Your message dated Mon, 27 Jul 2020 11:03:49 +0000 with message-id <e1k00v7-000474...@fasolo.debian.org> and subject line Bug#931449: fixed in imagemagick 8:6.9.11.24+dfsg-1 has caused the Debian Bug report #931449, regarding imagemagick: CVE-2019-13306 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 931449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931449 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: imagemagick Version: 8:6.9.10.23+dfsg-2.1 Severity: important Tags: security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/1612 Hi, The following vulnerability was published for imagemagick. CVE-2019-13306[0]: | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at | coders/pnm.c in WritePNMImage because of off-by-one errors. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13306 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13306 [1] https://github.com/ImageMagick/ImageMagick/issues/1612 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.11.24+dfsg-1 Done: =?utf-8?q?Bastien_Roucari=C3=A8s?= <ro...@debian.org> We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 931...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Jul 2020 03:13:36 +0200 Source: imagemagick Architecture: source Version: 8:6.9.11.24+dfsg-1 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Closes: 921594 927828 927830 928206 928207 931189 931190 931191 931196 931447 931448 931449 931452 931453 931454 931455 931457 931633 931740 932079 941670 941671 947308 947309 947983 950282 953279 953741 955025 962110 Changes: imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium . * Acknowledge NMU * New upstream version: - Fix CVE-2019-11470: Cineon image parsing DOS (Closes: #927830). - Fix CVE-2019-11472: XWD image parsing DOS (Closes: #927828). - Fix CVE-2020-13902: Heap based overflow in TIFF image decoding. (Closes: #928207). - Fix CVE-2019-11598: Heap-based buffer over-read in PNM image decoding (Closes: #928206). - Fix CVE-2019-12974: NULL pointer dereference in pango coder. (Closes: #931196). - Fix CVE-2019-12977: use of uninitialized value" vulnerability in the WriteJP2Image of jp2 coder (Closes: #931191). - Fix CVE-2019-12978: use of uninitialized value" vulnerability in the pango coder. (Closes: #931190). - Fix CVE-2019-12979: use of uninitialized value" vulnerability in MagickCore/image.c (Closes: #931189). - Fix CVE-2019-13135: use of uninitialized value" vulnerability in the cut coder (Closes: #932079). - Fix CVE-2019-13295: Heap-based buffer over-read in MagickCore/threshold.c (Closes: #931457). - Fix CVE-2019-13297: Heap-based buffer over-read in MagickCore/threshold.c (Closes: #931455). - Fix CVE-2019-13300: heap-based buffer overflow in MagickCore/statistic.c (Closes: #931454). - Fix CVE-2019-13304: stack-based buffer overflow for PNM image (Closes: #931453). - Fix CVE-2019-13305: stack-based buffer overflow for PNM image (Closes: #931452). - Fix CVE-2019-13306: stack-based buffer overflow for PNM image (Closes: #931449). - Fix CVE-2019-13307: heap-based buffer overflow in MagickCore/statistic.c (Closes: #931448). - Fix CVE-2019-13308: heap-based buffer overflow in MagickCore/fourier.c (Closes: #931447). - Fix CVE-2019-13391: heap-based buffer over-read (Closes: #931633). - Fix CVE-2019-13454: Division by Zero in MagickCore/layer.c (Closes: #931740). - Fix CVE-2019-14981: divide-by-zero in MeanShiftImage (Closes: #955025). - Fix CVE-2019-15139: DOS for XWD images (Closes: #941670). - Fix CVE-2019-15140: DOS for mat images (Closes: #941671). - Fix CVE-2019-19948: Heap-based buffer overflow in SGI coder (Closes: #947308). - Fix CVE-2019-19949: Heap buffer over-read in PNG coder (Closes: #947309). - Fix CVE-2020-10251: out-of-bounds read vulnerability for HEIC coder (Closes: #953741). - Fix CVE-2020-13902: heap-based buffer over-read for TIFF coder. * Bug fix: "Updating the imagemagick Uploaders list", thanks to Tobias Frost (Closes: #962110). Thanks Nelson A. de Oliveira * Add link in api doc dir to assets javascript library * Fix a typo in convert man page (Closes: #953279,#947983,#921594). * Fix a pkgconfig error that pull q16 instead of q16hdri (Closes: #950282). Checksums-Sha1: e048304c5733775e5329658e3bcec3b0e8c47628 5079 imagemagick_6.9.11.24+dfsg-1.dsc 0608fc1533aea1fff9c24c8505e7d70a3402fe8b 9037972 imagemagick_6.9.11.24+dfsg.orig.tar.xz 26c694e9b970580d2eb0e14ea2e3af7899afc652 224972 imagemagick_6.9.11.24+dfsg-1.debian.tar.xz 2161f16b1c65dd38fad403eb75b12ca0af256f9e 12652 imagemagick_6.9.11.24+dfsg-1_source.buildinfo Checksums-Sha256: 3d16073f17e1428a549884e1ee4afbd9255cd9d6c1fb802d8f1575759fda49c5 5079 imagemagick_6.9.11.24+dfsg-1.dsc 23b737f3391e542c831c785280ea66e267e58ff0d0480b08a4607e90c24e8a16 9037972 imagemagick_6.9.11.24+dfsg.orig.tar.xz c8a28a0838e2b7a1aab2257806ad59d18d9859ae264a5adbc085d231e590e5ee 224972 imagemagick_6.9.11.24+dfsg-1.debian.tar.xz dd701d7c18301ec903f8130f88b0886118cbad4f224df58dfa40840825741e60 12652 imagemagick_6.9.11.24+dfsg-1_source.buildinfo Files: 41f603e5cfe585175769895cdfbfee5d 5079 graphics optional imagemagick_6.9.11.24+dfsg-1.dsc d248740e37f7aafeb4fa52923bd0331c 9037972 graphics optional imagemagick_6.9.11.24+dfsg.orig.tar.xz 5fd51f7ca1b69bee80e0f31f8f122427 224972 graphics optional imagemagick_6.9.11.24+dfsg-1.debian.tar.xz d0fb8244f24862150d53b99207bacfae 12652 graphics optional imagemagick_6.9.11.24+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAl8eszsACgkQADoaLapB CF/WDA//X4Q1YecrNovIPkxUiF1mBQ2mQw0ybBZcEddq5UR8RxnAz0dYv1mL6wDy YncJhMv9l6BkOv0vgw4/XPTtW7rIiYwJ2iCpI17k3yFXxDAZYataM0t4JufqcOWS 0PLBYfBaXmOvW4MdgAER7nII8aQ+lQq5i5+SharLB5f2OHipSMTk65yPKCGzMA3u LdQPHgLQUV+21ykRaY3GWYxre72dkGvgEDsREA3T5Dyc4koy8lw+Oz6TLCQJs9eW gdX5AjgsK/yC40RGvXFaTQi5es3Sxb+0RSTU9AKaCNEHhCZxpQZ2C1QyPXFMBu9L 64eGIhlJyI2OdoM7/KnWeK6TviiheY6gh894lP2DOZlfqhtcv55ixqep4Kznzz6D R5ZfKGldQgY9YCRsD3E0RJCRSMXOT6NIKU0FtY6ysTEaSX5OlP6d2qfYikd7jEjN f2FNqALim01jShl+ajFeVCCIT/bjAtA9n0vdks7Jv2Q9bLOaUn5dN7KVMPjjS9hj nr3x+SbGcHOgGmJ0UI8OkEgfmWmSTo2J/OGD7e9/juorm1Yo+84vmlv3QOlhj7E2 HJiqIpnGdAiOob2X5V1tK5//3ts2r80rYXW4iNA7ES2Uaxxe8vclyDyvDZLLxR3d 72tL7ofJXJuDZlIgjvbz21C1tqHZOXTamdhKT18v2UDBN+bKhOU= =HjO/ -----END PGP SIGNATURE-----
--- End Message ---
