Debian Bug report logs -
#1030767
imagemagick: CVE-2022-44267 CVE-2022-44268
Reported by: Waylon Liu <gliuwr@gmail.com>
Date: Tue, 7 Feb 2023 11:09:02 UTC
Severity: important
Tags: security, upstream
Found in version imagemagick/8:6.9.11.60+dfsg-1.3
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, gliuwr@gmail.com, team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#1030767; Package imagemagick.
(Tue, 07 Feb 2023 11:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Waylon Liu <gliuwr@gmail.com>:
New Bug report received and forwarded. Copy sent to gliuwr@gmail.com, team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Tue, 07 Feb 2023 11:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: imagemagick
Version: 8:6.9.11.60+dfsg-1.3
Severity: important
Tags: security
X-Debbugs-Cc: gliuwr@gmail.com, Debian Security Team <team@security.debian.org>
-- Package-specific info:
ImageMagick program version
---------------------------
animate: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
compare: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
convert: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
composite: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
conjure: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
display: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
identify: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
import: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
mogrify: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
montage: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
stream: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.0-52-generic (SMP w/2 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages imagemagick depends on:
ii imagemagick-6.q16 8:6.9.11.60+dfsg-1.3
imagemagick recommends no packages.
imagemagick suggests no packages.
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#1030767; Package imagemagick.
(Tue, 07 Feb 2023 11:24:07 GMT) (full text, mbox, link).
Acknowledgement sent
to "Waylon Liu (Cybit)" <gliuwr@gmail.com>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Tue, 07 Feb 2023 11:24:07 GMT) (full text, mbox, link).
Message #10 received at 1030767@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
official patch: https://github.com/ImageMagick/ImageMagick6/commit/3c5188b41902a909e163492fb0c19e49efefcefe
fixed in 6.9.12-67
[Message part 2 (text/html, inline)]
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 07 Feb 2023 12:03:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Feb 7 13:06:13 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon