Your message dated Fri, 18 Aug 2006 05:47:13 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#383333: fixed in graphicsmagick 1.1.7-7
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libmagick9
Version: 6.2.4.5.dfsg1-0.9
Severity: grave
Tags: security patch
http://www.overflow.pl/adv/imsgiheap.txt reported a buffer overflow in
the SGI parser (demo exploit linked in the report).
This has been assigned CVE-2006-4144, please mention this number in
the changelog when you fix this.
Ubuntu patch:
http://people.ubuntu.com/patches/imagemagick.CVE-2006-4144.diff
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.1.7-7
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive:
graphicsmagick-dbg_1.1.7-7_i386.deb
to pool/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-7_i386.deb
graphicsmagick-imagemagick-compat_1.1.7-7_all.deb
to
pool/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.1.7-7_all.deb
graphicsmagick-libmagick-dev-compat_1.1.7-7_all.deb
to
pool/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.1.7-7_all.deb
graphicsmagick_1.1.7-7.diff.gz
to pool/main/g/graphicsmagick/graphicsmagick_1.1.7-7.diff.gz
graphicsmagick_1.1.7-7.dsc
to pool/main/g/graphicsmagick/graphicsmagick_1.1.7-7.dsc
graphicsmagick_1.1.7-7_i386.deb
to pool/main/g/graphicsmagick/graphicsmagick_1.1.7-7_i386.deb
libgraphics-magick-perl_1.1.7-7_i386.deb
to pool/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-7_i386.deb
libgraphicsmagick++1-dev_1.1.7-7_i386.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-7_i386.deb
libgraphicsmagick++1_1.1.7-7_i386.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-7_i386.deb
libgraphicsmagick1-dev_1.1.7-7_i386.deb
to pool/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-7_i386.deb
libgraphicsmagick1_1.1.7-7_i386.deb
to pool/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kobras <[EMAIL PROTECTED]> (supplier of updated graphicsmagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 18 Aug 2006 11:50:42 +0200
Source: graphicsmagick
Binary: libgraphicsmagick++1 libgraphics-magick-perl libgraphicsmagick1-dev
libgraphicsmagick1 graphicsmagick-libmagick-dev-compat libgraphicsmagick++1-dev
graphicsmagick-dbg graphicsmagick graphicsmagick-imagemagick-compat
Architecture: source all i386
Version: 1.1.7-7
Distribution: unstable
Urgency: high
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Daniel Kobras <[EMAIL PROTECTED]>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing
ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing
ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++1 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++
development files
libgraphicsmagick1 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development
files
Closes: 383333
Changes:
graphicsmagick (1.1.7-7) unstable; urgency=high
.
* coders/sgi.c: Fix multiple heap overflow vulnerabilities in SGI coder
due to
+ missing boundary checks in SGIDecode();
+ missing validation of pixel depth field;
+ integer overflow via large columns and rows fields (CVE-2006-4144)
Closes: #383333
+ missing validation of chunk size fields (variable 'runlength') in
run-length encoded images.
* coders/sgi.c: Check for bogus values of 'bytes_per_pixel' and 'depth'.
* coders/sgi.c: Fix calculation of internal depth value.
Files:
fbad1e876eaec56ed26a08576be99d78 1063 graphics optional
graphicsmagick_1.1.7-7.dsc
fb9e91355d726c7d983214ccb03b5c1e 41200 graphics optional
graphicsmagick_1.1.7-7.diff.gz
9ce6850e1a5f96e44e4b1cf03d0f3152 924332 graphics optional
graphicsmagick_1.1.7-7_i386.deb
4acb15dd51cc9ebd32e79e70c8f178fc 1169436 libs optional
libgraphicsmagick1_1.1.7-7_i386.deb
719f21b8ab1d77ec6cea614634dcf24c 1527620 libdevel optional
libgraphicsmagick1-dev_1.1.7-7_i386.deb
65cbe783125d78812ed78eeacc764d8a 233964 libs optional
libgraphicsmagick++1_1.1.7-7_i386.deb
fc852769581cc792ce92dbd8f44b4847 511488 libdevel optional
libgraphicsmagick++1-dev_1.1.7-7_i386.deb
978c45747b0ec366ececb7916d4321f5 153436 perl optional
libgraphics-magick-perl_1.1.7-7_i386.deb
6de197093abfc7dd8ae91b23a72c98da 1313290 graphics extra
graphicsmagick-dbg_1.1.7-7_i386.deb
501a7acfe4d994e755d63c2be7bbd127 9264 graphics extra
graphicsmagick-imagemagick-compat_1.1.7-7_all.deb
88dd3dd626ad68665fff1fc338c3c210 12750 graphics extra
graphicsmagick-libmagick-dev-compat_1.1.7-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE5aEtpOKIA4m/fisRAtJqAJ0RWGjOrjM3eJy79L0B2Ug2mr3NdQCg4B6d
OcV+LtwRTyXHnFPoCYKEh+I=
=0SOe
-----END PGP SIGNATURE-----
--- End Message ---
