5cc7a099c7905aff624199e91989eafba35ae04a03c 12901 imagemagick_6.9.7.4+dfsg-4_source.buildinfo Files: 9d6978cab49021407c427aa58518d2e0 5133 graphics optional imagemagick_6.9.7.4+dfsg-4.dsc 4c44b7263648bc4e30ecd68241013308 206140 graphics optional imagemagick_6.9.7.4+dfsg-4.debian.tar.xz a5f2e12b03569dffc38050730067983a 12901 graphics optional imagemagick_6.9.7.4+dfsg-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAljvsyoACgkQADoaLapB CF9utA/+JFnBUmwxOD3XnUer/4QgDb2I1oh4Xq2ZNrC/1201fKMey52EoHwOWEO8 X0XMatxn4FVqw+uIYlAcxAfJo12zNICerpDhgxO8LuiX3lf8NZ/rno/ijUHO4oQA zuCajz8+p/G7UUxCDBBOFme5YkntMaQYo8daHA0tthwF6O8xEQHqhkf8l/UbVUEA KgVKn++iRJm4enMMOPRcLRb0qPGeTCeLhq9crK4ONRRwXqYyNu+AyNlUYxMndOld VDcLG55CZBc3kDNEhY9QkUteUUNnawg4pnehwqAZc5g/lJ2jDXI/KOD9XnFD6Sb5 8fFHoHg+YRUOzzj1pH9sGoS6a+zkdp+Cvi+W6MlAq/v3LNT9Iq9fot7b9daQ+BXO Rd1W+gtkqHDQ5KEcrNyAK9s3UgpNZCY/a31iFazxj6j67cVsWW8GETcXpjHJVrz/ na4py956S5Bu6xhySL9E4W9A0W03Plvt/djltzBujLJ1+Jb5UI58ZWksBE49jhWL DdJbY5vsIivJHVCzibg7NxipiO8BMkFAuVhQKeJQ2fagTB8Pbted/YdDYBnF0M6v EdRjRIvZK6Tyc4YDKKCItUyAZ/At0g2hrvL3OEwKIWoLNfXzi1dL6yXg5c6baktP LKkKZ0jQIuEnkn7h1n3wHgF4wJRRyW5k/QmDlNtD+cCA7KYIqP8= =YvFa -----END PGP SIGNATURE-----
--- End Message ---
