Debian Bug report logs -
#860735
CVE-2017-7942: memory leak in avs
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#860735
; Package src:imagemagick
.
(Wed, 19 Apr 2017 14:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Wed, 19 Apr 2017 14:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: src:imagemagick
Version: 8:6.6.0.4-3
Severity: serious
Tags: security
X-Debbugs-CC: team@security.debian.org
control: found -1 8:6.7.7.10-5
control: found -1 8:6.8.9.9-5
forwarded: https://github.com/ImageMagick/ImageMagick/issues/428
Fixed by 962282327f3a28ffb1138f3ad3fb0438b57ae6b1
Marked as found in versions imagemagick/8:6.7.7.10-5.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Wed, 19 Apr 2017 14:15:04 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.8.9.9-5.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Wed, 19 Apr 2017 14:15:04 GMT) (full text, mbox, link).
Reply sent
to Bastien Roucariès <rouca@debian.org>
:
You have taken responsibility.
(Wed, 19 Apr 2017 22:09:08 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Bug acknowledged by developer.
(Wed, 19 Apr 2017 22:09:08 GMT) (full text, mbox, link).
Message #14 received at 860735-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-6
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 860735@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <rouca@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 19 Apr 2017 22:23:18 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-6
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 860734 860735 860736
Changes:
imagemagick (8:6.9.7.4+dfsg-6) unstable; urgency=high
.
* Fix three securities bug:
+ CVE-2017-7941 memory leak in sgi (Closes: #860734).
+ CVE-2017-7942 memory leak in avs (Closes: #860735).
+ CVE-2017-7943 Memory leak in svg (Closes: #860736).
Checksums-Sha1:
28b526476e7a34c5028d586e18ddd09da738fe43 5133 imagemagick_6.9.7.4+dfsg-6.dsc
19b6f7f1c70a93aa53e6ba123ae8b5381d4c802b 207516 imagemagick_6.9.7.4+dfsg-6.debian.tar.xz
ea112bdc09c6fec9ef558595e2e60b0ee789a3ab 12901 imagemagick_6.9.7.4+dfsg-6_source.buildinfo
Checksums-Sha256:
2573ffd6ac29c09ae79b75d7c94b48475e96a4e72effa7103853c477a82a053e 5133 imagemagick_6.9.7.4+dfsg-6.dsc
f7153878f6c2675fa8af533ab1ba474cd11cbcf75a35934483999ac3df784441 207516 imagemagick_6.9.7.4+dfsg-6.debian.tar.xz
93f4560c2739f8bed249ffd793d9cbc2ca36e00229b7256a69fdb48af7be8319 12901 imagemagick_6.9.7.4+dfsg-6_source.buildinfo
Files:
e7e57a924fb401efa0e1442ae94bd08f 5133 graphics optional imagemagick_6.9.7.4+dfsg-6.dsc
3c8b19c1e00e8be8c294eede763c61c7 207516 graphics optional imagemagick_6.9.7.4+dfsg-6.debian.tar.xz
742860d8908b00e6f0ca4d854b43bb1c 12901 graphics optional imagemagick_6.9.7.4+dfsg-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlj308YACgkQADoaLapB
CF82ew/+OuJeMVE1rfbXsX6HJ/+Kp78ZjV5ilAJj865AQiKxOL3NIC8kBdO3DHDB
FEmQM5c/dx0/GgSC0vYaz/0qBxtk6aUf4ZTrRPYYBhkuMiFGYrHjIIV6q1rWysgQ
3haaV4+HlCTum9oqvVaF71mB5f1p56jX7zNhaXiACuCDTrs2Aw+mAbwAKYo83JIP
A02Hs+TqQ4YzkiB6MiWNWIqeUlSsgKOAiPtwdQzmO15n78eUwsfHIQkQ53RhNjcy
CSnM8bLoVPvii18SuAOYnyrMw0r47rD9S/m3FdtzJ+iEXwnmEZm+lJ94VmZZCehN
7Syd3fNQrPNgfbJVawIAgIWoI7yY38QmTn11dtBMU41gkcbQRsvTdLvtyT4muejE
7Kiczb6ZSheWZyY7Hr4Fj8J/qoUtemRISN7AeVD/t4+MdSrUS7MVqLpXRK2laYMv
O5GKA/Pwvv13cogxfXlUnHu4yt1lwxkDCd5qsn+FqCoYhB/Sk4ibtWerPtMhOzHx
msuCKbVuvthojEQ2VSczx7zVgA/CEpFI1SVEJqnQxsl/Aj65wcqdevWlL9Wpd4B5
NDScwkhZFcXEUQAczOi7Z8Kh4dSjO/HlBi2gUQSePxAHJ/laf6mYtwSi6Fb2VfK3
MGlhcHaHvJSp48wXAs1KVOj5E+6B1EnfEhTKMCI07XbZ/SdKzcw=
=9S4M
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#860735
; Package src:imagemagick
.
(Fri, 05 May 2017 09:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Fri, 05 May 2017 09:30:03 GMT) (full text, mbox, link).
Message #21 received at 860735@bugs.debian.org (full text, mbox, reply):
control: notfound -1,8:6.6.0.4-3
control: notfound -1 8:6.7.7.10-5
control: notfound -1 8:6.8.9.9-5
control: notfound -1 6.8.9.9-5+deb8u8
control: notfound -1 6.7.7.10-5+deb7u13
Due to code change not affected
No longer marked as found in versions imagemagick/8:6.7.7.10-5.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to 860735-submit@bugs.debian.org
.
(Fri, 05 May 2017 09:30:03 GMT) (full text, mbox, link).
No longer marked as found in versions imagemagick/8:6.8.9.9-5.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to 860735-submit@bugs.debian.org
.
(Fri, 05 May 2017 09:30:04 GMT) (full text, mbox, link).
No longer marked as found in versions imagemagick/8:6.6.0.4-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 05 May 2017 11:39:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#860735
; Package src:imagemagick
.
(Fri, 05 May 2017 16:09:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Fri, 05 May 2017 16:09:08 GMT) (full text, mbox, link).
Message #32 received at 860735@bugs.debian.org (full text, mbox, reply):
control: notfound -1,8:6.6.0.4-3
control: notfound -1 8:6.7.7.10-5
control: notfound -1 8:6.8.9.9-5
control: notfound -1 8:6.8.9.9-5+deb8u8
control: notfound -1 8:6.7.7.10-5+deb7u13
>
> Due to code change not affected
Marked as found in versions imagemagick/8:6.9.7.4+dfsg-5.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 06 May 2017 08:45:06 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 04 Jun 2017 07:28:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:38:05 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.