Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>;
Reported by: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Date: Sat, 8 Jul 2017 21:57:02 UTC
Severity: important
Tags: fixed-upstream, security
Found in versions imagemagick/8:6.9.7.4+dfsg-11, imagemagick/8:6.8.9.9-5+deb8u8, imagemagick/8:6.8.9.9-5+deb8u9, imagemagick/8:6.7.7.10-5+deb7u14, imagemagick/8:6.7.7.10-5+deb7u4, imagemagick/8:6.8.9.9-5
Fixed in versions imagemagick/8:6.9.7.4+dfsg-12, imagemagick/8:6.9.7.4+dfsg-11+deb9u1, imagemagick/8:6.8.9.9-5+deb8u10
Done: Bastien Roucariès <rouca@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://github.com/ImageMagick/ImageMagick/issues/491
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#867721
; Package src:imagemagick
.
(Sat, 08 Jul 2017 21:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Sat, 08 Jul 2017 21:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security X-Debbugs-CC: team@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/491 An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
Marked as found in versions imagemagick/8:6.8.9.9-5+deb8u8.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Sat, 08 Jul 2017 21:57:04 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.8.9.9-5+deb8u9.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Sat, 08 Jul 2017 21:57:05 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.7.7.10-5+deb7u14.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Sat, 08 Jul 2017 21:57:05 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.7.7.10-5+deb7u4.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Sat, 08 Jul 2017 21:57:06 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.8.9.9-5.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 08 Jul 2017 22:03:02 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from roucaries.bastien@gmail.com
to control@bugs.debian.org
.
(Sun, 09 Jul 2017 21:51:05 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org
.
(Thu, 13 Jul 2017 17:33:16 GMT) (full text, mbox, link).
Reply sent
to Bastien Roucariès <rouca@debian.org>
:
You have taken responsibility.
(Fri, 14 Jul 2017 13:57:12 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Bug acknowledged by developer.
(Fri, 14 Jul 2017 13:57:12 GMT) (full text, mbox, link).
Message #24 received at 867721-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-12 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 867721@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <rouca@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jul 2017 15:35:15 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.7.4+dfsg-12 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 863126 864273 864274 867367 867721 867778 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897 868184 868264 Changes: imagemagick (8:6.9.7.4+dfsg-12) unstable; urgency=medium . * Fix security bugs: + Previous CVE-2017-9144 fix was incomplete. A crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c (Closes: #863126) + CVE-2017-10928: A heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (Closes: #867367). + CVE-2017-9500: An assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (Closes: #867778). + CVE-2017-9501: An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (Closes: #867721). + CVE-2017-9440: A memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. (Closes: 864273). + CVE-2017-9439: A memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. (Closes: #864274). + CVE-2017-11188: CPU exhaustion in ReadDPXImage Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295. This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small. (Closes: #867806) + CVE-2017-11141: memory exhaustion in ReadMATImage When identify MAT file, imagemagick will allocate memory to store data in function ReadMATImage. Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate a anysize amount of memory, this may cause a memory exhaustion (Closes: #868264) + CVE-2017-11170: memory exhaustion in ReadTGAImage When identify VST file, imagemagick will allocate memory to store data in function ReadTGAImage in coders/tga.c using tga_info.bits_per_pixel field diretly from VST file without checking in tga.c By review the founction code, tga_info.bits_per_pixel max valid value is 32. On 32bit os, size_t one will be 32bit, so image->colors can be overflow to 0. On 64bit os, size_t one will be 64bit, so image->colors can be large as 0x100000000(64GB). (Closes: #868184) + Memory exhaustion in ReadCINImage When identify CIN file that contains User defined data, imagemagick will allocate memory to store the data in function ReadCINImage in coders\inc.c There is a security checking in the function SetImageExtent, but it after memory allocation, so IM can not control the memory usage (Closes: #867810) + CPU exhaustion in ReadRLEImage A corrupted rle file could trigger a DOS (Closes: #867808) + Memory leak in ReadDIBImage in dib.c The ReadDIBImage function in dib.c allows attackers to cause a denial of service (memory leak) via a small crafted dib file. (Closes: #867811) + Memory exhaustion in ReadDPXImage in dpx.c When identify DPX file that contains user header data, imagemagick will allocate memory to store the data in function ReadDPXImage in coders\dpx.c There is a security checking in the function SetImageExtent, but it is too late, so IM can not control the memory usage. (Closes: #867812) + Enable heap overflow check for stdin for mpc files Enabling seekable streams is required to ensure checking the blob size works when an image is streamed on stdin. (Closes: #867896) + Assertion failure in WriteBlob A crafted file revealed an assertion failure in blob.c. (Closes: #867798) + Memory exhaustion in ReadEPTImage in ept.c When identify EPT file , imagemagick will allocate memory to store the data. There is a security checking in the function SetImageExtent, but it is not used in the allocation function, so IM can not control the memory usage. (Closes: #867821) + CPU exhaustion in ReadOneJNGImage Due to lack of validation of PNG format, imagemagick could loop 2^32 in a CPU intensive loop. (Closes: #867824, #867825). + CPU exhaustion in ReadOneDJVUImag Due to lack of format validation, a crafted file will cause a loop to run endless. (Closes: #867826). + Zero pixel buffer Avoid a data leak in case of incorrect file by clearing a buffer (Closes: #867893). + memory leak in ReadMATImage in mat.c The ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a small crafted mat file. (Closes: #867823). + Avoid heap based overflow for jpeg A corrupted jpeg file could trigger an heap overflow (Closes: #867894). + Fix a memory leak in screenshot coder (Closes: #867897) Checksums-Sha1: 3d90914c6d86d4b36fbc80400725b25384f8735c 5137 imagemagick_6.9.7.4+dfsg-12.dsc 893fa5b030147239ca39394dc7a335dc7aa4934e 230416 imagemagick_6.9.7.4+dfsg-12.debian.tar.xz a59faecc6842d8fc0b26d6e9c3280dd73be53207 12956 imagemagick_6.9.7.4+dfsg-12_source.buildinfo Checksums-Sha256: f445c59ca48e8869b7676ed7336295c780478acfef00161a652f5a228a34cec3 5137 imagemagick_6.9.7.4+dfsg-12.dsc 8b91345baf34eeeadc6ea8e744a4d0f57ebf976c386833b55411b5faa862aa65 230416 imagemagick_6.9.7.4+dfsg-12.debian.tar.xz 856cd6486e65aa3170819b0430e65fcaeb59a8474f857ef4ee71295852ba18c8 12956 imagemagick_6.9.7.4+dfsg-12_source.buildinfo Files: a6227a37d15c2b19bf999fe91d4b373b 5137 graphics optional imagemagick_6.9.7.4+dfsg-12.dsc 20c4df2b2199408aee6abea9baacaed4 230416 graphics optional imagemagick_6.9.7.4+dfsg-12.debian.tar.xz e005c9489d784877411aef2032dd4b55 12956 graphics optional imagemagick_6.9.7.4+dfsg-12_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlloyNcACgkQADoaLapB CF92VA/6AsGc6Ezo71sxhMxClnTl6tentb3Zv+KAujRiNyOe8qwrdppL40mAYvaV NImBUxk26Fbypbvs9UxzBEb52BP5ZcOS7t/e/De5SPYdMlDpdzOFFs5ygvVU9MmZ eDAz3lRfnEAIVtLwrhYbxzfhsRNkXqrsmmSKge90Zc28VSO1vibE3Tu1VCYQJPzx gEe2K5ghTrbG/DRF6L96u+bilajP76GUQFbbTEjtd8XLczmrAMZgpWEXiG5ZqQBh OhvgjATw5WbiSbenErnxciCxu82wAOetsLtGwzwfrfDcOwqzfI6J5Oss6C1pf9uB YNbrP6EwmUzjm23qDunnyZdOUZngNs7JOJvN9MhK3udBOU0tqvEsq+qAtv89wnTi X7mWlHl5DAStNYFUIGgRnezJ+4IzXJHh5qsRC2WD3C8ebizvuRWUMy1RbT+07QaD 5D4lFuu3XQldfpmb/N3cGGPsD6WiwrigQeEdjA7XmDJbSmj2pACuuu+JJWq33dHU 3vLwND2qHBEBW9yaeQZf3zYYV22XzWxfu3s/a3PZZ/j88mHDrAWhCS3PEIvzi2g5 D0z/dJwt0/oykRPJAMln80eBqKnBdbeYKcwpE8IUM/pq/dg3y21diJj/fAaNbv36 FNmW9mELe3ZVTEBqkDITD054q1fJYKuCT8uBIZ0ElnP8o8hRZk4= =m2Hc -----END PGP SIGNATURE-----
Reply sent
to Bastien Roucariès <rouca@debian.org>
:
You have taken responsibility.
(Sat, 22 Jul 2017 21:21:17 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Bug acknowledged by developer.
(Sat, 22 Jul 2017 21:21:17 GMT) (full text, mbox, link).
Message #29 received at 867721-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 867721@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <rouca@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jul 2017 15:56:50 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u1 Distribution: stretch-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 863126 864273 864274 867367 867721 867778 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897 868184 868264 Changes: imagemagick (8:6.9.7.4+dfsg-11+deb9u1) stretch-security; urgency=high . * Fix security bugs: + Previous CVE-2017-9144 fix was incomplete. A crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c (Closes: #863126) + CVE-2017-10928: A heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (Closes: #867367). + CVE-2017-9500: An assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (Closes: #867778). + CVE-2017-9501: An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (Closes: #867721). + CVE-2017-9440: A memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. (Closes: 864273). + CVE-2017-9439: A memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. (Closes: #864274). + CVE-2017-11188: CPU exhaustion in ReadDPXImage Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295. This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small. (Closes: #867806) + CVE-2017-11141: memory exhaustion in ReadMATImage When identify MAT file, imagemagick will allocate memory to store data in function ReadMATImage. Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate a anysize amount of memory, this may cause a memory exhaustion (Closes: #868264) + CVE-2017-11170: memory exhaustion in ReadTGAImage When identify VST file, imagemagick will allocate memory to store data in function ReadTGAImage in coders/tga.c using tga_info.bits_per_pixel field diretly from VST file without checking in tga.c By review the founction code, tga_info.bits_per_pixel max valid value is 32. On 32bit os, size_t one will be 32bit, so image->colors can be overflow to 0. On 64bit os, size_t one will be 64bit, so image->colors can be large as 0x100000000(64GB). (Closes: #868184) + Memory exhaustion in ReadCINImage When identify CIN file that contains User defined data, imagemagick will allocate memory to store the data in function ReadCINImage in coders\inc.c There is a security checking in the function SetImageExtent, but it after memory allocation, so IM can not control the memory usage (Closes: #867810) + CPU exhaustion in ReadRLEImage A corrupted rle file could trigger a DOS (Closes: #867808) + Memory leak in ReadDIBImage in dib.c The ReadDIBImage function in dib.c allows attackers to cause a denial of service (memory leak) via a small crafted dib file. (Closes: #867811) + Memory exhaustion in ReadDPXImage in dpx.c When identify DPX file that contains user header data, imagemagick will allocate memory to store the data in function ReadDPXImage in coders\dpx.c There is a security checking in the function SetImageExtent, but it is too late, so IM can not control the memory usage. (Closes: #867812) + Enable heap overflow check for stdin for mpc files Enabling seekable streams is required to ensure checking the blob size works when an image is streamed on stdin. (Closes: #867896) + Assertion failure in WriteBlob A crafted file revealed an assertion failure in blob.c. (Closes: #867798) + Memory exhaustion in ReadEPTImage in ept.c When identify EPT file , imagemagick will allocate memory to store the data. There is a security checking in the function SetImageExtent, but it is not used in the allocation function, so IM can not control the memory usage. (Closes: #867821) + CPU exhaustion in ReadOneJNGImage Due to lack of validation of PNG format, imagemagick could loop 2^32 in a CPU intensive loop. (Closes: #867824, #867825). + CPU exhaustion in ReadOneDJVUImag Due to lack of format validation, a crafted file will cause a loop to run endless. (Closes: #867826). + Zero pixel buffer Avoid a data leak in case of incorrect file by clearing a buffer (Closes: #867893). + memory leak in ReadMATImage in mat.c The ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a small crafted mat file. (Closes: #867823). + Avoid heap based overflow for jpeg A corrupted jpeg file could trigger an heap overflow (Closes: #867894). + Fix a memory leak in screenshot coder (Closes: #867897) Checksums-Sha1: 75c760a9594e33dd695dfd2f2b9dc4e0b8a07e34 5165 imagemagick_6.9.7.4+dfsg-11+deb9u1.dsc 8b59ad4ca982549cdc3910ae1312c9c7681989f8 8929800 imagemagick_6.9.7.4+dfsg.orig.tar.xz a40e34dab0ec1632591dfa41e292da80d4c0e822 230280 imagemagick_6.9.7.4+dfsg-11+deb9u1.debian.tar.xz 232cbb9a9f8be294e9e5dc97bc053902bcd4b2ad 183304 imagemagick-6-common_6.9.7.4+dfsg-11+deb9u1_all.deb 2b4a2d24969645a612a0a604d9667efc4b815c1a 7524438 imagemagick-6-doc_6.9.7.4+dfsg-11+deb9u1_all.deb fcfeb0f26ca258b0d3113c64a1602081814656f7 92426 imagemagick-6.q16-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb f7a4ad4e409f1368f9c1229a631ec745eb8ffd0d 561650 imagemagick-6.q16_6.9.7.4+dfsg-11+deb9u1_amd64.deb 43188ad4230bba3a76e4b86f81556e312ed23922 92412 imagemagick-6.q16hdri-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 32029aadb57d5c9b8ea102a54b4d1aeec66346fd 561874 imagemagick-6.q16hdri_6.9.7.4+dfsg-11+deb9u1_amd64.deb 826c61864725f71dc7052bf82684b62c03252ca1 1404 imagemagick-common_6.9.7.4+dfsg-11+deb9u1_all.deb 7a9c82101636940327402f314dfeecce7573febe 1452 imagemagick-doc_6.9.7.4+dfsg-11+deb9u1_all.deb 683219c2a603e4150b7088b1e6648ebb200725e0 28967 imagemagick_6.9.7.4+dfsg-11+deb9u1_amd64.buildinfo 2e0ab10ee4e428e6c31825ada9b0a4069ff84013 140314 imagemagick_6.9.7.4+dfsg-11+deb9u1_amd64.deb 49e3ecbb4d687a3063031b0d0ecc526a98685ccd 53288 libimage-magick-perl_6.9.7.4+dfsg-11+deb9u1_all.deb 2e583bd16678318c1edc89f714dcea3ff6546ae5 189186 libimage-magick-q16-perl-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb c2b7330b1d1a125d7f492b9fedb9c4916aec1aac 223702 libimage-magick-q16-perl_6.9.7.4+dfsg-11+deb9u1_amd64.deb 4eb84221cbc117ed73e5d7ea431eb0b297ea150b 188142 libimage-magick-q16hdri-perl-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 066b77619338b0b6ae364d17888e51dd7f36ceb3 223302 libimage-magick-q16hdri-perl_6.9.7.4+dfsg-11+deb9u1_amd64.deb 57e5c180fcec898bfb6d191dc2e448fb292a0b99 47118 libmagick++-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb b5d8ea03de8cc87da02926ee3feae155e9c51df5 985330 libmagick++-6.q16-7-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 8bf80746f8f3843094613ca9bb84183792424ec6 271644 libmagick++-6.q16-7_6.9.7.4+dfsg-11+deb9u1_amd64.deb 6cc788d6fb192625e3be5efb53c4481e5677a3e3 245466 libmagick++-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 8e859a5b8e6a2d1956a4bff031fdad343a45a946 984174 libmagick++-6.q16hdri-7-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 7a4bdba2337c29435dc6c8c4e0502b7c692e9b5d 256122 libmagick++-6.q16hdri-7_6.9.7.4+dfsg-11+deb9u1_amd64.deb e81380696fd81dc60a7e48a2665b95d1b8dc65f7 244644 libmagick++-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 124dee3556fe9544107984ecc59ed9018a6e7478 1292 libmagick++-dev_6.9.7.4+dfsg-11+deb9u1_all.deb a7eef85700ffab907b340c2f546280421b2a4495 147758 libmagickcore-6-arch-config_6.9.7.4+dfsg-11+deb9u1_amd64.deb f80f4c8423ba9e3154c1edf7db8da1cad599a1d0 46950 libmagickcore-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb 874cf5da5703e6905e7ea4a62aa98c6634dfb62b 4450374 libmagickcore-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 96e340da677d901360718aa70fa3471979e12ed3 174368 libmagickcore-6.q16-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 62955bbf911e20ba1df88fa56efb3ea59d2c5a2e 189236 libmagickcore-6.q16-3-extra_6.9.7.4+dfsg-11+deb9u1_amd64.deb 19a0d530fdd92dd893b412e955a6d2111fcd7b6a 1740546 libmagickcore-6.q16-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb 0639cada8f64253bfc3aa764bfbdb40f8282d10a 1091262 libmagickcore-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 3489a5a6fafa0803eb7baa57da34f9ea4ca8c6e0 4427776 libmagickcore-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb b53b4872d8e3048e1b80be430cc96130577f62db 174136 libmagickcore-6.q16hdri-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb b45049a1709849b1fd561a19e46cbe6d5651d625 189064 libmagickcore-6.q16hdri-3-extra_6.9.7.4+dfsg-11+deb9u1_amd64.deb 7672312832d4cca121ca2b1215e1e593eb51295c 1746286 libmagickcore-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb 6caef9d81e6be139720ef7a706e1f6dda9c45261 1087424 libmagickcore-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 059ffcc1c06db7eec6360669192562b9db50d7d3 1260 libmagickcore-dev_6.9.7.4+dfsg-11+deb9u1_all.deb 5f9625795f110594da64724a260c56975a833047 10458 libmagickwand-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb 641719a0c665aceb29135a336156599932e35c19 672624 libmagickwand-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 339df046679f8f9697dcd1c4116dc37d2563bff6 420470 libmagickwand-6.q16-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb e45dbbd614ad0acec3d2198b1bd02c5764f7fca8 417724 libmagickwand-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 1330fa50dc0640e568a78d1c053747c1c4aba985 669028 libmagickwand-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 227bbaa6e42e7b72220790d47f2e17b424ac2f96 421202 libmagickwand-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb b58fff828a7a7080bc37a8b414aec66f8f4d0d1f 416532 libmagickwand-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb d8e98fd6788a326baaa6dc958397660940b20177 1250 libmagickwand-dev_6.9.7.4+dfsg-11+deb9u1_all.deb 5f0f9873034ad96e2b86ac9c60317eaf33eb4842 1268 perlmagick_6.9.7.4+dfsg-11+deb9u1_all.deb Checksums-Sha256: 0d21c5f12c9bf494291114133859b4325cdfc36632d1859c32feadb36b0fbbc8 5165 imagemagick_6.9.7.4+dfsg-11+deb9u1.dsc 47fb2cdd26f5913318c4504f16ea363e04d1f400dda9ec52e461ab661d724026 8929800 imagemagick_6.9.7.4+dfsg.orig.tar.xz a68636c822d2782ea0567c92eac903381b12223d75b01b77e64a79cb7182e90f 230280 imagemagick_6.9.7.4+dfsg-11+deb9u1.debian.tar.xz 004150f46e7ccf6cebd5dad06a5857e993d1a1fc22adec0af8e292a942859fdc 183304 imagemagick-6-common_6.9.7.4+dfsg-11+deb9u1_all.deb 94645ad3cffdf8b21f200481b0c1bf9e68361d399fcc8fdf943c15a420a96d58 7524438 imagemagick-6-doc_6.9.7.4+dfsg-11+deb9u1_all.deb b7f10bbf6828c4422289a5df9846576393b6b9d2d0210e9744060423dd6bd9ff 92426 imagemagick-6.q16-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 32a668a09dba6e95d66f16ce20ac89b612db55fd8c074b9c593c240c9dab2acb 561650 imagemagick-6.q16_6.9.7.4+dfsg-11+deb9u1_amd64.deb 61fde99cedb073a53dd3aceeb6fe90ae0e20514f6115d019322d82a7a6dd5791 92412 imagemagick-6.q16hdri-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb c1c4f4847746f074784fe15e51216c6c2b6fc6407431a5175ba77f6343bfd5c0 561874 imagemagick-6.q16hdri_6.9.7.4+dfsg-11+deb9u1_amd64.deb fc7dc86bfec592ac0c40ef237c18c12d0c4fb00804192cc4c3619c8e3397a153 1404 imagemagick-common_6.9.7.4+dfsg-11+deb9u1_all.deb cd69c440bdf0b79675e14859cfbbe2bf0011f7f379dd65c2a5cb458c006bb60e 1452 imagemagick-doc_6.9.7.4+dfsg-11+deb9u1_all.deb 6229cf08348e15f14bda7ccf5539b6504c5a68afe1e65f9af2ffc0ca9680fba1 28967 imagemagick_6.9.7.4+dfsg-11+deb9u1_amd64.buildinfo 46e11e4b38685fa73d3eb99c4a2a24ecbbe3ccdddc14fc98aba7bbf17edc346a 140314 imagemagick_6.9.7.4+dfsg-11+deb9u1_amd64.deb 42067cdc86f348be7f0205ef8b99085008489c174c755deeb6ee886285c369aa 53288 libimage-magick-perl_6.9.7.4+dfsg-11+deb9u1_all.deb 4f1f4fdc34adcefac50bd678a26d9d7836b723e4a6de1c169354bda2349b426f 189186 libimage-magick-q16-perl-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 1ccdaec9cece8375cdad2760476c286338c94d71441294d332fe24f2798abdcc 223702 libimage-magick-q16-perl_6.9.7.4+dfsg-11+deb9u1_amd64.deb bf896c5750744cd2ff76077d38af260f3df4673cede9bc4440014e25041dd3ce 188142 libimage-magick-q16hdri-perl-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb dc12ec223c1d514ae9bb8e8f734bd178d0af58b01b9d3531263427b3aef64b39 223302 libimage-magick-q16hdri-perl_6.9.7.4+dfsg-11+deb9u1_amd64.deb 20e8d4559e18701995978e18e181b40b69c93f3f25d6e844d9d88a527e646195 47118 libmagick++-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb 41db8ea542bdd2521022c2dfcc47928e29f094e9cfa63ba4c8e7c572e1926ea0 985330 libmagick++-6.q16-7-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb ca4238120c6249381de80362e02345d677944e27f543d77ec56723bedc1d92dd 271644 libmagick++-6.q16-7_6.9.7.4+dfsg-11+deb9u1_amd64.deb 23620d74c2ad81e78c240882d7272aa3ff38585f6d1b81ab3af74500961e61db 245466 libmagick++-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 33bf113feb10432c66f9a197bdbb7654ff0bdc27986105bd66eb1dee26eebc8e 984174 libmagick++-6.q16hdri-7-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb f7f140bfdcc80eb941bb5e6e70a08d6f3efda2c2f02125993ce09f1a5e49c20d 256122 libmagick++-6.q16hdri-7_6.9.7.4+dfsg-11+deb9u1_amd64.deb 577770cd2aba9693e87bfa46cdedace9b1d004988dfa5f68ea0099d71eccb00c 244644 libmagick++-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb c665fa7c983dd9dfab0349ef36d80d0f85bbd94426083f4663196c7d426bd417 1292 libmagick++-dev_6.9.7.4+dfsg-11+deb9u1_all.deb 7b1082527e943b5170b1666d24f2866ed4ab5a3c9a6016d0f29935e8d20217c2 147758 libmagickcore-6-arch-config_6.9.7.4+dfsg-11+deb9u1_amd64.deb 9b9de009b5734233744c77f867bd53cf1bafd714feacba3835969bbc255ca4b9 46950 libmagickcore-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb 4395f658303f60461f2caefa5559ab6d80538b0286b645ef6fb9d9dddd74edce 4450374 libmagickcore-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb becb638365f93f1e0a575b44325dbe6177f02bd0d2732a56b3c05b29ab8ee9fe 174368 libmagickcore-6.q16-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 8a98ee2ca63d8e3f4796543fec379363ade24b031f079f37191975ad983d2461 189236 libmagickcore-6.q16-3-extra_6.9.7.4+dfsg-11+deb9u1_amd64.deb 1d15a8aaafbce557d34c4afaffa0aed38da0e7be72b0c166d641e0b9e2fe95d1 1740546 libmagickcore-6.q16-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb cf1288acbd24791683ee6f03943cc6f02d5b1cf07069499b46e2b286da16978b 1091262 libmagickcore-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb d49d8c46ff419a1ec56309ce54f0f5f90a13b765dd4ff30f2e87ed0f13c4563d 4427776 libmagickcore-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 22ffe15986f5ad456a0b55fddb0848424d7ece80848601ca4e1b8bd7204bd4c7 174136 libmagickcore-6.q16hdri-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 05d1e6f8c44dbfb1895cd9caca8641d424b7d57339d7e00b2eb2a592f5a4cdae 189064 libmagickcore-6.q16hdri-3-extra_6.9.7.4+dfsg-11+deb9u1_amd64.deb a648b235c6ba8b52d724a562bb764049e4b4eca3f0cd7af23dbe1b40e7eb2ee6 1746286 libmagickcore-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb cc3b73500311d975203475504b3096a0171b606aa8521ffd4cee6cf0f89c4632 1087424 libmagickcore-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 12859a61a8d0379390c6a708cbb27029f04b986056938e45bf951d0ec6a57e6a 1260 libmagickcore-dev_6.9.7.4+dfsg-11+deb9u1_all.deb 49982ec6bdd13e1b0819d3f6a9a1621f18c6ba26bd42091cde2a715315e874ba 10458 libmagickwand-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb 577387a7b8e2ec3b2aefc34b7f156862c1cabc7df812093868f3451097eae024 672624 libmagickwand-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb d2792f13cfbda44afa4ad3406d6081defacdb5ef231f4d6f46ccf86c388aa5a8 420470 libmagickwand-6.q16-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb 2e28d5f7873600b6022d96003ab8a095caa1dc23860ffde7d6f2605fdf3d467e 417724 libmagickwand-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 7b7c2387d9acd30eaa43f2475e2293c1aa1fa30d3fa05c40d6c9d68fe051cb6f 669028 libmagickwand-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 74110c010ce8df0ee8dcb5e4a2de6326d3b53ae64cf4390b6feb332aa482fb3f 421202 libmagickwand-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb 6fa31c2f2e59ecb295d06c15de2ddbeb3d3063df4d052ef8be0c793ce0ad057b 416532 libmagickwand-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb ef074ced28d45e34e7d7c11cfb5492e8052a1cee17a37caabd34b914b2100146 1250 libmagickwand-dev_6.9.7.4+dfsg-11+deb9u1_all.deb c7221561082fae8b6aa41905a527805bdcf9c4b94b09a9384052ab825577fc62 1268 perlmagick_6.9.7.4+dfsg-11+deb9u1_all.deb Files: b9a04fd67d8d254e3bb05bb0f33b2a1d 5165 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u1.dsc a43e39ad84d37e9ffcec5346bf12e446 8929800 graphics optional imagemagick_6.9.7.4+dfsg.orig.tar.xz 7c20fcea588eb77293a1000f289d36f5 230280 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u1.debian.tar.xz fafac2cc861f29ee026adb5f5c949bbf 183304 graphics optional imagemagick-6-common_6.9.7.4+dfsg-11+deb9u1_all.deb 7d3e69b6b6427709d1825131369c9b6d 7524438 doc optional imagemagick-6-doc_6.9.7.4+dfsg-11+deb9u1_all.deb d28467e936f6c3d0647d94e3a445649f 92426 debug extra imagemagick-6.q16-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 209e4bfeb43d54faf0cee616dcf73157 561650 graphics optional imagemagick-6.q16_6.9.7.4+dfsg-11+deb9u1_amd64.deb 894a7601b8e2240a28dea508755b093d 92412 debug extra imagemagick-6.q16hdri-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb baf2e0b1bb30f526009d7024af452db5 561874 graphics optional imagemagick-6.q16hdri_6.9.7.4+dfsg-11+deb9u1_amd64.deb 7b91b773e3520ddca74d75d2c6b05806 1404 oldlibs extra imagemagick-common_6.9.7.4+dfsg-11+deb9u1_all.deb a35304311060473f36dc0d68959b5804 1452 oldlibs extra imagemagick-doc_6.9.7.4+dfsg-11+deb9u1_all.deb d3ceb4513fef0070677f5653ddb0b4d8 28967 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u1_amd64.buildinfo 60acf13e473ba03644d2169c244475c4 140314 oldlibs extra imagemagick_6.9.7.4+dfsg-11+deb9u1_amd64.deb 3dd8f991f8ff58bfca3c3380e94eda43 53288 perl optional libimage-magick-perl_6.9.7.4+dfsg-11+deb9u1_all.deb be0e09502012d5774e9854945d499310 189186 debug extra libimage-magick-q16-perl-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 46d9abda34191cbc24a497673f258aa8 223702 perl optional libimage-magick-q16-perl_6.9.7.4+dfsg-11+deb9u1_amd64.deb ef854638a82f2a64e91d1db27091179e 188142 debug extra libimage-magick-q16hdri-perl-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 0f38cee4a2f60afb69846e4d5b2f740a 223302 perl optional libimage-magick-q16hdri-perl_6.9.7.4+dfsg-11+deb9u1_amd64.deb b8fe1a08e929fdaba23b0ea991b43d89 47118 libdevel optional libmagick++-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb 594b1cb504677634f9a2ef9836b399e2 985330 debug extra libmagick++-6.q16-7-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 5fa2a8356c6ac22bd004bd07dccdfc36 271644 libs optional libmagick++-6.q16-7_6.9.7.4+dfsg-11+deb9u1_amd64.deb 7f5744988a7dc40f6b80fbaf8a0298dc 245466 libdevel optional libmagick++-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb 4a0fa13de042154df6eadbfab9d8ae03 984174 debug extra libmagick++-6.q16hdri-7-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 1a471f12e15a04d8a38812ce213bbb51 256122 libs optional libmagick++-6.q16hdri-7_6.9.7.4+dfsg-11+deb9u1_amd64.deb 55d3caff966ac46b10de77d6cd98638c 244644 libdevel optional libmagick++-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb a2e331fc957e4236d382f2bc5394589e 1292 oldlibs extra libmagick++-dev_6.9.7.4+dfsg-11+deb9u1_all.deb c984856e00c6ca011ea3c9a2fc6d15a8 147758 libdevel optional libmagickcore-6-arch-config_6.9.7.4+dfsg-11+deb9u1_amd64.deb 37691b38286c18796cf5ef777196bb75 46950 libdevel optional libmagickcore-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb c866b1731c099beed7de5280f2764f05 4450374 debug extra libmagickcore-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb d680b7ef6ac9a34050c5ebc0ae35de45 174368 debug extra libmagickcore-6.q16-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 330c3f5fe0f136a1c24fe9829c82ddcc 189236 libs optional libmagickcore-6.q16-3-extra_6.9.7.4+dfsg-11+deb9u1_amd64.deb a6395cc60fb15516ad57349f7f6ab1ea 1740546 libs optional libmagickcore-6.q16-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb 855e0eeac3f9c55ddef6e40130972964 1091262 libdevel optional libmagickcore-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb e6b8a81ea6dee67b859fa3b7057cbb52 4427776 debug extra libmagickcore-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 94a4f18e8b6d8b72c8c777a03eade4b7 174136 debug extra libmagickcore-6.q16hdri-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 28ff9ebef7dd63077f5fe6a96248386b 189064 libs optional libmagickcore-6.q16hdri-3-extra_6.9.7.4+dfsg-11+deb9u1_amd64.deb 3458ac8b7e501d7ed03afad2ae3dbfe3 1746286 libs optional libmagickcore-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb d157fc9eba9ea74158f994fc930c64d7 1087424 libdevel optional libmagickcore-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb f24666597ab21fdd298cd74b2150f2c7 1260 oldlibs extra libmagickcore-dev_6.9.7.4+dfsg-11+deb9u1_all.deb 15ca3ea571d55341cff162d996cb2f30 10458 libdevel optional libmagickwand-6-headers_6.9.7.4+dfsg-11+deb9u1_all.deb 9733b99bf6dc4207299399fb544611da 672624 debug extra libmagickwand-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb 4b8afe16d28879dc2d1025fea6308aab 420470 libs optional libmagickwand-6.q16-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb bcdc656c1b560a84e95d59a3edce9c91 417724 libdevel optional libmagickwand-6.q16-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb cc2adc95810526117077c952f2836db4 669028 debug extra libmagickwand-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u1_amd64.deb a0e093122f494ccc6eab00fe7999eaa0 421202 libs optional libmagickwand-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u1_amd64.deb 82f828bde90aea4ddd206de3c5471a0d 416532 libdevel optional libmagickwand-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u1_amd64.deb fa9a922420704c293e9e9082df5ca153 1250 oldlibs extra libmagickwand-dev_6.9.7.4+dfsg-11+deb9u1_all.deb 001fa611900fb526553eec4b2e7655fd 1268 oldlibs extra perlmagick_6.9.7.4+dfsg-11+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAllpKPEACgkQADoaLapB CF/t3xAAi6g/NLtafFt3qlDptcAUSddzxmVy74Hzo1158JNb+xBr4qNg9rNBK/JU FvbEM7OmU7NYY3Glqd9W6KXpmbABr5PN38uy5E4aGmOxY7dBn7sWUJHbXk+3o/Xg p8ecDS7ZJUpAv5swPC54A3CSbRMTyfTO8tOlsVfzX/DmT/LsixwYs2XxW6r51pHl w3XRksMOD7OVL/XQEeKoBUT2ta+k1gP6/dg4HLWfE9Vbr/W1hJM/F4uBVObKVBKl +XC+AJiq9fkTJ9eqIFG9O/nYtvbOpFg/ltRPv6oP7hsd39uk0qoODC5aDa5Gtq/+ k4OV54ZBA2zs+1VzBs4wLDG81fuKoXLpbPpkhewpFVgiWPHPuk/GNL/ATVbbj+jb IclYONFkmuztFyysKogC6QvTTQ0r2W3XaH8fwvdHid4t5dJulfjFWUUjqS1YI5CA YnXYGmKQpFhRmHaQATHT9KHOwfyura3TrvO7+zxh4D2Eqm+CusM2CHCtkvz0FCpQ nTfdK5JBOn2L7y9GoD8jK7YmHZVlVRPXjMe0sO6GuKeh9320mth46iy7N/98oQLV 4iGGYrUJdwEGkoUC2yGMsbc6G7N5lUiCfH+TlKkgcd3x4ek9n1REVuI+ewKQyfZ7 7oc+n/d9jUwFT3s8Mmo/8n8ISiyzGlM+2S2/cIBA2en0enHG91w= =hi0E -----END PGP SIGNATURE-----
Reply sent
to Bastien Roucariès <rouca@debian.org>
:
You have taken responsibility.
(Sat, 22 Jul 2017 21:21:19 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Bug acknowledged by developer.
(Sat, 22 Jul 2017 21:21:19 GMT) (full text, mbox, link).
Message #34 received at 867721-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u10 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 867721@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <rouca@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 Jul 2017 10:32:14 +0200 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u10 Distribution: jessie-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 863126 863833 863834 864087 864089 864273 864274 867367 867721 867778 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897 868184 868264 Changes: imagemagick (8:6.8.9.9-5+deb8u10) jessie-security; urgency=high . * Fix security bugs: + Previous CVE-2017-9144 fix was incomplete. A crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c (Closes: #863126) + CVE-2017-10928: A heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (Closes: #867367). + CVE-2017-9500: An assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (Closes: #867778). + CVE-2017-9501: An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (Closes: #867721). + CVE-2017-9440: A memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. (Closes: 864273). + CVE-2017-9439: A memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. (Closes: #864274). + CVE-2017-11188: CPU exhaustion in ReadDPXImage Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295. This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small. (Closes: #867806) + CVE-2017-11141: memory exhaustion in ReadMATImage When identify MAT file, imagemagick will allocate memory to store data in function ReadMATImage. Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate a anysize amount of memory, this may cause a memory exhaustion (Closes: #868264) + CVE-2017-11170: memory exhaustion in ReadTGAImage When identify VST file, imagemagick will allocate memory to store data in function ReadTGAImage in coders/tga.c using tga_info.bits_per_pixel field diretly from VST file without checking in tga.c By review the founction code, tga_info.bits_per_pixel max valid value is 32. On 32bit os, size_t one will be 32bit, so image->colors can be overflow to 0. On 64bit os, size_t one will be 64bit, so image->colors can be large as 0x100000000(64GB). (Closes: #868184) + Memory exhaustion in ReadCINImage When identify CIN file that contains User defined data, imagemagick will allocate memory to store the data in function ReadCINImage in coders\inc.c There is a security checking in the function SetImageExtent, but it after memory allocation, so IM can not control the memory usage (Closes: #867810) + CPU exhaustion in ReadRLEImage A corrupted rle file could trigger a DOS (Closes: #867808) + Memory leak in ReadDIBImage in dib.c The ReadDIBImage function in dib.c allows attackers to cause a denial of service (memory leak) via a small crafted dib file. (Closes: #867811) + Memory exhaustion in ReadDPXImage in dpx.c When identify DPX file that contains user header data, imagemagick will allocate memory to store the data in function ReadDPXImage in coders\dpx.c There is a security checking in the function SetImageExtent, but it is too late, so IM can not control the memory usage. (Closes: #867812) + Enable heap overflow check for stdin for mpc files Enabling seekable streams is required to ensure checking the blob size works when an image is streamed on stdin. (Closes: #867896) + Assertion failure in WriteBlob A crafted file revealed an assertion failure in blob.c. (Closes: #867798) + Memory exhaustion in ReadEPTImage in ept.c When identify EPT file , imagemagick will allocate memory to store the data. There is a security checking in the function SetImageExtent, but it is not used in the allocation function, so IM can not control the memory usage. (Closes: #867821) + CPU exhaustion in ReadOneJNGImage Due to lack of validation of PNG format, imagemagick could loop 2^32 in a CPU intensive loop. (Closes: #867824, #867825). + CPU exhaustion in ReadOneDJVUImag Due to lack of format validation, a crafted file will cause a loop to run endless. (Closes: #867826). + Zero pixel buffer Avoid a data leak in case of incorrect file by clearing a buffer (Closes: #867893). + memory leak in ReadMATImage in mat.c The ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a small crafted mat file. (Closes: #867823). + Avoid heap based overflow for jpeg A corrupted jpeg file could trigger an heap overflow (Closes: #867894). + Fix a memory leak in screenshot coder (Closes: #867897) + CVE-2017-9409: Memory leak in the icon file coder. (Closes: #864087) + CVE-2017-9407: the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #864089). + CVE-2017-9409: the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) + CVE-2017-9262: Memory leak in the ReadJNGImage function (Closes: #863834). + CVE-2017-9261: Memory leak in the ReadMNGImage function (Closes: #863833). Checksums-Sha1: 4d7e2fd3f9f406340bef41dc46e5b772187df970 4228 imagemagick_6.8.9.9-5+deb8u10.dsc af671e2222e4ae1e81fa8e2fd123337f24d61484 286116 imagemagick_6.8.9.9-5+deb8u10.debian.tar.xz e6cdcaa4d1ddebe5e7966b5d84e6a28fe4f0b7de 153774 imagemagick-common_6.8.9.9-5+deb8u10_all.deb c6f6dd7ffd27565f4b14f6a0c44a7fd78fa0605e 7540908 imagemagick-doc_6.8.9.9-5+deb8u10_all.deb a15ab11982ba093dc9325687ba49120389c29cc7 172196 libmagickcore-6-headers_6.8.9.9-5+deb8u10_all.deb 188a7e77f7c190a5bebe2d93afeedd1581927ec2 134380 libmagickwand-6-headers_6.8.9.9-5+deb8u10_all.deb 19e3d9fd29ed103c63e55438f7b20e30d21fb026 170900 libmagick++-6-headers_6.8.9.9-5+deb8u10_all.deb 2376f6674301f91de5f2ea5c408e605995e0dc6f 159152 imagemagick_6.8.9.9-5+deb8u10_amd64.deb 058865a96ffe0c44d9bc6ae37d3e8ade706d4c15 178348 libimage-magick-perl_6.8.9.9-5+deb8u10_all.deb 4a2d4e076094fab96d2f3d1fcb23cb7af24ffdc8 133166 libmagickcore-6-arch-config_6.8.9.9-5+deb8u10_amd64.deb f66ccb36ef0132b5d2205a4d53d38795b94bf3bf 512374 imagemagick-6.q16_6.8.9.9-5+deb8u10_amd64.deb 553328974c23ce528a69646564861888af77ea9e 1694626 libmagickcore-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb fe4a2ebcf2587a289e99c99d68716b6f508a55b5 174634 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u10_amd64.deb e51b3fb83e02cf8e2dc837b9c339176b5d1b76c4 1030982 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb a70702db86cf993f7dafe9118b19db0ce9e68944 408584 libmagickwand-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb 31869e7df68386feaf43602bf4adaeebf48d8d0f 395078 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb f6cdb0e755267047d2839414be6c4ab1ed502a5a 258032 libmagick++-6.q16-5_6.8.9.9-5+deb8u10_amd64.deb 685ecdc2955c7cabb3f2dff8cb99001606f23aa3 226460 libmagick++-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb 068c5cb5596004842fc9f0eaa7e64dfda09b0566 5008100 imagemagick-dbg_6.8.9.9-5+deb8u10_amd64.deb b45b44c92eb6eb7b66ffc587d540034d51a6b2e5 225510 libimage-magick-q16-perl_6.8.9.9-5+deb8u10_amd64.deb a00953994a916f2f644f73667acaf59efb6c8735 125618 perlmagick_6.8.9.9-5+deb8u10_all.deb 19a09f1326c1927444d67f4693fb06206a74e672 125596 libmagickcore-dev_6.8.9.9-5+deb8u10_all.deb df509b2e174f4738a671710698d70dcb9e72ac9e 125578 libmagickwand-dev_6.8.9.9-5+deb8u10_all.deb 7ed630d1b92a941a737741637f2c469d4b2de9f5 125616 libmagick++-dev_6.8.9.9-5+deb8u10_all.deb Checksums-Sha256: 96bae3c6468f12c6292e99e8e8fdb5e0ed66e58843b803e52bcbaf13a3dc715b 4228 imagemagick_6.8.9.9-5+deb8u10.dsc a9664cde38586f09a7d29718136c5a083fc0b854ca862d7cbd5b6151a5009452 286116 imagemagick_6.8.9.9-5+deb8u10.debian.tar.xz 5ef9d535456ad694da8d96283cc4fcc9c48696e9d6283013933febe1904c8d64 153774 imagemagick-common_6.8.9.9-5+deb8u10_all.deb 835016a77d78d1d43ea9837a425f3441a7f2bcfa5d2c081cded5a2f4cf5809d2 7540908 imagemagick-doc_6.8.9.9-5+deb8u10_all.deb cd9343aace86cb0c31633e9e57cc215861dc95e7b76b9c6dba88530387a79931 172196 libmagickcore-6-headers_6.8.9.9-5+deb8u10_all.deb 1e6fb9990a8d2048f15e73efb99f85aaf288c41af724418e23ca9d9d5f78b50a 134380 libmagickwand-6-headers_6.8.9.9-5+deb8u10_all.deb cc861f9a977dbecaed4ba21f8a2efdb80e5719c2d75ad7bb95cefb2961527a27 170900 libmagick++-6-headers_6.8.9.9-5+deb8u10_all.deb c3e137e214a3768e11ec50f08ae619c791eb7f3d90bb915d588a94a6c02b3b18 159152 imagemagick_6.8.9.9-5+deb8u10_amd64.deb 191663bd5092daec3eaf761c250b06dc8675de9004aaad0191bb27e968e79d9f 178348 libimage-magick-perl_6.8.9.9-5+deb8u10_all.deb cd46382d6c542195b55bc47b6994f8b595ad9d24e34035b3de9d1e99d2cd0018 133166 libmagickcore-6-arch-config_6.8.9.9-5+deb8u10_amd64.deb 542c6ecc894707912571a80ddb3de5e2a45c7ea0140fc451fa0cd0419d09acf2 512374 imagemagick-6.q16_6.8.9.9-5+deb8u10_amd64.deb b9b92e94358936719a1636c5a2eec4af9db9354308b78f27a9cd8e93d359dfe1 1694626 libmagickcore-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb dd5ff57c8db1a7ebf55b3282ce171c84bb6e6d3a02dd2d73186e673a386cacce 174634 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u10_amd64.deb c8319977a694d4f57cee1fc4c3838090e0ca3fde86107d7d444ea3211c5b2640 1030982 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb 421507760d600db21afd375518b6e5b7426b4838f76a4a9eef6e1bd70e753175 408584 libmagickwand-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb 76aaf04e659f190df3bd341c6b85308ba30aaa8c78a60e9b0bde2720e69933e8 395078 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb 62d3b4eb81a815ff81d39120320b49bfd6e03f0fb8c79ab1f09f99e49166a403 258032 libmagick++-6.q16-5_6.8.9.9-5+deb8u10_amd64.deb c7734a68a676b8f2e2b79f48095f1f20ad8336496f51f809231774e63864df03 226460 libmagick++-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb 9629473d61fd2b6e00747b23ad8e029ddf82238ffe8ab237ff8e1971a9b4d3a3 5008100 imagemagick-dbg_6.8.9.9-5+deb8u10_amd64.deb 46429aa5006ac10f8f40e64ecee046e6407b1f350692faae458b1ede4e0aeccb 225510 libimage-magick-q16-perl_6.8.9.9-5+deb8u10_amd64.deb a42b0a2c7522b1083bc4dedd081586fc9256fe6a38ad5f802ca9296a78463d35 125618 perlmagick_6.8.9.9-5+deb8u10_all.deb 14f0ea43f35cc12118981204fd85744d946f4cec550b23f8c8a4e40c64344faf 125596 libmagickcore-dev_6.8.9.9-5+deb8u10_all.deb acdde295cc6e5cca179d4d405533cfcd23b86eae70e9f22c86b5f43d76af54bf 125578 libmagickwand-dev_6.8.9.9-5+deb8u10_all.deb b7479e495a39c0abe53f8435942c0312cbda0212d44f135adb34a578150a219d 125616 libmagick++-dev_6.8.9.9-5+deb8u10_all.deb Files: 5c1680233ae03afb61357c3cccc6a028 4228 graphics optional imagemagick_6.8.9.9-5+deb8u10.dsc 6189d10459b09bb1972dbb39b44c8504 286116 graphics optional imagemagick_6.8.9.9-5+deb8u10.debian.tar.xz 551df7dea8818440a13878813b656bde 153774 graphics optional imagemagick-common_6.8.9.9-5+deb8u10_all.deb a576f5f7101ecbf273b268cedc827303 7540908 doc optional imagemagick-doc_6.8.9.9-5+deb8u10_all.deb 7133747a303d503819364cae3cbda231 172196 libdevel optional libmagickcore-6-headers_6.8.9.9-5+deb8u10_all.deb bf8b4e7083adf9de892233eb0b2119cd 134380 libdevel optional libmagickwand-6-headers_6.8.9.9-5+deb8u10_all.deb 1d75fdd5b5ad0f37c97bd1438e32eaa4 170900 libdevel optional libmagick++-6-headers_6.8.9.9-5+deb8u10_all.deb 4018e9a35f9a515cef47d1361c690164 159152 graphics optional imagemagick_6.8.9.9-5+deb8u10_amd64.deb ee7f75805149f803e8acc0aa7b916871 178348 perl optional libimage-magick-perl_6.8.9.9-5+deb8u10_all.deb 342f1066c6417197a769e959648597f7 133166 libdevel optional libmagickcore-6-arch-config_6.8.9.9-5+deb8u10_amd64.deb 229954fc4308fd6d51358a466fb0fe66 512374 graphics optional imagemagick-6.q16_6.8.9.9-5+deb8u10_amd64.deb b1c198135aeffe26f8fe999d35170a15 1694626 libs optional libmagickcore-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb 6d48dda59776c72a97e367e8807b44bd 174634 libs optional libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u10_amd64.deb 70c8d5de314ad513ba0fe3e607a5c00a 1030982 libdevel optional libmagickcore-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb ec4110b01b057c5386b4bd5467d86ecf 408584 libs optional libmagickwand-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb bc4befc57e4b370f8eb935abd3c410ab 395078 libdevel optional libmagickwand-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb 7827eed27b4c8749475f2fbf01dc1fc6 258032 libs optional libmagick++-6.q16-5_6.8.9.9-5+deb8u10_amd64.deb 93a6963d35969f70684ae79f1d72e99a 226460 libdevel optional libmagick++-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb 12e1d79bbc925712f4814e25e6a8b809 5008100 debug extra imagemagick-dbg_6.8.9.9-5+deb8u10_amd64.deb 953ded06e35c24f5d7f9b7e5f4261cc3 225510 perl optional libimage-magick-q16-perl_6.8.9.9-5+deb8u10_amd64.deb bcca745e2c40213e754862aa3c1c1bb1 125618 oldlibs extra perlmagick_6.8.9.9-5+deb8u10_all.deb bf9b70e3cb32c75847ff7f2a79496c99 125596 oldlibs extra libmagickcore-dev_6.8.9.9-5+deb8u10_all.deb a04b5ea9eda6eb010a5626cd8c332e52 125578 oldlibs extra libmagickwand-dev_6.8.9.9-5+deb8u10_all.deb 0aee6e72dd63cb37fe68760f266026e0 125616 oldlibs extra libmagick++-dev_6.8.9.9-5+deb8u10_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAllqEncACgkQADoaLapB CF+zFg//dExDlccMWTQuZP0c+Igp6KNsthyBXhGr1abaoE4fv4BNCJBjO2OxAXpe tsrkeBk8F93EqBfMLXvkVH9NXjtz8sOk7YjKQUlq9MvBeV81GSsSxuE8TVsnEMFk zyC5zs+cncBLFzimuWuWIRK9m8dPEbLfX7qNw10QcjWXMNISzLbb8LuxwJ/of9DZ 40YLn/XIfv8HPZegaCvMkuRYamfPA8lr82QutsHKb0tIlxxZxxKLdAhp/qhGDhF6 cKhkjMfmpGDRqmjowZoSx4q4Gl49NCwqnTeYKuhm5uMhWMy+nExJIth0bRLYrqK6 olSuiUD3q97LiGy3plmNCi2kRV1IT4jUshGQFrHQBU5LgcLMwzwI9THvhwN8vklL tNS2DxNQVZIR8u0aQZmpMib8DG+m2WrIu9kbRAbO5Uy0yTQoD0cQ5HtPS1M9AHOi N0f5tGjH1cmk6h72DBTcy7SINqw1lbm4y9533fSpRQ/cIwvueeHgg7q1dzPt4qjn g2xIgf5WOdRyNoeG2ymT4KohyRjbAzfiFyR/UntvM2Jp3eU/98+zQMDgTdeRE8CY Qef4ZoxPcYanS4ktxrxKWnnhNiJTjCBCOFRQNVa1AjHY/8Q8UCs3tIt6IGaWp2n4 gKXudBnt/xqPpJxoo17ZONW+5X/62LL0sgOXUsKuPWLT8y7KLlo= =h68p -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 03 Sep 2017 07:30:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.