Debian Bug report logs -
#845246
mat file out of bound
Reported by: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Date: Mon, 21 Nov 2016 17:51:04 UTC
Severity: grave
Tags: patch, security
Found in versions imagemagick/8:6.7.7.10-5+deb7u7, imagemagick/8:6.7.7.10-4, imagemagick/8:6.8.9.9-5+deb8u5
Fixed in versions imagemagick/8:6.9.6.2+dfsg-1, imagemagick/8:6.9.6.2+dfsg-2, imagemagick/8:6.8.9.9-5+deb8u6
Done: Bastien Roucariès <roucaries.bastien+debian@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#845246
; Package src:imagemagick
.
(Mon, 21 Nov 2016 17:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
New Bug report received and forwarded. Copy sent to secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Mon, 21 Nov 2016 17:51:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: notfound -1 8:6.9.6.2+dfsg-2
moreinfo
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
https://github.com/ImageMagick/ImageMagick/issues/131
Fixed by;
https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
Marked as found in versions imagemagick/8:6.7.7.10-5+deb7u7.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Mon, 21 Nov 2016 17:51:07 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.7.7.10-4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 21 Nov 2016 20:30:04 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from roucaries.bastien@gmail.com
to control@bugs.debian.org
.
(Mon, 21 Nov 2016 21:03:15 GMT) (full text, mbox, link).
Reply sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
You have taken responsibility.
(Tue, 22 Nov 2016 11:45:08 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Bug acknowledged by developer.
(Tue, 22 Nov 2016 11:45:09 GMT) (full text, mbox, link).
Message #16 received at 845246-done@bugs.debian.org (full text, mbox, reply):
version: 8:6.9.6.2+dfsg-2
> Corrected in feb not a concern for sid
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#845246
; Package src:imagemagick
.
(Thu, 24 Nov 2016 10:09:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Thu, 24 Nov 2016 10:09:08 GMT) (full text, mbox, link).
Message #21 received at 845246@bugs.debian.org (full text, mbox, reply):
control: fixed -1 8:6.9.6.2+dfsg-2
Marked as fixed in versions imagemagick/8:6.9.6.2+dfsg-2.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to 845246-submit@bugs.debian.org
.
(Thu, 24 Nov 2016 10:09:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#845246
; Package src:imagemagick
.
(Thu, 24 Nov 2016 10:09:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Thu, 24 Nov 2016 10:09:10 GMT) (full text, mbox, link).
Message #28 received at 845246@bugs.debian.org (full text, mbox, reply):
control: fixed -1 8:6.9.6.2+dfsg-1
Marked as fixed in versions imagemagick/8:6.9.6.2+dfsg-1.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to 845246-submit@bugs.debian.org
.
(Thu, 24 Nov 2016 10:09:10 GMT) (full text, mbox, link).
Reply sent
to Bastien Roucariès <roucaries.bastien+debian@gmail.com>
:
You have taken responsibility.
(Sun, 27 Nov 2016 21:51:46 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Bug acknowledged by developer.
(Sun, 27 Nov 2016 21:51:46 GMT) (full text, mbox, link).
Message #35 received at 845246-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u6
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 845246@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+debian@gmail.com> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 25 Nov 2016 21:45:37 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u6
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+debian@gmail.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files
libmagick++-dev - object-oriented C++ interface to ImageMagick
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-dev - low-level image manipulation library -- transition package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library - transition for development files
perlmagick - Perl interface to ImageMagick -- transition package
Closes: 840435 840437 845195 845196 845198 845202 845206 845212 845213 845242 845243 845244 845246 845634
Changes:
imagemagick (8:6.8.9.9-5+deb8u6) jessie-security; urgency=medium
.
* Fix CVE-2016-7799: global buffer overflow. (Closes: #840437).
* Fix CVE-2016-7906: use after free. (Closes: #840435).
* Fix a TIFF file buffer overflow. (Closes: #845195).
* Check return of fputc during TIFF file writing.
(Closes: #845196).
* Prevent buffer overflow by checking image extend
for TIFF (Closes: #845198).
* Avoid a out of bound read in VIFF file handler.
(Closes: #845212 and LP: #1545183).
* Avoid a DOS by not allowing too deep nested exception.
(Closes: #845213).
* Better check for buffer overflow in TIFF files
handling. (Closes: #845202).
* Fix CVE-2016-8677: memory allocate failure in AcquireQuantumPixels
(Closes: #845206).
* Prevent fault in MSL interpreter. (Closes: #845242).
* Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray
(Closes: #845242)
* Fix null pointer dereference in TIFF file handling.
(Closes: #845243).
* Added check for invalid number of frames in mat file
(Closes: #845244).
* Fix an out of bound read in mat file due to insuffisant allocation.
(Closes: #845246).
* Fix CVE-2016-8862: memory allocation failure in AcquireMagickMemory
(Closes: #845634).
Checksums-Sha1:
8ea9abbc7a87d9b366a4af5d177470e917975c92 4210 imagemagick_6.8.9.9-5+deb8u6.dsc
8b82082973e6f27c02ba514a344290e551b6bb2d 260404 imagemagick_6.8.9.9-5+deb8u6.debian.tar.xz
5d9cd0f5e287984d3352d4ac4b1c0f3407a43b46 150970 imagemagick-common_6.8.9.9-5+deb8u6_all.deb
47347063f9daac522b44c124f800cfa1ef1090de 7668178 imagemagick-doc_6.8.9.9-5+deb8u6_all.deb
85ef6aef3c6fcc8c7ce559893b38d29cdce2bd07 169736 libmagickcore-6-headers_6.8.9.9-5+deb8u6_all.deb
495e289f8aa46a05154c0c47985ba62203f51973 132636 libmagickwand-6-headers_6.8.9.9-5+deb8u6_all.deb
e9bbfc9b91cc27be745af823ceb92bd1d9bf65a3 168342 libmagick++-6-headers_6.8.9.9-5+deb8u6_all.deb
acf9b8a04a91e77ca7dd7f2ef8b165306c7b22c3 157430 imagemagick_6.8.9.9-5+deb8u6_amd64.deb
d810ebcb5ce46b31d1af5a26587b4ed8c7013ab7 175900 libimage-magick-perl_6.8.9.9-5+deb8u6_all.deb
7d5d2cecf87a365ccc9f78f76e3dab40f485b0c7 131464 libmagickcore-6-arch-config_6.8.9.9-5+deb8u6_amd64.deb
ce0289347433f23d992c9c717b5558643879eefd 510056 imagemagick-6.q16_6.8.9.9-5+deb8u6_amd64.deb
cefff776cd98e44dbeff00f397d766c53f06fac1 1694182 libmagickcore-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb
1ff53d7670a2a7eb955377bb4e231c857ff2af9c 172008 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u6_amd64.deb
bfda078d8511391a2c6cd07a2b751569e795845e 1029388 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
4c0d10b12cda7d637bea463836fa30f965654b63 406222 libmagickwand-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb
4fbfc345d0a04e29bc8091ead3b5b7bd5e9fbcd6 393268 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
3a324df8157340831fb549ed67ce8edfabe1a30c 255678 libmagick++-6.q16-5_6.8.9.9-5+deb8u6_amd64.deb
d63ce2201c9bd16db19d637b9c5a5b4212a38a0c 223538 libmagick++-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
c521192bfa4f2b02bf4747eb6ef3c61116cac14c 5011216 imagemagick-dbg_6.8.9.9-5+deb8u6_amd64.deb
db48adc1aadaf70266b677571a73b4b2e70c094b 223110 libimage-magick-q16-perl_6.8.9.9-5+deb8u6_amd64.deb
464c061bb6ea3f3fe614b68efd30c9ddb6a2947b 123742 perlmagick_6.8.9.9-5+deb8u6_all.deb
b224124808c6eab8c24cf0a0268cd1abac787a63 123734 libmagickcore-dev_6.8.9.9-5+deb8u6_all.deb
d693ba56fcffc9738f7741578d0bd27c07e27b81 123718 libmagickwand-dev_6.8.9.9-5+deb8u6_all.deb
baeb5013d21c0af177d1e38f3545336d39218310 123732 libmagick++-dev_6.8.9.9-5+deb8u6_all.deb
Checksums-Sha256:
babf8af8eee5385a9d3218bae44dd5cc4677640cfd0e0538ed5a7e893e00643e 4210 imagemagick_6.8.9.9-5+deb8u6.dsc
aaaa5857f9002ef6c9cccf7dfdef6d2de3d2167f2f5b57a9fcefb95295de17b9 260404 imagemagick_6.8.9.9-5+deb8u6.debian.tar.xz
13dc6b9e2f00a59b36dd1b97dd6c0517d48135ef4f1eb99e6a038b6e8a197cb9 150970 imagemagick-common_6.8.9.9-5+deb8u6_all.deb
67e2b75ba56d9744e50cec29ecb9bc963ff00b5eb57620b9531837a207e49b4e 7668178 imagemagick-doc_6.8.9.9-5+deb8u6_all.deb
ef867a5e7967de043df9064f14b196c231cf0c7555973c0fc2fdc34c648753d5 169736 libmagickcore-6-headers_6.8.9.9-5+deb8u6_all.deb
b65cf7548926bd26d1540b036ddaf940c8b2e1f34907ad021c348950c40fa0f1 132636 libmagickwand-6-headers_6.8.9.9-5+deb8u6_all.deb
a06dee077eb5e47a7f3d41e5f20e3a1b5a06ff633b4583966aaf50a562bf120c 168342 libmagick++-6-headers_6.8.9.9-5+deb8u6_all.deb
6847af183498d07ed9f6dfb8cc546ac228e94dd7c34798229f15e4f2881fc222 157430 imagemagick_6.8.9.9-5+deb8u6_amd64.deb
dcae4e3bc2586151e447eb90876c9e9c3c37ea24da95e5104ddc9bc0d6c8d3dd 175900 libimage-magick-perl_6.8.9.9-5+deb8u6_all.deb
9ead33112074ed418a67fa3a1d212cc18399e64ae24312671ae556b5525d01ae 131464 libmagickcore-6-arch-config_6.8.9.9-5+deb8u6_amd64.deb
c43a9ebbccec41fa2dced6fc8ecd1e05448d713ce81b43eeeb174c153a6316bd 510056 imagemagick-6.q16_6.8.9.9-5+deb8u6_amd64.deb
16a38168b3e74e2b61dd07a437718dca5598c18dc291b1f93002a6c19830ab60 1694182 libmagickcore-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb
b7580efdf69698e715d65f6dc3cb0e810240b856c1c5218fb8db2f0c2b7138c6 172008 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u6_amd64.deb
df9651fca410023108bccca929540960f88903c9e0dfae46eb344fdd4043678b 1029388 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
afd2bf30eed6cd71440fa7f6424629a8c61d98e9d7b01bc0ee893d79fcda1cf4 406222 libmagickwand-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb
1be6c178cc35774ef561b82b2d088e56ae3066424f618542f9d73f1392b5e025 393268 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
96c5a3a0418833c8abad3586d179873ed79116bca7fc60598d787636af6ed040 255678 libmagick++-6.q16-5_6.8.9.9-5+deb8u6_amd64.deb
a3d94cea704ff3974de1a28b4d1deb161e15e4fb838e0eed0b2ba8698c360e39 223538 libmagick++-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
668c5276213dd1ef389141c223b451d5b9de18503da4730fed73e5dd6822b9ce 5011216 imagemagick-dbg_6.8.9.9-5+deb8u6_amd64.deb
1968e2bc813252a5fead6352673a2b0cb91fa1ae56c69f08bc1173c6e510c314 223110 libimage-magick-q16-perl_6.8.9.9-5+deb8u6_amd64.deb
69c2716a52f80ccadd875bc9fe288b844278e15ec390120fa326337b92e0c40e 123742 perlmagick_6.8.9.9-5+deb8u6_all.deb
165281bc02b802206efe9ab77bd484a5a69dd766b9d8de2d3583cc0e91bbfad3 123734 libmagickcore-dev_6.8.9.9-5+deb8u6_all.deb
c9869901196d5e00a39546db83d29a813b9985a648012c2136c39d0a9062b53b 123718 libmagickwand-dev_6.8.9.9-5+deb8u6_all.deb
1f219872871d048d10c2bc48bd30709345c3cb6b531b501071f58715f529cfbe 123732 libmagick++-dev_6.8.9.9-5+deb8u6_all.deb
Files:
b483b2870c4507c21f5d6bcf426c08b6 4210 graphics optional imagemagick_6.8.9.9-5+deb8u6.dsc
adc4791853b8bb8eb5fa3974df0819fb 260404 graphics optional imagemagick_6.8.9.9-5+deb8u6.debian.tar.xz
536fa3628e503019e07b205721c3f9f0 150970 graphics optional imagemagick-common_6.8.9.9-5+deb8u6_all.deb
87ba0c16e92f0b32aa715bc448741fa0 7668178 doc optional imagemagick-doc_6.8.9.9-5+deb8u6_all.deb
35802704757597c98a071f7cb7528a7e 169736 libdevel optional libmagickcore-6-headers_6.8.9.9-5+deb8u6_all.deb
c30413c85b4a5fea6c1b19908de0def4 132636 libdevel optional libmagickwand-6-headers_6.8.9.9-5+deb8u6_all.deb
73d075e1fbdaa771ecf8d49c2d3ea49f 168342 libdevel optional libmagick++-6-headers_6.8.9.9-5+deb8u6_all.deb
85c3a09b5dabb82abdb8715ab23ac98c 157430 graphics optional imagemagick_6.8.9.9-5+deb8u6_amd64.deb
0afb6387916167a908238b650b903db8 175900 perl optional libimage-magick-perl_6.8.9.9-5+deb8u6_all.deb
783c009355eb8d3271adf2fa80ea93bd 131464 libdevel optional libmagickcore-6-arch-config_6.8.9.9-5+deb8u6_amd64.deb
c600c8e26f9a346b1e51de7dddc06d82 510056 graphics optional imagemagick-6.q16_6.8.9.9-5+deb8u6_amd64.deb
8f9888fb205d6e192d5bd45e5fc37ae5 1694182 libs optional libmagickcore-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb
d6f3cb605db44e722e4d648f15e472e4 172008 libs optional libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u6_amd64.deb
256833d363795fb656079ebc4999b5bf 1029388 libdevel optional libmagickcore-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
b857f1b8c5a876d820af746d5e194ad7 406222 libs optional libmagickwand-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb
5eaef92cf5b64d739b71786c60fabdff 393268 libdevel optional libmagickwand-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
0c521a6440694cb54c7179c88d934400 255678 libs optional libmagick++-6.q16-5_6.8.9.9-5+deb8u6_amd64.deb
c382f68c5cdd78be5683e5901c2ef072 223538 libdevel optional libmagick++-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb
45820fd49870c7023c7f405ef233e44a 5011216 debug extra imagemagick-dbg_6.8.9.9-5+deb8u6_amd64.deb
c1041962170018ac6c87b05c7ec0c27c 223110 perl optional libimage-magick-q16-perl_6.8.9.9-5+deb8u6_amd64.deb
cea182aa55a9ec1b73f194b5913b8868 123742 oldlibs extra perlmagick_6.8.9.9-5+deb8u6_all.deb
24f8d817ac8ec4f84b803ed8f66a2537 123734 oldlibs extra libmagickcore-dev_6.8.9.9-5+deb8u6_all.deb
3bda90711b239e624ed67e18aa30c000 123718 oldlibs extra libmagickwand-dev_6.8.9.9-5+deb8u6_all.deb
8b7bea908cbcb2dfd3aefd88e85bdf31 123732 oldlibs extra libmagick++-dev_6.8.9.9-5+deb8u6_all.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYOdGOAAoJEG7C3vaP/jd0fIYP/15zkhUsRRJ/beJ/L1wc4Emq
IUSf7VRiSldemCvY/FREnKTwAUEozladXUCEeovKeYmTGUo9/bMTwZhyt3DJcIwS
UMj3aWzIPSwC7T+IMojCXaC24VMOdVi25wvOTx4FLCgqZfoqU2FwEymeHC8eowym
GNVVIrLI6t/5HA05HhDlfpfjSb4YchZ5DZpCywglXH05ZlGX34BJYE6lAeD4A9YM
eyS90W5mTaSBsusm9DooJu0YUz07aO7LwMOnDBjtzsz98klctREQ2rjbXb1xVHxV
i+8JSPuLnfXt7d3UxR9vQa9oH5sV+X3bidp8k4wuvANY9e+vgR9drP/Gusbnqn2h
zEkL9amk7ZVkv5xAHDjyAa4bpKcnetGbjGK2x4tbepgRsZ6gZxyi71MFOm3doLk9
ScPwZvdKnb7Ejpni/5AuWxw1f206kTe4QnLrWgbrwJk1yRAYS5ZJwK9aIr8KfHnB
oqnVkcOXw82WyTYHOoti4ZdU5VY0Fq6Q9o47cy5WjCHw7nXOu5AizrusTIy3/7NP
H2dJ+cF3KqCs1KKRSU+YJLHkGvMSr7PL6Op+LbPUBHkvvSHYGMwoZfo107CzW/+Q
Yhz+9fheAnfuyflQY/8ajHewAou8A9yjIORVnF70DORpKwSwZCii+nfipiKCcvzF
S1WtjkeAJIJWB98RO0Pw
=hOlr
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#845246
; Package src:imagemagick
.
(Sun, 18 Dec 2016 20:03:15 GMT) (full text, mbox, link).
Acknowledgement sent
to anarcat@debian.org (Antoine Beaupré)
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Sun, 18 Dec 2016 20:03:15 GMT) (full text, mbox, link).
Message #40 received at 845246@bugs.debian.org (full text, mbox, reply):
Hi!
All the bugs mentionned in the CC list are marked as "Workaround entry
for DSA-XXXX-1 until CVEs assigned" in the security tracker:
https://security-tracker.debian.org/tracker/source-package/imagemagick
I did not find CVE requests on the OSS-security list.
Have those requests been formally made yet?
If not, do you wish for me to make a formal request?
I am processing those issues as part of the Debian LTS project and would
be happy to lend a hand if necessary.
Thanks!
A.
--
L'art n'est pas un bureau d'anthropométrie.
- Léo Ferré, "Préface"
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#845246
; Package src:imagemagick
.
(Mon, 19 Dec 2016 16:27:16 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Mon, 19 Dec 2016 16:27:17 GMT) (full text, mbox, link).
Message #45 received at 845246@bugs.debian.org (full text, mbox, reply):
Yes go for it
On Sun, Dec 18, 2016 at 9:00 PM, Antoine Beaupré <anarcat@debian.org> wrote:
> Hi!
>
> All the bugs mentionned in the CC list are marked as "Workaround entry
> for DSA-XXXX-1 until CVEs assigned" in the security tracker:
>
> https://security-tracker.debian.org/tracker/source-package/imagemagick
>
> I did not find CVE requests on the OSS-security list.
>
> Have those requests been formally made yet?
>
> If not, do you wish for me to make a formal request?
>
> I am processing those issues as part of the Debian LTS project and would
> be happy to lend a hand if necessary.
>
> Thanks!
>
> A.
> --
> L'art n'est pas un bureau d'anthropométrie.
> - Léo Ferré, "Préface"
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 28 Jan 2017 07:33:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:50:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.