Debian Bug report logs -
#872481
imagemagick: CVE-2017-12433
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#872481
; Package src:imagemagick
.
(Thu, 17 Aug 2017 19:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Thu, 17 Aug 2017 19:36:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Version: 8:6.9.7.4+dfsg-16
Severity: grave
Tags: security
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/548
Hi,
the following vulnerability was published for imagemagick.
CVE-2017-12433[0]:
| In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the
| function ReadPESImage in coders/pes.c, which allows attackers to cause
| a denial of service, related to ResizeMagickMemory in memory.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12433
[1] https://github.com/ImageMagick/ImageMagick/issues/548
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#872481
; Package src:imagemagick
.
(Thu, 17 Aug 2017 19:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Thu, 17 Aug 2017 19:45:04 GMT) (full text, mbox, link).
Message #10 received at 872481@bugs.debian.org (full text, mbox, reply):
Control: severity -1 important
Control: tags -1 upstream fixed-upstream
On Thu, Aug 17, 2017 at 09:33:18PM +0200, Salvatore Bonaccorso wrote:
> Source: imagemagick
> Version: 8:6.9.7.4+dfsg-16
> Severity: grave
> Tags: security
Something went wrong when submitting the report.
Regards,
Salvatore
Severity set to 'important' from 'grave'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 872481-submit@bugs.debian.org
.
(Thu, 17 Aug 2017 19:45:04 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream and upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 872481-submit@bugs.debian.org
.
(Thu, 17 Aug 2017 19:45:05 GMT) (full text, mbox, link).
Reply sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
You have taken responsibility.
(Thu, 08 Feb 2018 12:36:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Thu, 08 Feb 2018 12:36:03 GMT) (full text, mbox, link).
Message #19 received at 872481-done@bugs.debian.org (full text, mbox, reply):
version: 8:6.9.9.6+dfsg-1
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 13 Mar 2018 07:37:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:28:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.