Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon).
Reported by: Henri Salo <henri@nerv.fi>
Date: Fri, 10 Feb 2012 11:30:04 UTC
Severity: grave
Tags: security
Found in version imagemagick/8:6.6.0.4-3
Fixed in versions imagemagick/8:6.6.9.7-6, imagemagick/8:6.7.4.0-2, imagemagick/8:6.6.0.4-3+squeeze1
Done: Vincent Fourmond <fourmond@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#659339
; Package imagemagick
.
(Fri, 10 Feb 2012 11:30:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
New Bug report received and forwarded. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Fri, 10 Feb 2012 11:30:12 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: imagemagick Version: 8:6.6.0.4-3 Severity: important Tags: security Concerning ImageMagick 6.7.5-0 and earlier: CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes into an invalid address. CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing a denial of service. For more details please read: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages imagemagick depends on: ii libbz2-1.0 1.0.5-6+squeeze1 high-quality block-sorting file co ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1+squeeze3 FreeType 2 font engine, shared lib ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgomp1 4.4.5-8 GCC OpenMP (GOMP) support library ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii liblcms1 1.18.dfsg-1.2+b3 Color management library ii liblqr-1-0 0.4.1-1 converts plain array images into m ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libmagickcore3 8:6.6.0.4-3 low-level image manipulation libra ii libmagickwand3 8:6.6.0.4-3 image manipulation library ii libsm6 2:1.1.1-1 X11 Session Management library ii libtiff4 3.9.4-5+squeeze3 Tag Image File Format (TIFF) libra ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages imagemagick recommends: ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF ii libmagickcore3-extra 8:6.6.0.4-3 low-level image manipulation libra ii netpbm 2:10.0-12.2+b1 Graphics conversion tools between ii ufraw-batch 0.16-3+b1 batch importer for raw camera imag Versions of packages imagemagick suggests: pn autotrace <none> (no description available) pn cups-bsd | lpr <none> (no description available) ii curl 7.21.0-2.1+squeeze1 Get a file from an HTTP, HTTPS or pn enscript <none> (no description available) pn ffmpeg <none> (no description available) ii gimp 2.6.10-1+squeeze1 The GNU Image Manipulation Program ii gnuplot 4.4.0-1.1 A command-line driven interactive pn grads <none> (no description available) ii groff-base 1.20.1-10 GNU troff text-formatting system ( pn hp2xx <none> (no description available) pn html2ps <none> (no description available) pn imagemagick-doc <none> (no description available) pn libwmf-bin <none> (no description available) ii mplayer 2:1.0~rc3++final.dfsg1-1 movie player for Unix-like systems pn povray <none> (no description available) pn radiance <none> (no description available) ii sane-utils 1.0.21-9 API library for scanners -- utilit ii texlive-binarie 2009-8 Binaries for TeX Live ii transfig 1:3.2.5.c-1 Utilities for converting XFig figu ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities from -- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#659339
; Package imagemagick
.
(Fri, 10 Feb 2012 12:40:22 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Fri, 10 Feb 2012 12:40:25 GMT) (full text, mbox, link).
Message #10 received at 659339@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Thanks, i could not take care of it before at least middle of next week. You could do a nmu if needed, particularly for stable and testing Thanks Bastien Le 10 févr. 2012 12:30, "Henri Salo" <henri@nerv.fi> a écrit : Package: imagemagick Version: 8:6.6.0.4-3 Severity: important Tags: security Concerning ImageMagick 6.7.5-0 and earlier: CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes into an invalid address. CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing a denial of service. For more details please read: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages imagemagick depends on: ii libbz2-1.0 1.0.5-6+squeeze1 high-quality block-sorting file co ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1+squeeze3 FreeType 2 font engine, shared lib ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgomp1 4.4.5-8 GCC OpenMP (GOMP) support library ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii liblcms1 1.18.dfsg-1.2+b3 Color management library ii liblqr-1-0 0.4.1-1 converts plain array images into m ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libmagickcore3 8:6.6.0.4-3 low-level image manipulation libra ii libmagickwand3 8:6.6.0.4-3 image manipulation library ii libsm6 2:1.1.1-1 X11 Session Management library ii libtiff4 3.9.4-5+squeeze3 Tag Image File Format (TIFF) libra ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages imagemagick recommends: ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF ii libmagickcore3-extra 8:6.6.0.4-3 low-level image manipulation libra ii netpbm 2:10.0-12.2+b1 Graphics conversion tools between ii ufraw-batch 0.16-3+b1 batch importer for raw camera imag Versions of packages imagemagick suggests: pn autotrace <none> (no description available) pn cups-bsd | lpr <none> (no description available) ii curl 7.21.0-2.1+squeeze1 Get a file from an HTTP, HTTPS or pn enscript <none> (no description available) pn ffmpeg <none> (no description available) ii gimp 2.6.10-1+squeeze1 The GNU Image Manipulation Program ii gnuplot 4.4.0-1.1 A command-line driven interactive pn grads <none> (no description available) ii groff-base 1.20.1-10 GNU troff text-formatting system ( pn hp2xx <none> (no description available) pn html2ps <none> (no description available) pn imagemagick-doc <none> (no description available) pn libwmf-bin <none> (no description available) ii mplayer 2:1.0~rc3++final.dfsg1-1 movie player for Unix-like systems pn povray <none> (no description available) pn radiance <none> (no description available) ii sane-utils 1.0.21-9 API library for scanners -- utilit ii texlive-binarie 2009-8 Binaries for TeX Live ii transfig 1:3.2.5.c-1 Utilities for converting XFig figu ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities from -- no debconf information _______________________________________________ Pkg-gmagick-im-team mailing list Pkg-gmagick-im-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gmagick-im-team
[Message part 2 (text/html, inline)]
Severity set to 'grave' from 'important'
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org
.
(Mon, 20 Feb 2012 20:57:03 GMT) (full text, mbox, link).
Reply sent
to Vincent Fourmond <fourmond@debian.org>
:
You have taken responsibility.
(Wed, 22 Feb 2012 22:36:07 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>
:
Bug acknowledged by developer.
(Wed, 22 Feb 2012 22:36:07 GMT) (full text, mbox, link).
Message #17 received at 659339-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.6.9.7-6 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive: imagemagick-common_6.6.9.7-6_all.deb to main/i/imagemagick/imagemagick-common_6.6.9.7-6_all.deb imagemagick-dbg_6.6.9.7-6_amd64.deb to main/i/imagemagick/imagemagick-dbg_6.6.9.7-6_amd64.deb imagemagick-doc_6.6.9.7-6_all.deb to main/i/imagemagick/imagemagick-doc_6.6.9.7-6_all.deb imagemagick_6.6.9.7-6.debian.tar.bz2 to main/i/imagemagick/imagemagick_6.6.9.7-6.debian.tar.bz2 imagemagick_6.6.9.7-6.dsc to main/i/imagemagick/imagemagick_6.6.9.7-6.dsc imagemagick_6.6.9.7-6_amd64.deb to main/i/imagemagick/imagemagick_6.6.9.7-6_amd64.deb libmagick++-dev_6.6.9.7-6_amd64.deb to main/i/imagemagick/libmagick++-dev_6.6.9.7-6_amd64.deb libmagick++4_6.6.9.7-6_amd64.deb to main/i/imagemagick/libmagick++4_6.6.9.7-6_amd64.deb libmagickcore-dev_6.6.9.7-6_amd64.deb to main/i/imagemagick/libmagickcore-dev_6.6.9.7-6_amd64.deb libmagickcore4-extra_6.6.9.7-6_amd64.deb to main/i/imagemagick/libmagickcore4-extra_6.6.9.7-6_amd64.deb libmagickcore4_6.6.9.7-6_amd64.deb to main/i/imagemagick/libmagickcore4_6.6.9.7-6_amd64.deb libmagickwand-dev_6.6.9.7-6_amd64.deb to main/i/imagemagick/libmagickwand-dev_6.6.9.7-6_amd64.deb libmagickwand4_6.6.9.7-6_amd64.deb to main/i/imagemagick/libmagickwand4_6.6.9.7-6_amd64.deb perlmagick_6.6.9.7-6_amd64.deb to main/i/imagemagick/perlmagick_6.6.9.7-6_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 659339@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Fourmond <fourmond@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 22 Feb 2012 23:08:56 +0100 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore4 libmagickcore4-extra libmagickcore-dev libmagickwand4 libmagickwand-dev libmagick++4 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.6.9.7-6 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Vincent Fourmond <fourmond@debian.org> Description: imagemagick - image manipulation programs imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++4 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore4 - low-level image manipulation library libmagickcore4-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand4 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 659339 Changes: imagemagick (8:6.6.9.7-6) unstable; urgency=high . * Security bug fix: "Invalid validation DoS CVE-2012-0247/CVE-2012-02478", thanks to Henri Salo (Closes: #659339). * Bumping urgency to high to fix open security issue in testing * Apply patch from revision r6606 to fix compilation with newer zlib. Checksums-Sha1: 781652fc80afd6b6e6ead603d69eec7ac233285e 2418 imagemagick_6.6.9.7-6.dsc a58f0e3de997c7480e4421ce97522e5dc791eef4 43574 imagemagick_6.6.9.7-6.debian.tar.bz2 f9cb5fd3d7ec5c1a29721620b0a53d87067331d8 124604 imagemagick_6.6.9.7-6_amd64.deb bad0ce1426d14b032179934c746c378ffcb65854 4611590 imagemagick-dbg_6.6.9.7-6_amd64.deb 8aefe1431f8cd5fb687674e501f3f7b29017c19a 112658 imagemagick-common_6.6.9.7-6_all.deb f551313295b8de643220a9852271e5b227612571 5538198 imagemagick-doc_6.6.9.7-6_all.deb 341ce34ceb45b124b6d73c4339fd40c52c957ce7 1950666 libmagickcore4_6.6.9.7-6_amd64.deb ddc7eaf80f9c8294bb090628f8dc4228825b280b 124966 libmagickcore4-extra_6.6.9.7-6_amd64.deb ba120e601097cd936e09c7a15f8964fec1907f1b 1295020 libmagickcore-dev_6.6.9.7-6_amd64.deb 938adedd56e8a81464271360a6eae4c767453523 442506 libmagickwand4_6.6.9.7-6_amd64.deb 96d7374d126e6ccda81ecfabadb21c2b07c886a7 524138 libmagickwand-dev_6.6.9.7-6_amd64.deb 92be883d65c36fe0f278cb8b29cb90f920f1bc94 217794 libmagick++4_6.6.9.7-6_amd64.deb 770facde14c46013d66123301ff15fbd4bbd9c1a 268874 libmagick++-dev_6.6.9.7-6_amd64.deb f49d408e2b3a6c44cc96116fb519bc7a3f60ae9c 240112 perlmagick_6.6.9.7-6_amd64.deb Checksums-Sha256: 1e648ba06f1f4e84ac0728b4fe79d85f7ce568ca93b6d0befa7d1f9e23f15eb6 2418 imagemagick_6.6.9.7-6.dsc 673cf0bb0bec51022e656e1b92cd927eccc09d838d3b8b4340764d75800b5d53 43574 imagemagick_6.6.9.7-6.debian.tar.bz2 aae20f3060e90f1889965a35f0904ae6b15b4f6d2b9d060984aac00a8279a028 124604 imagemagick_6.6.9.7-6_amd64.deb be4ebede0600e103985542ada073faf48581c5a605bd378ed4b80f71c6c7f752 4611590 imagemagick-dbg_6.6.9.7-6_amd64.deb 439c7e7d0aad58ea1c73e170eebd07c94adbfc3b2205fa717724a8235431a5f5 112658 imagemagick-common_6.6.9.7-6_all.deb abf4c32b73a34b3dd5d02630791e20987e7b9f7b5c40aec010437748642cf8ab 5538198 imagemagick-doc_6.6.9.7-6_all.deb 80c975fdb5ddc2db51b0ab64c0e4d6906f1b7083948863859edcab22d5369495 1950666 libmagickcore4_6.6.9.7-6_amd64.deb e409138829c7acf8f6c99821baa488849a5a51faef6226b64105a41fd391e0d0 124966 libmagickcore4-extra_6.6.9.7-6_amd64.deb 17466c9c735ee40b0a052c293e6382f00c558e85a1dadb1e3f8497c9763d2d75 1295020 libmagickcore-dev_6.6.9.7-6_amd64.deb 27b41a3da5038c399c9166299d059121ba45620f1b268d2c16a3a94b509512e4 442506 libmagickwand4_6.6.9.7-6_amd64.deb 9a4cc6d614a8a32a85d810cc92ebb5b33c2b2dbad0c0d0808e16ed91b634ac0d 524138 libmagickwand-dev_6.6.9.7-6_amd64.deb 42cc929acc5237819cb954f2f703010c746764102d05ef1f3ccbd253207ed671 217794 libmagick++4_6.6.9.7-6_amd64.deb 8bfa690a2447129a1ae386144fcdfc5d246442d775564d13fb6787f48ab3d2f8 268874 libmagick++-dev_6.6.9.7-6_amd64.deb 50f7c52f606b07317a84a0e21cfc4a9338196de79c208cb33a86d2bfc39a13b7 240112 perlmagick_6.6.9.7-6_amd64.deb Files: bd88f2342e2ac785ee51deea333c598b 2418 graphics optional imagemagick_6.6.9.7-6.dsc c683dc9a5013501e2b73e59b96c18d86 43574 graphics optional imagemagick_6.6.9.7-6.debian.tar.bz2 de2b65229d4f30c1990a1e5983b8a8f0 124604 graphics optional imagemagick_6.6.9.7-6_amd64.deb d8c3fecaf4215a26416a791aa2d236fd 4611590 debug extra imagemagick-dbg_6.6.9.7-6_amd64.deb e67efe11f907be930000e3084d830578 112658 graphics optional imagemagick-common_6.6.9.7-6_all.deb f7babe9e45567b9f0af2b5c2a950b65c 5538198 doc optional imagemagick-doc_6.6.9.7-6_all.deb bcdeec1cc6202a089b750a2af6e6665f 1950666 libs optional libmagickcore4_6.6.9.7-6_amd64.deb 4e058fecc0a50130cdcc58251d6c87a8 124966 libs optional libmagickcore4-extra_6.6.9.7-6_amd64.deb 62078e149317c73f15932ebe3d47d3f4 1295020 libdevel optional libmagickcore-dev_6.6.9.7-6_amd64.deb 5d2734bdb281d32a936e0a841e3b491d 442506 libs optional libmagickwand4_6.6.9.7-6_amd64.deb 2cc3c1f69318f379a25091a2d5cc612d 524138 libdevel optional libmagickwand-dev_6.6.9.7-6_amd64.deb 0cdb106829036b05709a17ce444a7c6a 217794 libs optional libmagick++4_6.6.9.7-6_amd64.deb bd8fa45cc7a987af8236d91a7f9c1d4b 268874 libdevel optional libmagick++-dev_6.6.9.7-6_amd64.deb 55ca8ab9611c3e15108195d09800d7f5 240112 perl optional perlmagick_6.6.9.7-6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk9FatUACgkQx/UhwSKygsrkwACfYo8nHi+kE/dEaIRWnDgC0nPw 0XUAn2vYNspeZfcGNXvzFJIrbZ1Z2O/h =mKZT -----END PGP SIGNATURE-----
Reply sent
to Vincent Fourmond <fourmond@debian.org>
:
You have taken responsibility.
(Wed, 22 Feb 2012 23:18:25 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>
:
Bug acknowledged by developer.
(Wed, 22 Feb 2012 23:18:25 GMT) (full text, mbox, link).
Message #22 received at 659339-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.7.4.0-2 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive: imagemagick-common_6.7.4.0-2_all.deb to main/i/imagemagick/imagemagick-common_6.7.4.0-2_all.deb imagemagick-dbg_6.7.4.0-2_amd64.deb to main/i/imagemagick/imagemagick-dbg_6.7.4.0-2_amd64.deb imagemagick-doc_6.7.4.0-2_all.deb to main/i/imagemagick/imagemagick-doc_6.7.4.0-2_all.deb imagemagick_6.7.4.0-2.debian.tar.bz2 to main/i/imagemagick/imagemagick_6.7.4.0-2.debian.tar.bz2 imagemagick_6.7.4.0-2.dsc to main/i/imagemagick/imagemagick_6.7.4.0-2.dsc imagemagick_6.7.4.0-2_amd64.deb to main/i/imagemagick/imagemagick_6.7.4.0-2_amd64.deb libmagick++-dev_6.7.4.0-2_amd64.deb to main/i/imagemagick/libmagick++-dev_6.7.4.0-2_amd64.deb libmagick++5_6.7.4.0-2_amd64.deb to main/i/imagemagick/libmagick++5_6.7.4.0-2_amd64.deb libmagickcore-dev_6.7.4.0-2_amd64.deb to main/i/imagemagick/libmagickcore-dev_6.7.4.0-2_amd64.deb libmagickcore5-extra_6.7.4.0-2_amd64.deb to main/i/imagemagick/libmagickcore5-extra_6.7.4.0-2_amd64.deb libmagickcore5_6.7.4.0-2_amd64.deb to main/i/imagemagick/libmagickcore5_6.7.4.0-2_amd64.deb libmagickwand-dev_6.7.4.0-2_amd64.deb to main/i/imagemagick/libmagickwand-dev_6.7.4.0-2_amd64.deb libmagickwand5_6.7.4.0-2_amd64.deb to main/i/imagemagick/libmagickwand5_6.7.4.0-2_amd64.deb perlmagick_6.7.4.0-2_amd64.deb to main/i/imagemagick/perlmagick_6.7.4.0-2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 659339@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Fourmond <fourmond@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 22 Feb 2012 23:28:04 +0100 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.7.4.0-2 Distribution: experimental Urgency: low Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Vincent Fourmond <fourmond@debian.org> Description: imagemagick - image manipulation programs imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++5 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore5 - low-level image manipulation library libmagickcore5-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand5 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 657833 659259 659339 Changes: imagemagick (8:6.7.4.0-2) experimental; urgency=low . [ Bastien Roucariès ] * Bug fix: "Please enable hardened build flags", thanks to Moritz Muehlenhoff (Closes: #657833). * Bug fix: "Invalid validation DoS CVE-2012-0247/CVE-2012-02478", thanks to Henri Salo (Closes: #659339). * Bug Fix: Convert delegate from removed /usr/bin/rsvg to /usr/bin/rsvg-convert, thanks to Scott Howard (Closes: #659259) . [ Vincent Fourmond ] * Pull in patch from revision 6606 to fix FTBS with newer zlib Checksums-Sha1: 29f3fcdf96f8b31b114f5143431cb29c0c2ccf67 2434 imagemagick_6.7.4.0-2.dsc 9ce987c155517da81cafd4dd0d3ad5799537c4c0 41048 imagemagick_6.7.4.0-2.debian.tar.bz2 2774bf047518885d1a4fcbdc701e1ec75ca9fddf 129594 imagemagick_6.7.4.0-2_amd64.deb 5f25c357ed47860f87034084e1a7aee8ded2562a 4776018 imagemagick-dbg_6.7.4.0-2_amd64.deb a6873918e4ea65d991f1c2f4e29e46937cf6cf99 175152 imagemagick-common_6.7.4.0-2_all.deb 4a1c50b36913e1a2af39432efe3d76daa4f53966 5576294 imagemagick-doc_6.7.4.0-2_all.deb c343d85ebb688eb0188f7679202663b13cf4e4ab 2043062 libmagickcore5_6.7.4.0-2_amd64.deb b25ab63f1e530f7b3176c4a1b956ad14389d0729 131204 libmagickcore5-extra_6.7.4.0-2_amd64.deb b3a3799ab32d2850083745a9735f91e8772fa443 1361354 libmagickcore-dev_6.7.4.0-2_amd64.deb 9daa39356a2d841f68df3b647588cff43ca906b3 447394 libmagickwand5_6.7.4.0-2_amd64.deb 5841d6c1980e4978b686e55ac5309ecce4e74460 528296 libmagickwand-dev_6.7.4.0-2_amd64.deb 17124eaf872d92cfe5e9c3a467df6aea9442bfdd 223938 libmagick++5_6.7.4.0-2_amd64.deb 7f2a4d7fb5917983fe80b1e1c1ce474998c16a7c 274164 libmagick++-dev_6.7.4.0-2_amd64.deb 2f873786f0324a01a654910c4ced8eeb7496e912 240880 perlmagick_6.7.4.0-2_amd64.deb Checksums-Sha256: b6cde271efbaea099fe71ab6789db29cac78187ea5fbe9485dc1c88739036933 2434 imagemagick_6.7.4.0-2.dsc 04e4fea62fdeed82a9f40f39636d7020446851d897182ac6823f786026336d05 41048 imagemagick_6.7.4.0-2.debian.tar.bz2 488f7e25630a3e1697caa2b0527dae597813bcd0d2f9c56f3c685dda8aa3ff81 129594 imagemagick_6.7.4.0-2_amd64.deb d8eaabb32874c193f8857ff588a7f1b151b85751d9ba2840842af47fb73ff8f2 4776018 imagemagick-dbg_6.7.4.0-2_amd64.deb 79e786899bb955ab11612a9472ff277a44f7bcadcfec16dc5077a7da0fca9150 175152 imagemagick-common_6.7.4.0-2_all.deb 58da42b4d79bfeca88c86ce4017c7574ec0d4149d6ef6420ec2b4c1b0fbb2899 5576294 imagemagick-doc_6.7.4.0-2_all.deb 47239e832d4c35319636c7e81746dfee0308d6341378193d52087d0a9d504031 2043062 libmagickcore5_6.7.4.0-2_amd64.deb 8182f7ad9b42f568f2a6205b2c771c3287c8e5789686355394f228b39db65bc0 131204 libmagickcore5-extra_6.7.4.0-2_amd64.deb 9679b85b4e17c99cd2ad9e6dcb12382bd4dc9b027ef46e0a3e372f7214b03c7e 1361354 libmagickcore-dev_6.7.4.0-2_amd64.deb b301ef914d3e4bdeb84117df29b9793ade665af48b19223c8daae320d633040b 447394 libmagickwand5_6.7.4.0-2_amd64.deb 74479057b2076345064b398e5058e4aee53d7a844849c58586b476815558cc38 528296 libmagickwand-dev_6.7.4.0-2_amd64.deb 448d51799ea48019a3bb0547076f5a834bf1c5f165cb4fab43b852ed11e33395 223938 libmagick++5_6.7.4.0-2_amd64.deb aef9793a23bcd73d1d8f868b82cf5df819535a2b9ec9e6b03e5f0f49889e10ed 274164 libmagick++-dev_6.7.4.0-2_amd64.deb 6e804d406ff59a59d06fa958f8e079cf7dd30412d67eb6aed2264ccbae52e7fa 240880 perlmagick_6.7.4.0-2_amd64.deb Files: a05c28209e59fd6c9a54b9666035611d 2434 graphics optional imagemagick_6.7.4.0-2.dsc 3dd0bc8c6167363ccc901f84fc4888ad 41048 graphics optional imagemagick_6.7.4.0-2.debian.tar.bz2 6c4fdd0652c93002713939e609b697c8 129594 graphics optional imagemagick_6.7.4.0-2_amd64.deb e8cb9896f105ed25ea3c1796a3801a6e 4776018 debug extra imagemagick-dbg_6.7.4.0-2_amd64.deb 6076583e7bc801333946bdca2bdd9fba 175152 graphics optional imagemagick-common_6.7.4.0-2_all.deb 8dcfaaddaa8f41904fc319245cd9eca7 5576294 doc optional imagemagick-doc_6.7.4.0-2_all.deb 7e29c93c2bace7219384ecbdce261b68 2043062 libs optional libmagickcore5_6.7.4.0-2_amd64.deb a4a89582ebf62852a3cfd30aab8885d4 131204 libs optional libmagickcore5-extra_6.7.4.0-2_amd64.deb 610bdae7e5f40d55a0a6652fd3aaa82f 1361354 libdevel optional libmagickcore-dev_6.7.4.0-2_amd64.deb 6a0861d9cd850c4d57e8d8ad4376f475 447394 libs optional libmagickwand5_6.7.4.0-2_amd64.deb 56ba73d11531be3443633a445d12fa86 528296 libdevel optional libmagickwand-dev_6.7.4.0-2_amd64.deb b795df2bffd2d48ce7425a36a6a693d6 223938 libs optional libmagick++5_6.7.4.0-2_amd64.deb 284796df12e03cfa6b88e04bb3bd17ad 274164 libdevel optional libmagick++-dev_6.7.4.0-2_amd64.deb 7fffcb395b87f923150c467642f70e16 240880 perl optional perlmagick_6.7.4.0-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk9FcnwACgkQx/UhwSKygsqAoQCbBq/jLzUyPmhybbclGaos1GU9 SX8An3ULzCrz9uwZK2SHNjinrhZMqGGQ =kNnD -----END PGP SIGNATURE-----
Reply sent
to Vincent Fourmond <fourmond@debian.org>
:
You have taken responsibility.
(Wed, 07 Mar 2012 23:09:04 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>
:
Bug acknowledged by developer.
(Wed, 07 Mar 2012 23:09:04 GMT) (full text, mbox, link).
Message #27 received at 659339-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.6.0.4-3+squeeze1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive: imagemagick-dbg_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/imagemagick-dbg_6.6.0.4-3+squeeze1_amd64.deb imagemagick-doc_6.6.0.4-3+squeeze1_all.deb to main/i/imagemagick/imagemagick-doc_6.6.0.4-3+squeeze1_all.deb imagemagick_6.6.0.4-3+squeeze1.debian.tar.bz2 to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze1.debian.tar.bz2 imagemagick_6.6.0.4-3+squeeze1.dsc to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze1.dsc imagemagick_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze1_amd64.deb libmagick++-dev_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/libmagick++-dev_6.6.0.4-3+squeeze1_amd64.deb libmagick++3_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/libmagick++3_6.6.0.4-3+squeeze1_amd64.deb libmagickcore-dev_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/libmagickcore-dev_6.6.0.4-3+squeeze1_amd64.deb libmagickcore3-extra_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/libmagickcore3-extra_6.6.0.4-3+squeeze1_amd64.deb libmagickcore3_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/libmagickcore3_6.6.0.4-3+squeeze1_amd64.deb libmagickwand-dev_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/libmagickwand-dev_6.6.0.4-3+squeeze1_amd64.deb libmagickwand3_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/libmagickwand3_6.6.0.4-3+squeeze1_amd64.deb perlmagick_6.6.0.4-3+squeeze1_amd64.deb to main/i/imagemagick/perlmagick_6.6.0.4-3+squeeze1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 659339@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Fourmond <fourmond@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 05 Mar 2012 21:05:07 +0100 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-doc libmagickcore3 libmagickcore3-extra libmagickcore-dev libmagickwand3 libmagickwand-dev libmagick++3 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.6.0.4-3+squeeze1 Distribution: stable-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Vincent Fourmond <fourmond@debian.org> Description: imagemagick - image manipulation programs imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++3 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore3 - low-level image manipulation library libmagickcore3-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand3 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 659339 Changes: imagemagick (8:6.6.0.4-3+squeeze1) stable-security; urgency=high . * Security bug fix: "Invalid validation DoS CVE-2012-0247/CVE-2012-02478", thanks to Henri Salo (Closes: #659339). Checksums-Sha1: 6c7cd37881b3a42b54122f9089aea7ce9b23801e 1914 imagemagick_6.6.0.4-3+squeeze1.dsc 598de8cf7d988634762d400ec25b41699f4868a2 8779677 imagemagick_6.6.0.4.orig.tar.bz2 05b83d571ac336446562ae6eca501b4fc2755a5c 36981 imagemagick_6.6.0.4-3+squeeze1.debian.tar.bz2 4027a7ddd5004768c2887fbff5d627c5f99fcc84 105398 imagemagick_6.6.0.4-3+squeeze1_amd64.deb b5770f6f393a472d09489b47b7c9721baa70ffd0 3691068 imagemagick-dbg_6.6.0.4-3+squeeze1_amd64.deb 53a87df735bd8116c87f42e020d07fc408319b4d 4176254 imagemagick-doc_6.6.0.4-3+squeeze1_all.deb e1a39f6457d14b1d8277f5e2d027298afac0ad89 1764456 libmagickcore3_6.6.0.4-3+squeeze1_amd64.deb 2c77e6e43535cd95424af339489193350847e20c 120690 libmagickcore3-extra_6.6.0.4-3+squeeze1_amd64.deb f4691d72f5a1ed4f381324f53aef9d25e32f64b7 1190028 libmagickcore-dev_6.6.0.4-3+squeeze1_amd64.deb a6eb4b8ebb19c1e7dac515a83d4a3a33347a95ed 417460 libmagickwand3_6.6.0.4-3+squeeze1_amd64.deb 6c2282512b7e47505ecad9755ae1abcc2b3798ed 493400 libmagickwand-dev_6.6.0.4-3+squeeze1_amd64.deb ab62811c245846f97b3db01f09aa215fc59efa71 209342 libmagick++3_6.6.0.4-3+squeeze1_amd64.deb c2ff55b8878fcc0151b000b0ebf17a34874e8268 259358 libmagick++-dev_6.6.0.4-3+squeeze1_amd64.deb f52065971ee9c68178adc65f1aadad7f83e02311 226066 perlmagick_6.6.0.4-3+squeeze1_amd64.deb Checksums-Sha256: 735f38b0ba34212a52ae0e5c9c3b362f322761f8adcb71fe102d3130e3ef5afa 1914 imagemagick_6.6.0.4-3+squeeze1.dsc 55285b81c5e3bfb537cc6ce404a490b54b4d67b33c7f64990acc4f3c6008880b 8779677 imagemagick_6.6.0.4.orig.tar.bz2 25bdbbee6aaa2336d64bb4d291a49edb398df4075b5a65b20bf9e160134834e0 36981 imagemagick_6.6.0.4-3+squeeze1.debian.tar.bz2 389a1f1440374be57ad71bc38bbc285ac0f820c309103aee1d21f28e7c5cb6ea 105398 imagemagick_6.6.0.4-3+squeeze1_amd64.deb de8139ef55166cca4abd82e6b498acd2c6a979ff0b50b7f873550ba0c7179e48 3691068 imagemagick-dbg_6.6.0.4-3+squeeze1_amd64.deb 544e2dcf9bba2a272cd05eea6247e57399a4d231b73b25cf1c4b4cd6a44d662c 4176254 imagemagick-doc_6.6.0.4-3+squeeze1_all.deb 2fb2cdae68286b190a9d2c859edacb8c3a8b3ed3d1cd69b0b7d87dce02f640af 1764456 libmagickcore3_6.6.0.4-3+squeeze1_amd64.deb 6c74f8a4dc4ee42e57fda594566cac5b2ff6b2a29793b85864ed210b140a737b 120690 libmagickcore3-extra_6.6.0.4-3+squeeze1_amd64.deb bc545391a6152b82d7fcef03de619c62d971390cff1eae41ea9fc1aa159fd877 1190028 libmagickcore-dev_6.6.0.4-3+squeeze1_amd64.deb 27af247e94d8d236cb38532aaf5450e79d785dd64ab6f9297bb81792c3adf822 417460 libmagickwand3_6.6.0.4-3+squeeze1_amd64.deb 5d86b5b209cf52cdd697ed23aa8ef11b2928ef6855e1a3411aadc96d2d3de244 493400 libmagickwand-dev_6.6.0.4-3+squeeze1_amd64.deb 61a3b20ce0f09f8a072d8a8e2437490c70e3f09e5cd23832a2908ef3c1b1aad5 209342 libmagick++3_6.6.0.4-3+squeeze1_amd64.deb 72ccbbafd4f0648769daa07d95ac505c1d9566355905a0f3b3b3266f07b5925c 259358 libmagick++-dev_6.6.0.4-3+squeeze1_amd64.deb bfa2f1ac5766c81203a604f68c575476a7d9a0db1585665441e0ba0ea937b0b8 226066 perlmagick_6.6.0.4-3+squeeze1_amd64.deb Files: 865f39dd3aad0ab31f74489116858e79 1914 graphics optional imagemagick_6.6.0.4-3+squeeze1.dsc de43e699cee7c672d1ef70108984b2e5 8779677 graphics optional imagemagick_6.6.0.4.orig.tar.bz2 e78fc269cea1b1db0b5be9d05b050d85 36981 graphics optional imagemagick_6.6.0.4-3+squeeze1.debian.tar.bz2 91772a0eeb4b3619a7f5c140e1c503ba 105398 graphics optional imagemagick_6.6.0.4-3+squeeze1_amd64.deb 0bf63ed35ceb82ab61dadf50c696968a 3691068 debug extra imagemagick-dbg_6.6.0.4-3+squeeze1_amd64.deb ce965d0e715f26210ad718c7db3f93d1 4176254 doc optional imagemagick-doc_6.6.0.4-3+squeeze1_all.deb 6fc8d09e2ac56ff611176d18c3cdcb99 1764456 libs optional libmagickcore3_6.6.0.4-3+squeeze1_amd64.deb d5899dadb66f32aea8f7be2ac7db1f34 120690 libs optional libmagickcore3-extra_6.6.0.4-3+squeeze1_amd64.deb ea677a7cacac125dcd1de2c8803377cf 1190028 libdevel optional libmagickcore-dev_6.6.0.4-3+squeeze1_amd64.deb da04d8bca5c06fbf48a8d77c9700de94 417460 libs optional libmagickwand3_6.6.0.4-3+squeeze1_amd64.deb c3693a2ac9ec8acb916f3aa145bc6e57 493400 libdevel optional libmagickwand-dev_6.6.0.4-3+squeeze1_amd64.deb 1b8fd88049daf64cd45b5556de6924d3 209342 libs optional libmagick++3_6.6.0.4-3+squeeze1_amd64.deb f8d883b2e57a0acd7740c0b64ffc064e 259358 libdevel optional libmagick++-dev_6.6.0.4-3+squeeze1_amd64.deb f299622ca3b1912ab3eb5d55444a9627 226066 perl optional perlmagick_6.6.0.4-3+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk9VJOEACgkQx/UhwSKygsqWawCfRXvuq2vFMydHwJa80M7Yr2Tr J74AnRslMeJjFsD1JsCSeGKRPdLu6KfD =YG8E -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 13 May 2012 07:40:45 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.