Your message dated Sun, 05 May 2019 15:50:31 +0000 with message-id <e1hnjpl-000i2d...@fasolo.debian.org> and subject line Bug#926091: fixed in imagemagick 8:6.9.10.23+dfsg-2.1 has caused the Debian Bug report #926091, regarding imagemagick: CVE-2019-10650: heap-buffer-overflow in WriteTIFFImage of coders/tiff.c to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926091: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926091 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: imagemagick Version: 8:6.9.10.23+dfsg-2 Severity: important Forwarded: https://github.com/ImageMagick/ImageMagick/issues/1532 Hi, The following vulnerability was published for imagemagick. CVE-2019-10650[0]: | In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in | the function WriteTIFFImage of coders/tiff.c, which allows an attacker | to cause a denial of service or information disclosure via a crafted | image file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10650 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10650 [1] https://github.com/ImageMagick/ImageMagick/issues/1532 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.10.23+dfsg-2.1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 926...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 May 2019 16:34:26 +0200 Source: imagemagick Architecture: source Version: 8:6.9.10.23+dfsg-2.1 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 925395 926091 Changes: imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium . * Non-maintainer upload. * Stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956) (Closes: #925395) * Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650) (Closes: #926091) Checksums-Sha1: 2ae9b288ed44a23ab8645c5dfd0a84244d4b7e58 5285 imagemagick_6.9.10.23+dfsg-2.1.dsc b8445f2329fbc9c5e386afba41c2644544b990ea 222844 imagemagick_6.9.10.23+dfsg-2.1.debian.tar.xz 850c7837cd674f4e3b05f21ccd410b0d2a3c2876 6873 imagemagick_6.9.10.23+dfsg-2.1_source.buildinfo Checksums-Sha256: b926af69cf3e16be391ad6b87e8b9411cf3490910d1d07cdc1fb31aafebb8be4 5285 imagemagick_6.9.10.23+dfsg-2.1.dsc 11d75c3143aabc281d714b2a4b060e59fc2c787eff1319d50b67f505bf463f48 222844 imagemagick_6.9.10.23+dfsg-2.1.debian.tar.xz b1415a88913bff3ffb24c7a63a729799695d3bbd151cddc6c5de8d31c818726a 6873 imagemagick_6.9.10.23+dfsg-2.1_source.buildinfo Files: c4392aea7ecc637d7147edf02ec46966 5285 graphics optional imagemagick_6.9.10.23+dfsg-2.1.dsc 2813a02b403b4300efaa960d587d0108 222844 graphics optional imagemagick_6.9.10.23+dfsg-2.1.debian.tar.xz 3ef0925e1521e49786241ab5baaa8417 6873 graphics optional imagemagick_6.9.10.23+dfsg-2.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzMUiVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EW+gP/jPx4ANicFWHiahQZsF5WTMa4sre6XL6 HgbwiEe4HDJF+Eu1bEmOLqaZy9F4kI4c7j18Hm+MA7LRFrfjINXjh79c54/CTCIo qRF6jRVtfTlHRlyFKT+pCr+bYnUNiuXTx3rJ9ql6JwMimbI1F23JbZMg//7O8Ab4 x9oBxJrtoaouyzBo7Rg0QqSTTsrhvfoVxWHrrMcdb5bS5ndu+oBlplOozQXqCP0e fsVOgSVxz7QxWoNIsVBxvoxN2V8JbBKXvHvB/zvZiQWZg9UXHhysKqR41n7TFMeN p43tP5fLaocIJU5chadfuBE2XU8EROpRiucjIAJSCsd19QYV9L4rRr95NHZU9IhF n7U2kqHJfbpNxu9K5WQ8pC1h3hZdUoAvD6CH31U4uIuqBOxrr42kzkVyZWUHyr/k ChcqPumil0D3FU1DAAoEAohObo5W8fNN3MXgefhcv77CvL3ZwNVO8MTFSpfb6Iwi aVdQakHBWRam6mMULIARJKLofSi5B2OZkHcGs4rfV5N3hWr2Qt82bkx3vGc+Tu3F 9rT1n9ufZvYnsD+UJy1+2uFVZDBsVepwnJXk9tI+6K6O6Uqh5TjTiykl+PTGCYIT cklzlbXGQZkwXfTtlYOKm+l5yRFyQx5j/GgC78lJI65jel/WzsIrPgUCT8fLMZfA LOzhJPhB/1dP =yArU -----END PGP SIGNATURE-----
--- End Message ---
