Your message dated Sat, 27 May 2017 16:06:53 +0000 with message-id <e1deeev-000ago...@fasolo.debian.org> and subject line Bug#863123: fixed in imagemagick 8:6.9.7.4+dfsg-9 has caused the Debian Bug report #863123, regarding imagemagick: CVE-2017-9143: Specially crafted arts file could lead to memory leak to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863123: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863123 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/456 origin: https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4 bug: https://github.com/ImageMagick/ImageMagick/issues/456
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-9 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 863...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 May 2017 15:54:06 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.7.4+dfsg-9 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 862967 863123 863124 863125 863126 Changes: imagemagick (8:6.9.7.4+dfsg-9) unstable; urgency=high . * Security fixes assertion failure and memory leaks: + Check for EOF conditions for RLE image format. (Closes: #863126). Fix CVE-2017-9144. + A crafted file revealed an assertion failure in blob.c. (Closes: #863125). Fix CVE-2017-9142. + A crafted file revealed an assertion failure in profile.c. (Closes: #863124). Fix CVE-2017-9142. + Specially crafted arts file could lead to memory leak. (Closes: #863123). Fix CVE-2017-9143. * Fix an information leak due to the use of uninitialized memory in RLE decoder. (Closes: #862967). Fix CVE-2017-9098. Checksums-Sha1: d5ee008ec87b0c41d84cf0caa104c35fe274c0ac 5133 imagemagick_6.9.7.4+dfsg-9.dsc 1a013f2ebc77be28abfde50aafdfbd8eecfc7f48 220784 imagemagick_6.9.7.4+dfsg-9.debian.tar.xz 00c2c54305eb79ef256392f5ac1d4d5a352ed841 12926 imagemagick_6.9.7.4+dfsg-9_source.buildinfo Checksums-Sha256: 17f6830385b5d1142e14d83dc59afd77458322799767885d84e61bb0807891a4 5133 imagemagick_6.9.7.4+dfsg-9.dsc 5e2102ff814d8264bc5fcdaec25b4af0a981c2a13c95708579abbba52dacd46a 220784 imagemagick_6.9.7.4+dfsg-9.debian.tar.xz d8e9d2dd1b0e5253b284c5f9556e5bb69420b62e975ff550d4b503830fa82d76 12926 imagemagick_6.9.7.4+dfsg-9_source.buildinfo Files: 1c8abbfa57e9eea291ef1e37a9e80b80 5133 graphics optional imagemagick_6.9.7.4+dfsg-9.dsc 701f056ef775efd089b5fea56de5d0a5 220784 graphics optional imagemagick_6.9.7.4+dfsg-9.debian.tar.xz 1aef615a1acbee60da14cbd704f2996f 12926 graphics optional imagemagick_6.9.7.4+dfsg-9_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlkpmZ4ACgkQADoaLapB CF9r1Q/9GWf3pKfndHD43RpQ8UmWKjWcT8dTQtQ+FUTU/Fyno0KpUFav6+rejVp3 GwBnQEVe4rBQmoAoa012bCuKmEebiBOT9xHWMAlQ3T70P+fxXK0O6Xsc6OTGZGvh XofKaKVqe7t3RQcq+2443Gw5q8qbMYTEWY7dngPNHAJi+/Es0elAhyz5lnMQyDck QV0bULq3CfaEkZhAd/DXs0B92MMahA3YkHQsCoGJ4NFglLc/pqEEBtQWiyzFDNn5 i4YApbGrzaVVD7oP04l8nK/JKJRK1AJ+5sXGhJPdg01g0eHfnMfOFyGVvmP/0w9y DsWxb2r2pF6MMSkix6asGWUF1ZbZ0nWdFV4R8W6DEU0mHYhNroz7Li4nfiVAiG/D wzFMqzIhvS6VhRkgrmzUOeNMe/VtaFmMaYjFiovAfuIcu2eq3IPe96QC04TtQ2jr fDLgxQUypzdLO3h/IWHE045k1tszvODqv2NJsgw6WTxth1DsROm09Rmn+xtGwzgb +MHU+k/vy8VgGnyvHOADvAyVkJtufbvTb8+WKwKTOLuEzu3RmxIzRHb6EaTYebpw zmH5xK/RXqz0Cag7jLhJ0nwVV/+lJKju1V6J2iRy1Hj+NqkjXyULaBhNcotX2sDa S+3qsLP8h1arUzU5w/rYGJtETzga9wZ4pRu3Qm9ao9SKGvzd9YM= =CEJo -----END PGP SIGNATURE-----
--- End Message ---
