imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Debian Bug report logs - #740250
imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Date: Thu, 27 Feb 2014 14:45:27 +0100

Package: imagemagick
Severity: grave
Tags: security
Justification: user security hole

The CVE assignments are a bit tricky, please see http://www.openwall.com/lists/oss-security/2014/02/12/2
for the thread on oss-security.

CVE-2014-1958
http://trac.imagemagick.org/changeset/14801

CVE-2014-1947:
http://trac.imagemagick.org/changeset/13736

Cheers,
        Moritz

Message #10 received at 740250@bugs.debian.org (full text, mbox, reply):

From: Bastien ROUCARIES <roucaries.bastien+imagemagick@gmail.com>

To: Moritz Muehlenhoff <jmm@inutil.org>, 740250@bugs.debian.org

Subject: Re: Bug#740250: imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Date: Thu, 27 Feb 2014 19:43:24 +0100

On Thu, Feb 27, 2014 at 2:45 PM, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> Package: imagemagick
> Severity: grave
> Tags: security
> Justification: user security hole
>
> The CVE assignments are a bit tricky, please see http://www.openwall.com/lists/oss-security/2014/02/12/2
> for the thread on oss-security.
>
> CVE-2014-1958
> http://trac.imagemagick.org/changeset/14801
>
> CVE-2014-1947:
> http://trac.imagemagick.org/changeset/13736

Thanks will take care. I could not compile until tomorrow.

Bastien
> Cheers,
>         Moritz
>

Message #15 received at 740250@bugs.debian.org (full text, mbox, reply):

From: Bastien ROUCARIES <roucaries.bastien+imagemagick@gmail.com>

To: Moritz Muehlenhoff <jmm@inutil.org>, 740250@bugs.debian.org

Subject: Re: Bug#740250: imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Date: Fri, 28 Feb 2014 11:20:34 +0100

We are not affected by CVE-2014-1947: but by CVE-2014-2030

On Thu, Feb 27, 2014 at 2:45 PM, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> Package: imagemagick
> Severity: grave
> Tags: security
> Justification: user security hole
>
> The CVE assignments are a bit tricky, please see http://www.openwall.com/lists/oss-security/2014/02/12/2
> for the thread on oss-security.
>
> CVE-2014-1958
> http://trac.imagemagick.org/changeset/14801
>
> CVE-2014-1947:
> http://trac.imagemagick.org/changeset/13736
>
> Cheers,
>         Moritz
>

Message #20 received at 740250@bugs.debian.org (full text, mbox, reply):

From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

To: 740250@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>

Subject: Re: Bug#740250: imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Date: Fri, 28 Feb 2014 18:37:09 +0100

[Message part 1 (text/plain, inline)]

We are affectés by another buffer overflow that upstream call 1947...

Will add patch soon

I am really confused
Le 28 févr. 2014 11:20, "Bastien ROUCARIES" <
roucaries.bastien+imagemagick@gmail.com> a écrit :

> We are not affected by CVE-2014-1947: but by CVE-2014-2030
>
> On Thu, Feb 27, 2014 at 2:45 PM, Moritz Muehlenhoff <jmm@inutil.org>
> wrote:
> > Package: imagemagick
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > The CVE assignments are a bit tricky, please see
> http://www.openwall.com/lists/oss-security/2014/02/12/2
> > for the thread on oss-security.
> >
> > CVE-2014-1958
> > http://trac.imagemagick.org/changeset/14801
> >
> > CVE-2014-1947:
> > http://trac.imagemagick.org/changeset/13736
> >
> > Cheers,
> >         Moritz
> >
>

[Message part 2 (text/html, inline)]

Message #25 received at 740250@bugs.debian.org (full text, mbox, reply):

From: Bastien ROUCARIES <roucaries.bastien+imagemagick@gmail.com>

To: Moritz Muehlenhoff <jmm@inutil.org>, 740250 <740250@bugs.debian.org>

Subject: Re: Bug#740250: imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Date: Sun, 2 Mar 2014 08:57:04 +0100

Sorry to all we are affected by 1947,

commit 43a7754127073ebf0dce2b59cb370c27ae5fbd58
Author: cristy <cristy@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74>
Date:   Sun Feb 16 21:48:05 2014 +0000

Link are incomplete. Will fix asap

On Fri, Feb 28, 2014 at 11:20 AM, Bastien ROUCARIES
<roucaries.bastien+imagemagick@gmail.com> wrote:
> We are not affected by CVE-2014-1947: but by CVE-2014-2030
>
> On Thu, Feb 27, 2014 at 2:45 PM, Moritz Muehlenhoff <jmm@inutil.org> wrote:
>> Package: imagemagick
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>>
>> The CVE assignments are a bit tricky, please see http://www.openwall.com/lists/oss-security/2014/02/12/2
>> for the thread on oss-security.
>>
>> CVE-2014-1958
>> http://trac.imagemagick.org/changeset/14801
>>
>> CVE-2014-1947:
>> http://trac.imagemagick.org/changeset/13736
>>
>> Cheers,
>>         Moritz
>>

Message #30 received at 740250@bugs.debian.org (full text, mbox, reply):

From: Bastien ROUCARIES <roucaries.bastien+imagemagick@gmail.com>

To: Moritz Muehlenhoff <jmm@inutil.org>, 740250 <740250@bugs.debian.org>

Subject: Re: Bug#740250: imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Date: Sun, 2 Mar 2014 15:35:12 +0100

Corrected waiting a mentors

On Sun, Mar 2, 2014 at 8:57 AM, Bastien ROUCARIES
<roucaries.bastien+imagemagick@gmail.com> wrote:
> Sorry to all we are affected by 1947,
>
> commit 43a7754127073ebf0dce2b59cb370c27ae5fbd58
> Author: cristy <cristy@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74>
> Date:   Sun Feb 16 21:48:05 2014 +0000
>
> Link are incomplete. Will fix asap
>
> On Fri, Feb 28, 2014 at 11:20 AM, Bastien ROUCARIES
> <roucaries.bastien+imagemagick@gmail.com> wrote:
>> We are not affected by CVE-2014-1947: but by CVE-2014-2030
>>
>> On Thu, Feb 27, 2014 at 2:45 PM, Moritz Muehlenhoff <jmm@inutil.org> wrote:
>>> Package: imagemagick
>>> Severity: grave
>>> Tags: security
>>> Justification: user security hole
>>>
>>> The CVE assignments are a bit tricky, please see http://www.openwall.com/lists/oss-security/2014/02/12/2
>>> for the thread on oss-security.
>>>
>>> CVE-2014-1958
>>> http://trac.imagemagick.org/changeset/14801
>>>
>>> CVE-2014-1947:
>>> http://trac.imagemagick.org/changeset/13736
>>>
>>> Cheers,
>>>         Moritz
>>>

Message #35 received at 740250-close@bugs.debian.org (full text, mbox, reply):

From: Bastien Roucariès <roucaries.bastien+debian@gmail.com>

To: 740250-close@bugs.debian.org

Subject: Bug#740250: fixed in imagemagick 8:6.7.7.10+dfsg-1

Date: Mon, 03 Mar 2014 18:50:04 +0000

Source: imagemagick
Source-Version: 8:6.7.7.10+dfsg-1

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 740250@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+debian@gmail.com> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 02 Mar 2014 19:28:30 +0100
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source i386 all
Version: 8:6.7.7.10+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+debian@gmail.com>
Description: 
 imagemagick - image manipulation programs
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++5 - object-oriented C++ interface to ImageMagick
 libmagickcore-dev - low-level image manipulation library - development files
 libmagickcore5 - low-level image manipulation library
 libmagickcore5-extra - low-level image manipulation library - extra codecs
 libmagickwand-dev - image manipulation library - development files
 libmagickwand5 - image manipulation library
 perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 734800 740250
Changes: 
 imagemagick (8:6.7.7.10+dfsg-1) unstable; urgency=high
 .
   * Fix three security bugs (Closes: #740250):
   - Fix CVE-2014-1958 and CVE-2014-2030, two buffer overflow
     in psd file handling.
   - Fix CVE-2014-1947 a buffer overflow in log handling.
   * repack due to license problem (Closes: #734800).
Checksums-Sha1: 
 687b35bb7bf2dcca7c399935ee36e6e923bb871f 3196 imagemagick_6.7.7.10+dfsg-1.dsc
 35ddc582e2c8b48bc89a3e144ed90acd94486518 7713512 imagemagick_6.7.7.10+dfsg.orig.tar.xz
 7897ad86b727fa9d01a875322a10100a2208f173 121372 imagemagick_6.7.7.10+dfsg-1.debian.tar.xz
 44376892818bc20b5d47bd4e907d854eb54b39bd 280412 imagemagick_6.7.7.10+dfsg-1_i386.deb
 f416537c3fdec4a6402f5fc679ecaba95c301e94 5559210 imagemagick-dbg_6.7.7.10+dfsg-1_i386.deb
 8bd0d5ed38814e6c660a0f53665208653592b5dd 123330 imagemagick-common_6.7.7.10+dfsg-1_all.deb
 4667ed960fa1385b7e5c162cfd8bbdc35433393d 4309820 imagemagick-doc_6.7.7.10+dfsg-1_all.deb
 f01db75870f516fc1c7600a26f6c75977201d28e 1469638 libmagickcore5_6.7.7.10+dfsg-1_i386.deb
 efa6c8957c28d347b1163fc653f4f2f5dd1cc850 144338 libmagickcore5-extra_6.7.7.10+dfsg-1_i386.deb
 a9ed58592dd948a4547028d551dc2f0ba688d41d 954152 libmagickcore-dev_6.7.7.10+dfsg-1_i386.deb
 93fc0782f0c7ecc50e2cc21ab45debbf5426ecc3 325510 libmagickwand5_6.7.7.10+dfsg-1_i386.deb
 00e2672ff134f882f83e28184d0c3842a30c21fe 347542 libmagickwand-dev_6.7.7.10+dfsg-1_i386.deb
 e7d35d9231ac6067ba1ae2c80ce72fa812033064 199126 libmagick++5_6.7.7.10+dfsg-1_i386.deb
 d3f68c603c9a92bf61ce533f85102cc53d59a4f9 218940 libmagick++-dev_6.7.7.10+dfsg-1_i386.deb
 95a1dc2e95913e6b87193421057e07806e4ed636 218792 perlmagick_6.7.7.10+dfsg-1_i386.deb
Checksums-Sha256: 
 5e7a216adeff39c0dd29c3762e4a3a5bf683fa074801035899e47e8a5f08291f 3196 imagemagick_6.7.7.10+dfsg-1.dsc
 9b9c73ae03d92aeec72d309dd3b623c588035c53b23b711eea71da8679517289 7713512 imagemagick_6.7.7.10+dfsg.orig.tar.xz
 4e73c5f0369699bab829a7a01f353538c9a6ecd71d3b678478ff3b2d289bdad9 121372 imagemagick_6.7.7.10+dfsg-1.debian.tar.xz
 b9c0ff51d411a62620f8031afeb9d228db145b9e0aea70e89691e8b639ca71ac 280412 imagemagick_6.7.7.10+dfsg-1_i386.deb
 c7901a797988bb696a01b9615ff12f871476e027128225a2dbbace7e12bde848 5559210 imagemagick-dbg_6.7.7.10+dfsg-1_i386.deb
 89cd703d60ea3cc7e22953a348decc85d4ac81e176b15a1cfb9386a03d4b1abd 123330 imagemagick-common_6.7.7.10+dfsg-1_all.deb
 4cd833c4266754c6ed51d2c7150ed25c978a73e2db5b8a7ecf43f8027c4073fa 4309820 imagemagick-doc_6.7.7.10+dfsg-1_all.deb
 e27d59515ec506d47ca4aa300d8b5b1ab711f26d78f45d84b0720b3349e6ca53 1469638 libmagickcore5_6.7.7.10+dfsg-1_i386.deb
 f343c1d3f84cc11820b0a01c05506e48e826abbba19ddf451f264f35d2f54174 144338 libmagickcore5-extra_6.7.7.10+dfsg-1_i386.deb
 5b504e6845cb6a512be35731a027e8f0412af50eae7cc3f4262faf29dd074593 954152 libmagickcore-dev_6.7.7.10+dfsg-1_i386.deb
 728177c49035da0aefa69ef5964e0043c8cc94f25be06a6bf1bf29ea78105551 325510 libmagickwand5_6.7.7.10+dfsg-1_i386.deb
 77eeee9220a6fbaeb31bb0cbe83b7669a17808618e99a1ff8060e515e9c22055 347542 libmagickwand-dev_6.7.7.10+dfsg-1_i386.deb
 afe667e1ecd4b187bb2952cfa765986e542cc18385aae938659ad0f5bafc3e0a 199126 libmagick++5_6.7.7.10+dfsg-1_i386.deb
 39834abfaedb7f7f0aa5d110d590310fe1c8a8896dae25179e3e89064a0a18d4 218940 libmagick++-dev_6.7.7.10+dfsg-1_i386.deb
 16153c307f0be14d716c003ec7f5fdf6174605a4f36c07e34a9660d87eb4d676 218792 perlmagick_6.7.7.10+dfsg-1_i386.deb
Files: 
 7e027de11a713361aa41c3b511484f8d 3196 graphics optional imagemagick_6.7.7.10+dfsg-1.dsc
 120b19b437f3f3a7b168fb39b8d9319e 7713512 graphics optional imagemagick_6.7.7.10+dfsg.orig.tar.xz
 53401939cfc5040027aeea6a68eb2c4a 121372 graphics optional imagemagick_6.7.7.10+dfsg-1.debian.tar.xz
 9ffdfa76030febbf29456940428837ab 280412 graphics optional imagemagick_6.7.7.10+dfsg-1_i386.deb
 5d412c69f1c53e1b8db8504a4be33cba 5559210 debug extra imagemagick-dbg_6.7.7.10+dfsg-1_i386.deb
 ede6e545acc0d526f33e48e48b158b32 123330 graphics optional imagemagick-common_6.7.7.10+dfsg-1_all.deb
 950e5a5b78f2ed9014968888d6ec5173 4309820 doc optional imagemagick-doc_6.7.7.10+dfsg-1_all.deb
 8ecc73bf3589291c0e2eabacd54aaa1a 1469638 libs optional libmagickcore5_6.7.7.10+dfsg-1_i386.deb
 602237c2e2a043224b41bfa9ecdf588d 144338 libs optional libmagickcore5-extra_6.7.7.10+dfsg-1_i386.deb
 bf000eaf3d0c1731ba15e878ab3173e1 954152 libdevel optional libmagickcore-dev_6.7.7.10+dfsg-1_i386.deb
 c6562fd6b377f7b0c3b16c2912cb67ec 325510 libs optional libmagickwand5_6.7.7.10+dfsg-1_i386.deb
 feb1a19936a617d70a1a0c8486e035c5 347542 libdevel optional libmagickwand-dev_6.7.7.10+dfsg-1_i386.deb
 47fee9993ac2b03a7728e53314e69c77 199126 libs optional libmagick++5_6.7.7.10+dfsg-1_i386.deb
 0911f16187850b36efa878079c97a9d9 218940 libdevel optional libmagick++-dev_6.7.7.10+dfsg-1_i386.deb
 766736488f50d331f9193d7d1b5595c8 218792 perl optional perlmagick_6.7.7.10+dfsg-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJTFMtRAAoJEKVPAYVDghSEBEEP/jZ2n5/jGkI/nBMeY2pB/GoH
airP8KAkErs12dY01+VvwLW1aRp36NSHa93fjCHa/ibkVZCLabOb4euuInZu7y05
jun4+WY8bjXApCvD98lhvGv4l9LdbibwcFmeZoPtFYIIBvicsIAgg1tkrJC4Jy1J
JZX1PuSa6CxdMtxTtnRO6nT5JrSrMlH4953oEFVhcjjI8wH9qUKPLpMKbJ9JyKDk
lupL41Kur2c16/aStcLCRNO4hqvO0VnwdJrrgw2GBrPt1y5Qhm3lWLkyndebJ5Bj
nA9hYHeeL2/qS7vfeWT4vnmcEPZr4bYxdYvBPflcpo/alIyCWSGTB4uesxwooN/4
v3OKWyID+eJjeNYEo8lSJc6rIUh4o9pO5s2OnW7agIlC70SQDVf9N0VwWuoFut5J
u1IyYtLMO7H4oHHa2uv8Om4cQlSSB9zdYUZ2dlxQl4aVv7kCMs2dUAoMZKh6zk9h
+EkYKtpg8XN/BZSAYGbUp85k30FADupLyofBzfNFvlZE0xWpq8egV0sDxYwgAF3m
DOtMvlv+dzgA1jm7zNyvvncINUUVaztO7fJmbZqcn8wuvM64H2Nemqwtf9/1t8QO
BtyCnAXeQYmyV/F8QRYmC+KwWaRcXVWx1GOFWjxDgu8Q3MqHSF38+2D4W4W8f5es
nv5gJcPWC2jYxKQXDh9n
=QR0G
-----END PGP SIGNATURE-----

Message #42 received at 740250@bugs.debian.org (full text, mbox, reply):

From: Vincent Fourmond <fourmond@debian.org>

To: 740250@bugs.debian.org

Subject: Fixed in experimental

Date: Sat, 29 Mar 2014 23:14:13 +0100

control: fixed -1 8:6.8.8.9-1

This bug is now also fixed in experimental.

Cheers,

Vincent

Message #49 received at 740250-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 740250-close@bugs.debian.org

Subject: Bug#740250: fixed in imagemagick 8:6.6.0.4-3+squeeze4

Date: Sun, 13 Apr 2014 17:02:39 +0000

Source: imagemagick
Source-Version: 8:6.6.0.4-3+squeeze4

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 740250@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 18 Mar 2014 20:54:04 +0100
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-doc libmagickcore3 libmagickcore3-extra libmagickcore-dev libmagickwand3 libmagickwand-dev libmagick++3 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.6.0.4-3+squeeze4
Distribution: squeeze-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 imagemagick - image manipulation programs
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++3 - object-oriented C++ interface to ImageMagick
 libmagickcore-dev - low-level image manipulation library - development files
 libmagickcore3 - low-level image manipulation library
 libmagickcore3-extra - low-level image manipulation library - extra codecs
 libmagickwand-dev - image manipulation library - development files
 libmagickwand3 - image manipulation library
 perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 740250
Changes: 
 imagemagick (8:6.6.0.4-3+squeeze4) squeeze-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add 0006-CVE-2014-1947-Fix-buffer-overflow-when-handling-PSD-images.patch patch.
     CVE-2014-1947: Fix buffer overflow when handling PSD images.
     (Closes: #740250)
   * Add 0007-Prevent-buffer-overflow-in-messaging-system.patch patch.
     Add upstream patch to prevent buffer overflow in messaging system.
Checksums-Sha1: 
 717236eb15b7f23e59fa7553cca63cb8eaf0096e 2537 imagemagick_6.6.0.4-3+squeeze4.dsc
 cfca00977d92ad07da8266b3b48f7f63c3d35f5c 40828 imagemagick_6.6.0.4-3+squeeze4.debian.tar.bz2
 7ae430e3d109f9631e6b55ed6d47cd36cb618f89 105628 imagemagick_6.6.0.4-3+squeeze4_amd64.deb
 8a457034007f44be4a13400e0782db2f1e653307 3687508 imagemagick-dbg_6.6.0.4-3+squeeze4_amd64.deb
 3dd3f0fe8219f2aac9af9cbc93404ff28f2d9ecb 4338296 imagemagick-doc_6.6.0.4-3+squeeze4_all.deb
 56d1e6e2472abb0b462b0bc9a84ddd94c41d2352 1781230 libmagickcore3_6.6.0.4-3+squeeze4_amd64.deb
 89e3bd42d81013f2230a5063726b3c590590e0ea 120700 libmagickcore3-extra_6.6.0.4-3+squeeze4_amd64.deb
 ad0ba9930016e1da420a2cfb9fc1ace2f7ad05fd 1191006 libmagickcore-dev_6.6.0.4-3+squeeze4_amd64.deb
 a3423910e6ecc9963cc57a2ccc7d048dbbf865b2 418394 libmagickwand3_6.6.0.4-3+squeeze4_amd64.deb
 fb17dec626c7423d3feda79e80dd616b4445ee45 494456 libmagickwand-dev_6.6.0.4-3+squeeze4_amd64.deb
 9094c978e7207f24f9677dc1a8a6c9aafaa11f07 209910 libmagick++3_6.6.0.4-3+squeeze4_amd64.deb
 69d275b414c9ae96f5183c47cb4d2b266a4956b0 259974 libmagick++-dev_6.6.0.4-3+squeeze4_amd64.deb
 a12c6dce0311607a002466b29d0af04eb871aa82 227304 perlmagick_6.6.0.4-3+squeeze4_amd64.deb
Checksums-Sha256: 
 c5d93c25b029deeb3792d6aa2a0875f9b9534918453e83d2aadb7564f5209f07 2537 imagemagick_6.6.0.4-3+squeeze4.dsc
 12087c94e024fea4f07a806646f6fee4f6cf1f0b754c53902e7965961e3088c4 40828 imagemagick_6.6.0.4-3+squeeze4.debian.tar.bz2
 3685bb51761615e868b9d56f4aa3052b176e9a96f8fdfe99701f5cbfad1bbe93 105628 imagemagick_6.6.0.4-3+squeeze4_amd64.deb
 d79f9f4ac8e474dd97fd2b8e611c05963ec2251f38a4a9c357cff5d476f7459b 3687508 imagemagick-dbg_6.6.0.4-3+squeeze4_amd64.deb
 afc50c9e42b3fe1d614ad651606bd98521e4d83d4fa8758687d0dd42fd223311 4338296 imagemagick-doc_6.6.0.4-3+squeeze4_all.deb
 97aa76d05427b262764b04f431cf345adb6e2498f0adaa7b5019c769bb840fae 1781230 libmagickcore3_6.6.0.4-3+squeeze4_amd64.deb
 7698a5ea1b8b5461c635d9553eba712f60828d98a36387e1a1b5839d848569b3 120700 libmagickcore3-extra_6.6.0.4-3+squeeze4_amd64.deb
 f84622606ac194ea1dc94bfe03caa1c2919c78dd04f5fb8953aea18b9270c083 1191006 libmagickcore-dev_6.6.0.4-3+squeeze4_amd64.deb
 789935eae12c445422e096c5f8832c2475462b4cce0748b00455849c1fb6ccd0 418394 libmagickwand3_6.6.0.4-3+squeeze4_amd64.deb
 779829080213fe8b52a1f38c6ba39c931bb3798ca1a0538f2cf192864c174cf3 494456 libmagickwand-dev_6.6.0.4-3+squeeze4_amd64.deb
 876eb877d421d6c5bb56d3e4586a56ec9ff1ae7dcbc94d05c7c4a07ff5ba8176 209910 libmagick++3_6.6.0.4-3+squeeze4_amd64.deb
 a52d6cef70a9bfb49c59e28ac66fb7f536e370985b59191ca9b8e107c9cea424 259974 libmagick++-dev_6.6.0.4-3+squeeze4_amd64.deb
 af17526bcd94204f66d6c93446aea93095d87e0babcf1a0240aab74e0ac9ecb8 227304 perlmagick_6.6.0.4-3+squeeze4_amd64.deb
Files: 
 8987736c941123a3fb0cad7f205890e4 2537 graphics optional imagemagick_6.6.0.4-3+squeeze4.dsc
 2237638527fd81f4b706265b5f4b332a 40828 graphics optional imagemagick_6.6.0.4-3+squeeze4.debian.tar.bz2
 3464c880b8f2500159ec09f2c2738759 105628 graphics optional imagemagick_6.6.0.4-3+squeeze4_amd64.deb
 214228c1fc33c98608c6adc4c112b2ba 3687508 debug extra imagemagick-dbg_6.6.0.4-3+squeeze4_amd64.deb
 e8499f3659ac43074e3334091959ce74 4338296 doc optional imagemagick-doc_6.6.0.4-3+squeeze4_all.deb
 70c57feef619ebe0690d713323dfbe97 1781230 libs optional libmagickcore3_6.6.0.4-3+squeeze4_amd64.deb
 6a054cbc7066b2a319b8b8d268a14fc5 120700 libs optional libmagickcore3-extra_6.6.0.4-3+squeeze4_amd64.deb
 093ed26ed423da280a86ce3084c9ea69 1191006 libdevel optional libmagickcore-dev_6.6.0.4-3+squeeze4_amd64.deb
 6b6e6944208317e3c6cb4702c70dbbc9 418394 libs optional libmagickwand3_6.6.0.4-3+squeeze4_amd64.deb
 fe371f335148ad2bb9f586c96f2da26d 494456 libdevel optional libmagickwand-dev_6.6.0.4-3+squeeze4_amd64.deb
 0a0a495a944786953306022f54db9a81 209910 libs optional libmagick++3_6.6.0.4-3+squeeze4_amd64.deb
 c8842730726b94fbe990ac75c251fbf6 259974 libdevel optional libmagick++-dev_6.6.0.4-3+squeeze4_amd64.deb
 142f3c94f2d1cbecf13ef92cedda7b6b 227304 perl optional perlmagick_6.6.0.4-3+squeeze4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTPsucAAoJEAVMuPMTQ89EF/oP/06J4s9P+vGAUNVmFAPB+l59
hLif0hTfaYtaL5aki+h5IoF1PNvgLeFtLxSxnMQwib/dk48JejK2/l6IgPgFepJ4
YyWIC3bMhLWB84nSgmIeurgjbnz0+ADk9zuODWkKUjMpwo1dS/W1b9elrXkuBTcf
dklML6B/m+Lij8oEEUISvACZAsFfGu7/YBtE08BEfqK0I+O7A6g1Zgym1A5ntX1w
WZRmHZIa1RqOCVT03S+ZPBhdUFFyQX7taIkeqn/DYzhLNMK0vUnx+L90StCQIsvb
Wo0a/4jRsAoIy/PdO6Vwh5igd8c0DP27QSbQYFzJDEw0wBV7VG3Q0QbnfFfs+ZnY
ViuwG0bYFnCCb0WxkBaoxAyadTQfMUo7FKT2v2zqyxLLI8rsZ4SrYujFspckF0md
vAJ+Vbi4P+zbDhVZfVyGf7zVnme2UiVtBu/yFWOqdS5fEyKxsL3nuuy6Fhp/MrWi
fClOg1dpvhKibYBpC+6ln3L0nB8x5/imXqOCWmL9AVHRq06RpZ6LiAXczFxOnj4S
1HkJ7fHvQhWPkDH5QChijPG/q7drphsypkPlulNf0GrmpTgm/J9KdRmmhPyaoKwi
HAgH5zcp3Bo5ZC1Gxp8X7F2k277AUsRiIJaIz0kbZrBX0Nj+GDD0rtpE40B1zvDZ
qiCDGgg8M9Zq+CJm5Ak3
=WOnK
-----END PGP SIGNATURE-----

Message #54 received at 740250-close@bugs.debian.org (full text, mbox, reply):

From: Bastien Roucariès <roucaries.bastien+debian@gmail.com>

To: 740250-close@bugs.debian.org

Subject: Bug#740250: fixed in imagemagick 8:6.7.7.10-5+deb7u3

Date: Sun, 13 Apr 2014 17:17:06 +0000

Source: imagemagick
Source-Version: 8:6.7.7.10-5+deb7u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 740250@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+debian@gmail.com> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 02 Mar 2014 18:23:16 +0100
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.7.7.10-5+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+debian@gmail.com>
Description: 
 imagemagick - image manipulation programs
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++5 - object-oriented C++ interface to ImageMagick
 libmagickcore-dev - low-level image manipulation library - development files
 libmagickcore5 - low-level image manipulation library
 libmagickcore5-extra - low-level image manipulation library - extra codecs
 libmagickwand-dev - image manipulation library - development files
 libmagickwand5 - image manipulation library
 perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 740250
Changes: 
 imagemagick (8:6.7.7.10-5+deb7u3) wheezy-security; urgency=high
 .
   * Fix three security bugs (Closes: #740250):
   - Fix CVE-2014-1958 and CVE-2014-2030, two buffer overflow
     in psd file handling.
   - Fix CVE-2014-1947 a buffer overflow in log handling.
Checksums-Sha1: 
 7ca2f8983151d492570588e0f76f34264f84909d 2533 imagemagick_6.7.7.10-5+deb7u3.dsc
 632d2f7fd2bfc1917edee5e80fe8418de25e0112 140231 imagemagick_6.7.7.10-5+deb7u3.debian.tar.bz2
 c6bb5eb3dfba8b0e9b58a68e0c7a8ca49b6e92bc 285022 imagemagick_6.7.7.10-5+deb7u3_amd64.deb
 4a7ee5c660c3727915c8e87bd2a788d36467d5c1 6265726 imagemagick-dbg_6.7.7.10-5+deb7u3_amd64.deb
 54e50ab8cf81cc6d71e03014c4a5a7d973f50e5c 128240 imagemagick-common_6.7.7.10-5+deb7u3_all.deb
 1030266d429ded6ed8f3c239c31d133c68b395e2 5628084 imagemagick-doc_6.7.7.10-5+deb7u3_all.deb
 1d9aabe104cd2315a527c8726c6d318e155c936a 2083462 libmagickcore5_6.7.7.10-5+deb7u3_amd64.deb
 27d60fac510c3696f3395a97efafd0b7e75a3cf5 163674 libmagickcore5-extra_6.7.7.10-5+deb7u3_amd64.deb
 6db7a9e4f830437821ca6276ae1974e000a756e8 1386404 libmagickcore-dev_6.7.7.10-5+deb7u3_amd64.deb
 bc6bf284cf46e59c0f5f66544841b7d94c001895 462178 libmagickwand5_6.7.7.10-5+deb7u3_amd64.deb
 a2bb35e2b8e91cb62553b4113deb84e6259d7663 544270 libmagickwand-dev_6.7.7.10-5+deb7u3_amd64.deb
 cfa0d78fe021746cbde09c6a3a1806f5874151b3 236492 libmagick++5_6.7.7.10-5+deb7u3_amd64.deb
 eefc165260a0426531d721f879bf88403ee59de9 284988 libmagick++-dev_6.7.7.10-5+deb7u3_amd64.deb
 530dc0fa4efef729eaa5e539d34f33987a403af7 255662 perlmagick_6.7.7.10-5+deb7u3_amd64.deb
Checksums-Sha256: 
 37bfc98a8901d1a36f982f6c929264f0c69df12e5fdb2e9a2b7767a9588c456c 2533 imagemagick_6.7.7.10-5+deb7u3.dsc
 da4928a5e7519e03bdc0d615b8a7eb916944c0fc819ea78a47fdc3ad36274298 140231 imagemagick_6.7.7.10-5+deb7u3.debian.tar.bz2
 5e63f4878427176b3256beb57a8dba17a7ac83c109be8daac25d21485a3d937e 285022 imagemagick_6.7.7.10-5+deb7u3_amd64.deb
 b4218283cad3f9e7a6e5e7d0e29d451dc22e655e40f4a3236dbaf702c8041703 6265726 imagemagick-dbg_6.7.7.10-5+deb7u3_amd64.deb
 e6132bfbf1dc99e37addafce516631015b73d718475b8c06f5d1736aaaa5df4b 128240 imagemagick-common_6.7.7.10-5+deb7u3_all.deb
 6dc4c4de5b660c7c996726e607c48bcf8f4825fcf89c6a00c620236f27875db8 5628084 imagemagick-doc_6.7.7.10-5+deb7u3_all.deb
 481703eaa22d94da6441e9a9251b0d2a65ca33da9502d8f883cb9391fa879300 2083462 libmagickcore5_6.7.7.10-5+deb7u3_amd64.deb
 47f42a3ac4bd76d6ddb99c6b1c7767f37285d101aa9431d31942e0896c932079 163674 libmagickcore5-extra_6.7.7.10-5+deb7u3_amd64.deb
 3fad6edcdfca9855079b316b56f4e16b91798e62c2710a44a59d3b204c81b5f5 1386404 libmagickcore-dev_6.7.7.10-5+deb7u3_amd64.deb
 65fe21f5ad1e23836f9ec11f3306ec147013293148a8e960242fc776192713e1 462178 libmagickwand5_6.7.7.10-5+deb7u3_amd64.deb
 8482135d9ca8ce0eaeca42cccd56e60267882650f5d90d17706463c6ef0052b7 544270 libmagickwand-dev_6.7.7.10-5+deb7u3_amd64.deb
 b7921ad4fbd1a172b771ce2f5c0ba51e15c47dcca683a009b522b91de33acbae 236492 libmagick++5_6.7.7.10-5+deb7u3_amd64.deb
 37df3b1a8bc6d96ba16f4eda584a7a7578fc53321fefd856283b204fc2cb8ff8 284988 libmagick++-dev_6.7.7.10-5+deb7u3_amd64.deb
 fbab8675621a632ac85ee56d6d2a10705b3c1ec42c11524da36f45c58c4cd189 255662 perlmagick_6.7.7.10-5+deb7u3_amd64.deb
Files: 
 9cb3c9b37ffff3e1a6020539db05b102 2533 graphics optional imagemagick_6.7.7.10-5+deb7u3.dsc
 2cc08ff3173ef7bd36f1bc3fce51becd 140231 graphics optional imagemagick_6.7.7.10-5+deb7u3.debian.tar.bz2
 3c5fd2802fe91372394583d8310ed137 285022 graphics optional imagemagick_6.7.7.10-5+deb7u3_amd64.deb
 5386f00c82f3fe0bcb031a2305e604c0 6265726 debug extra imagemagick-dbg_6.7.7.10-5+deb7u3_amd64.deb
 6d33b9c34263ccf26babcb7757f90c5a 128240 graphics optional imagemagick-common_6.7.7.10-5+deb7u3_all.deb
 361c6aaf773c57d5e5e7dbe4610d69fa 5628084 doc optional imagemagick-doc_6.7.7.10-5+deb7u3_all.deb
 7938f4869842f9f04e53c6cebeb22d6a 2083462 libs optional libmagickcore5_6.7.7.10-5+deb7u3_amd64.deb
 67c9d7d99a86f4a81d40e6ebd3dcc8bd 163674 libs optional libmagickcore5-extra_6.7.7.10-5+deb7u3_amd64.deb
 904495aeb16bbe979c16b16fde88bcd3 1386404 libdevel optional libmagickcore-dev_6.7.7.10-5+deb7u3_amd64.deb
 3698a13bd6137d71b6cae4c5d738fe32 462178 libs optional libmagickwand5_6.7.7.10-5+deb7u3_amd64.deb
 d8a56786a3a1812458a2b602d6efcb94 544270 libdevel optional libmagickwand-dev_6.7.7.10-5+deb7u3_amd64.deb
 98f615e76230df917446f4da4b481fd6 236492 libs optional libmagick++5_6.7.7.10-5+deb7u3_amd64.deb
 290592601e3994512f7fc8cb31714fc2 284988 libdevel optional libmagick++-dev_6.7.7.10-5+deb7u3_amd64.deb
 d602454d211f249520158a59693b554a 255662 perl optional perlmagick_6.7.7.10-5+deb7u3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlMboxgACgkQx/UhwSKygsp9UQCfYTeClhQvsC5SkvPyZs6cFT9G
jXgAninbHTKVnaAioYxlxh4Zpoy7RSAN
=GT11
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.