Your message dated Mon, 15 Apr 2019 20:42:15 +0000 with message-id <e1hg8qh-000gts...@fasolo.debian.org> and subject line Bug#927029: fixed in graphicsmagick 1.4~hg15968-1 has caused the Debian Bug report #927029, regarding graphicsmagick: Multiple heap-based buffer over-reads to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927029: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: graphicsmagick X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for graphicsmagick. CVE-2019-11005[0]: | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based | buffer overflow in the function SVGStartElement of coders/svg.c, which | allows remote attackers to cause a denial of service (application | crash) or possibly have unspecified other impact via a quoted font | family value. CVE-2019-11006[1]: | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based | buffer over-read in the function ReadMIFFImage of coders/miff.c, which | allows attackers to cause a denial of service or information | disclosure via an RLE packet. CVE-2019-11007[2]: | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based | buffer over-read in the ReadMNGImage function of coders/png.c, which | allows attackers to cause a denial of service or information | disclosure via an image colormap. CVE-2019-11008[3]: | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based | buffer overflow in the function WriteXWDImage of coders/xwd.c, which | allows remote attackers to cause a denial of service (application | crash) or possibly have unspecified other impact via a crafted image | file. CVE-2019-11009[4]: | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based | buffer over-read in the function ReadXWDImage of coders/xwd.c, which | allows attackers to cause a denial of service or information | disclosure via a crafted image file. CVE-2019-11010[5]: | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in | the function ReadMPCImage of coders/mpc.c, which allows attackers to | cause a denial of service via a crafted image file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11005 [1] https://security-tracker.debian.org/tracker/CVE-2019-11006 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11006 [2] https://security-tracker.debian.org/tracker/CVE-2019-11007 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11007 [3] https://security-tracker.debian.org/tracker/CVE-2019-11008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11008 [4] https://security-tracker.debian.org/tracker/CVE-2019-11009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11009 [5] https://security-tracker.debian.org/tracker/CVE-2019-11010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11010 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: graphicsmagick Source-Version: 1.4~hg15968-1 We believe that the bug you reported is fixed in the latest version of graphicsmagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated graphicsmagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 15 Apr 2019 17:40:12 +0000 Source: graphicsmagick Architecture: source Version: 1.4~hg15968-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Closes: 927029 Changes: graphicsmagick (1.4~hg15968-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues (closes: #927029): - ReadMATImage(): Report a corrupt image exception if reader encounters end of file while reading scanlines (use of uninitialized value in IsGrayImag() ), - ReadTOPOLImage(): Report a corrupt image if reader encounters end of file while reading header rows (use of uninitialized value in InsertRow() ), - OpenCache(): Use unsigned 64-bit value to store CacheInfo offset and length as well as for the total pixels calculation to prevent some more arithmetic overflows, - SetNexus(): Apply resource limits to pixel nexus allocations to prevent arithmetic and integer overflows, - SetNexus(): Report error for empty region rather than crashing due to divide by zero exception, - ReadTXTImage(): Don't start new line if x_max < x_min to avoid floating point exception in SetNexus(), - ReadMATImage(): Quit if image scanlines are not fully populated due to exception to prevent use of uninitialized value in InsertComplexFloatRow(), - ReadMATImage(): Fix memory leak on unexpected end of file, - Throwing an exception is now thread-safe, - Fx module error handling/reporting improvements, - Fix various uses of allocated memory without checking if memory allocation has failed, - CVE-2019-11010: ReadMPCImage(): Deal with a profile length of zero, or an irrationally large profile length to prevent memory leak, - CVE-2019-11007: ReadMNGImage(): Fix small buffer overflow (one PixelPacket) of image colormap, - CVE-2019-11009: ReadXWDImage(): Fix heap buffer overflow while reading DirectClass XWD file, - CVE-2019-11006: ReadMIFFImage(): Detect end of file while reading RLE packets to prevent heap buffer overflow, - CVE-2019-11005: SVGStartElement(): Fix stack buffer overflow while parsing quoted font family value, - CVE-2019-11008: XWD: Perform more header validations, a file size validation, and fix arithmetic overflows leading to heap overwrite, - ReadWMFImage(): Reject WMF files with an empty bounding box to prevent division by zero problems, - WritePDBImage(): Use correct bits/sample rather than image->depth to prevent potential buffer overflow, - WriteMATLABImage(): Add completely missing error handling to prevent heap buffer overflow, - SetNexus(): Fix arithmetic overflow while testing x/y offset limits, - DrawPrimitive(): Check primitive point x/y values for NaN to prevent integer overflow, - DrawImage(): Fix integer overflow while validating gradient dimensions, - WritePDBImage(): Assure that input scanline is cleared in order to cover up some decoder bug to prevent use of uninitialized value, - ReadXWDImage(): Add more validation logic to avoid crashes due to FPE and invalid reads. * Update library symbols for this release. Checksums-Sha1: d593adbae3d3cd1d7e131e33160f90f4e33f5fdc 2855 graphicsmagick_1.4~hg15968-1.dsc 005f1e479987a46ff2ce27ce88a80ec53f7d855d 8881012 graphicsmagick_1.4~hg15968.orig.tar.xz 59f407e71f2ca2b7f6ce7e926a5c4bcb671561dc 144216 graphicsmagick_1.4~hg15968-1.debian.tar.xz a98d1f0f10819aa8993c3b8fc89da8983fc9154e 11892 graphicsmagick_1.4~hg15968-1_amd64.buildinfo Checksums-Sha256: 2345b0c587141b5c569cde846da414c67a975464387505e5406006eacb7f8a09 2855 graphicsmagick_1.4~hg15968-1.dsc eac04fefacac3bc8bd38f92ca35847b4702ebec9e2e13bde03dca3c936b4c1b1 8881012 graphicsmagick_1.4~hg15968.orig.tar.xz 38d353149c577577d4c15a8ded5463b0bb7d13e4e2a334c22f4ae772f56a9c12 144216 graphicsmagick_1.4~hg15968-1.debian.tar.xz dd121ebc9f39f36030d18d9f61c743788663f2b90adc0a91418a840930dcbd5c 11892 graphicsmagick_1.4~hg15968-1_amd64.buildinfo Files: 3f421092d03042c2932d3876fb09984a 2855 graphics optional graphicsmagick_1.4~hg15968-1.dsc a30fbac5f5aff370d6ec1b181f0704d6 8881012 graphics optional graphicsmagick_1.4~hg15968.orig.tar.xz 0acd37a677107e493d1b57f2ee615c23 144216 graphics optional graphicsmagick_1.4~hg15968-1.debian.tar.xz 56baed2ecf58eae0c81aad5a3b35ed74 11892 graphics optional graphicsmagick_1.4~hg15968-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAly02b0ACgkQ3OMQ54ZM yL/Msg//XitPpv++PfFe/mfSTXPHkXnsY73Pgdz6d+Nirr5a91DiCfxy1R3vOfi3 rb73Bmwss/UcRC46A7PngBsAKdD5vsm0vdicf6602X7nQVEBARVErSaDLkyUH/X7 OB7/qc+DrmAh3b8dtedZmjVcj7nvC1L47E2J3LvtstH68jndD6n/AOB2gYC/ATWo CwhpsizUTVwl0w7rLt/PDrqzWbdVoimw1V1qVXRsfG0YC8+2TKa5Ix3O/WGJRZyW ZD4TLl/OKe3bPhAWfslRuFTd04cZqmWPBiBd/esJTtX7ofhQzmj02TufopXkGf60 irkeKiMTmqa/yegnQ/nRwoGFxwCwyHb3xVBRYA/Of7SmOuN4LvixPHLlolBjOrw/ xQVd0Pglo06+LxaYP3wYjTO6vrFrm30pIAwg5UKpsM42sYWPTgMZY964Dh0hMAJe VWW4Ou9wqbjLADpjnev/m10ZCJaY/S3etVsMtGPWqTt/PRE9LYO8bM/IP2+wAi3M wHIIRTCdJJMG7QeoggCU8QyiUhPWhWeHX2dcEkuMs27+20W2ktZ/ZusS5HIL4uf/ Gx9A0HJp1VrM1zYCJXCZrMkU19kwet6cQDiHMc5iACXNCD1EkW5jMVwFw6F2/Kyl xJ84XbmoaVTUMBO+yZhQ4sI4rYVZH87MCQc+xq5PxvUu0j/RyKw= =pqZc -----END PGP SIGNATURE-----
--- End Message ---
