Debian Bug report logs -
#851380
imagemagick: CVE-2016-10146: memory leak in caption and label handling
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#851380; Package imagemagick.
(Sat, 14 Jan 2017 13:33:14 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>:
New Bug report received and forwarded. Copy sent to secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Sat, 14 Jan 2017 13:33:14 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
forwarded: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
Fixed here https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>:
You have taken responsibility.
(Sun, 15 Jan 2017 15:54:09 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>:
Bug acknowledged by developer.
(Sun, 15 Jan 2017 15:54:09 GMT) (full text, mbox, link).
Message #10 received at 851380-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: imagemagick
Version: 8:6.9.7.0+dfsg-1
Fixed in unstable
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions imagemagick/8:6.7.7.10-4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 15 Jan 2017 19:09:02 GMT) (full text, mbox, link).
Changed Bug title to 'imagemagick: CVE-2016-10146: memory leak in caption and label handling' from '[imagemagick] memory leak in caption and label handling'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 17 Jan 2017 06:24:05 GMT) (full text, mbox, link).
Reply sent
to Bastien Roucariès <roucaries.bastien+debian@gmail.com>:
You have taken responsibility.
(Thu, 09 Mar 2017 23:21:12 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>:
Bug acknowledged by developer.
(Thu, 09 Mar 2017 23:21:12 GMT) (full text, mbox, link).
Message #19 received at 851380-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u7
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 851380@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+debian@gmail.com> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Feb 2017 22:08:25 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u7
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+debian@gmail.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files
libmagick++-dev - object-oriented C++ interface to ImageMagick
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-dev - low-level image manipulation library -- transition package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library - transition for development files
perlmagick - Perl interface to ImageMagick -- transition package
Closes: 848139 849439 851374 851376 851380 851381 851382 851383 851483
Changes:
imagemagick (8:6.8.9.9-5+deb8u7) jessie-security; urgency=medium
.
* Fix Ipl file missing malloc check (Closes: #851483).
Fix CVE-2016-10145.
* Fix wpg file off by one (Closes: #851483).
Fix CVE-2016-10145.
* Fix a memory leak in caption coders (Closes: #851380).
Fix CVE-2016-10146.
* Fix possible buffer overflow when writing compressed TIFFS.
(Closes: #848139). Fix CVE-2016-8707.
* Fix a double free in profile due to overflow
(Closes: #851383). Fix CVE-2017-5506.
* Fix memory leak in MPC file handling (Closes: #851382).
Fix CVE-2017-5507
* Fix Heap-Buffer-Overflow in TIFF coder (Closes: #851381).
Fix CVE-2017-5508
* Fix improper cast that could cause an overflow. (Closes: #851374).
Fix CVE-2017-5511.
* Fix memory corruption heap overflow in psb file. (Closes: #851376).
Fix CVE-2017-5510.
* Detect write error in ReadGROUP4Image. (Closes: #849439).
Fix CVE-2016-10062
Checksums-Sha1:
c633df230fc93e33ff812832aa04e5df0703bd8c 4242 imagemagick_6.8.9.9-5+deb8u7.dsc
261284d5a1be12c8f536554d27b0fcfce1130234 262124 imagemagick_6.8.9.9-5+deb8u7.debian.tar.xz
e598c929f7a1a2328d4acae7d6ffd97f6946dfa3 151388 imagemagick-common_6.8.9.9-5+deb8u7_all.deb
dc10cfaabcfd57f8795d81118d9921b09d45a69e 7538144 imagemagick-doc_6.8.9.9-5+deb8u7_all.deb
07e6a3f17e9cdc6948e090d93a6d06296724e2a0 169860 libmagickcore-6-headers_6.8.9.9-5+deb8u7_all.deb
d5a6051df4bae36d66121ff38c64f2f79e62670b 132036 libmagickwand-6-headers_6.8.9.9-5+deb8u7_all.deb
e647306470b11810cb4ff655af058ae9a7358f2b 168548 libmagick++-6-headers_6.8.9.9-5+deb8u7_all.deb
5bc591fadca7d1258b9eb31828b6baeb872a1976 156816 imagemagick_6.8.9.9-5+deb8u7_amd64.deb
64fe3f440d44cd645fe50f578bfa031ee7bc663a 176028 libimage-magick-perl_6.8.9.9-5+deb8u7_all.deb
ec9538a9d52ccc945ee1e44543719c6baa8c8747 130842 libmagickcore-6-arch-config_6.8.9.9-5+deb8u7_amd64.deb
06458102b6f3881f8b3a89a7f50cd6d6042a7ddd 510040 imagemagick-6.q16_6.8.9.9-5+deb8u7_amd64.deb
f9a6283be0687db735624a9295de3aa97d1769dc 1693554 libmagickcore-6.q16-2_6.8.9.9-5+deb8u7_amd64.deb
b73acd25a97204dce48afdfdfded71c34864b515 172196 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u7_amd64.deb
bf5afcdc8a9fc58ddd7b2e1aa4b12edf4daee77e 1029416 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
aa2296b2a2df0b20c0b149b774f9bec15ebe3987 407454 libmagickwand-6.q16-2_6.8.9.9-5+deb8u7_amd64.deb
1bd7094340e7d9687aedb9ef114ecce0abae92fb 394394 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
b4d58dad72efb17f50f5309fa0267ef438767928 255792 libmagick++-6.q16-5_6.8.9.9-5+deb8u7_amd64.deb
de8e5e22063d3c32849b577eefa833483bb28d03 223542 libmagick++-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
4ea62407dddb00a0352ed3ee345e90f4d0f040bc 5006502 imagemagick-dbg_6.8.9.9-5+deb8u7_amd64.deb
617ede36b0dc926a37bb8b9646567790ad1a79cc 223222 libimage-magick-q16-perl_6.8.9.9-5+deb8u7_amd64.deb
e650037546902cb4e464428b408f8d6b32475f0f 123304 perlmagick_6.8.9.9-5+deb8u7_all.deb
386e59053065ceb46d050b9ac164b9ac8147fbe7 123290 libmagickcore-dev_6.8.9.9-5+deb8u7_all.deb
06a59769587d7896883a3243c83213154ab81a53 123272 libmagickwand-dev_6.8.9.9-5+deb8u7_all.deb
8b7a27a49de0f99cef3d1cae1f3bb16266a17f96 123306 libmagick++-dev_6.8.9.9-5+deb8u7_all.deb
Checksums-Sha256:
18191ffb8c3b11919f87f6b85651f647cf0d1cfbef4c9ae35c02df45d96c3c49 4242 imagemagick_6.8.9.9-5+deb8u7.dsc
9d3b82f2e39a6c16c8f3a7479bda7f617b56644c1c39801424bec1b3dde62f46 262124 imagemagick_6.8.9.9-5+deb8u7.debian.tar.xz
4cadbb022e80b175b0c39d0b4f2df1db05e0d755e8c2e807799af7d24b5545f4 151388 imagemagick-common_6.8.9.9-5+deb8u7_all.deb
1e6ef8cef7cddf899b6679b038b8d3166759967c0d48fa8940dfe50b65cc3faf 7538144 imagemagick-doc_6.8.9.9-5+deb8u7_all.deb
8118cbbb088a2d14915778dc865bb907ad09e3c8757c37c7a349099f242a1b7b 169860 libmagickcore-6-headers_6.8.9.9-5+deb8u7_all.deb
084a12b0c01c5a6a868913d68a9345eb859ab01763fe58766504671b54b5844d 132036 libmagickwand-6-headers_6.8.9.9-5+deb8u7_all.deb
5e3404e9e9043af6b3a2bcf6aaa6d87053081d68273b771c1597c2cc8fd2e5d6 168548 libmagick++-6-headers_6.8.9.9-5+deb8u7_all.deb
0f00dbd8ade07bab8eceda1dc071217825dd69cf191d2df1cbac826aaaf61ad0 156816 imagemagick_6.8.9.9-5+deb8u7_amd64.deb
74045c656999249532f4bc5dcd7799753a3f45a0bee7ac50ee1178cfd05dfd77 176028 libimage-magick-perl_6.8.9.9-5+deb8u7_all.deb
b64dfd671bc6c4572b7f5fb6f9fcb7bf464c042cf608ff79aee400270a6c9710 130842 libmagickcore-6-arch-config_6.8.9.9-5+deb8u7_amd64.deb
3f6ee9af954328db1d0c37c87ce672d628efb9c1d80bda70c5362d8b1f0aa375 510040 imagemagick-6.q16_6.8.9.9-5+deb8u7_amd64.deb
9168f66915e482d0290fd77350ece446cb1f5072055b0fcd560e9e694ec2cfbb 1693554 libmagickcore-6.q16-2_6.8.9.9-5+deb8u7_amd64.deb
619df326d4e3b34e0d5a09115ac97e13468b7e6a194fb2baab8f6382198c2bb8 172196 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u7_amd64.deb
7aa9f67b90311220dbd6025158898e1f0befbe1f514fc3c053fba6afc6148f8a 1029416 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
5262ea5d4d17abc2ea998bd9d481ccc5f25c8e5ba6b73ce15663a9e1053197cb 407454 libmagickwand-6.q16-2_6.8.9.9-5+deb8u7_amd64.deb
97e95b5e6ece7f56a10637d74ff4245f9556be245a5e4408ec14d3d1d0221d72 394394 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
7e469ad34f9861901a0c927332abf7d1636147c572049e38c894a4651f3f4ee9 255792 libmagick++-6.q16-5_6.8.9.9-5+deb8u7_amd64.deb
6ec2b1fe253fd0cbce81d0983c28bab398558030a867e654f5f22eb25d216ea9 223542 libmagick++-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
95b6f29b4eb606e3afa4c5d667b3564cf81c44c6541ce8e568d7c1bf0ab76498 5006502 imagemagick-dbg_6.8.9.9-5+deb8u7_amd64.deb
ebd45719c3ec75ee307ddba48eb8de185114cc5d8cf4d5e5d3e745cc61c4aa12 223222 libimage-magick-q16-perl_6.8.9.9-5+deb8u7_amd64.deb
3f4f7564c9b25a859d9977655824a609b8face7a6e7744b9e48f82dd609a2402 123304 perlmagick_6.8.9.9-5+deb8u7_all.deb
69237d793d5e5fa43cc4968f4efb4f335e35f819756fd42cca3da818602a7bf0 123290 libmagickcore-dev_6.8.9.9-5+deb8u7_all.deb
19c90881356a4c4afeb5a94add612cd5739f197a72f44ddaa6925f725cf5c66c 123272 libmagickwand-dev_6.8.9.9-5+deb8u7_all.deb
2adeff458de336f750935db1fdb242e264aaf9a41f2c0b5674e835ec1b628330 123306 libmagick++-dev_6.8.9.9-5+deb8u7_all.deb
Files:
36afc3dca2cc7e713128e9c0fbd9e673 4242 graphics optional imagemagick_6.8.9.9-5+deb8u7.dsc
6faa0dc084164b9877edaea4309fe965 262124 graphics optional imagemagick_6.8.9.9-5+deb8u7.debian.tar.xz
68e23e9594b1b013abb52d5ba833e707 151388 graphics optional imagemagick-common_6.8.9.9-5+deb8u7_all.deb
ecce1f9b4b5e143fd37482094bd086eb 7538144 doc optional imagemagick-doc_6.8.9.9-5+deb8u7_all.deb
3bdde186e2a6a220c323218723e0f8a8 169860 libdevel optional libmagickcore-6-headers_6.8.9.9-5+deb8u7_all.deb
94d2425fb14baf9fa6d53ec385f92b4e 132036 libdevel optional libmagickwand-6-headers_6.8.9.9-5+deb8u7_all.deb
84c55325f584a8df92ed3b41139850dc 168548 libdevel optional libmagick++-6-headers_6.8.9.9-5+deb8u7_all.deb
5e876e38d068572d80f6babbf2454381 156816 graphics optional imagemagick_6.8.9.9-5+deb8u7_amd64.deb
3c935a3f1b3f3efe3469b516b80a066d 176028 perl optional libimage-magick-perl_6.8.9.9-5+deb8u7_all.deb
5811cf393479c604b9ff1e009d2a9340 130842 libdevel optional libmagickcore-6-arch-config_6.8.9.9-5+deb8u7_amd64.deb
f3fe301eaf1290ac1f8c679249f26146 510040 graphics optional imagemagick-6.q16_6.8.9.9-5+deb8u7_amd64.deb
018c21004bbb3f20c07a69077e6fb841 1693554 libs optional libmagickcore-6.q16-2_6.8.9.9-5+deb8u7_amd64.deb
d8b4b2e017c2346cf5a5e99ae7b56ba9 172196 libs optional libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u7_amd64.deb
1a29791cc60cfef704a954c7dbbdef3c 1029416 libdevel optional libmagickcore-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
aed3276c28dfebfb69787138a4c84011 407454 libs optional libmagickwand-6.q16-2_6.8.9.9-5+deb8u7_amd64.deb
f2fc904dbea283d754df43e973a24107 394394 libdevel optional libmagickwand-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
67d9789ed9f16915a019ffc174e95dca 255792 libs optional libmagick++-6.q16-5_6.8.9.9-5+deb8u7_amd64.deb
82ab179ef1e19c4ee7466b8a88c7ab26 223542 libdevel optional libmagick++-6.q16-dev_6.8.9.9-5+deb8u7_amd64.deb
df2190491eb9f90183e8bf9a18d096ae 5006502 debug extra imagemagick-dbg_6.8.9.9-5+deb8u7_amd64.deb
565aa24b1cb3d14a3c760ccedf0f679b 223222 perl optional libimage-magick-q16-perl_6.8.9.9-5+deb8u7_amd64.deb
cc18c59708f72ad9c6f95840aaa504dd 123304 oldlibs extra perlmagick_6.8.9.9-5+deb8u7_all.deb
0a869a2731aab097b9fa420c5d4f7632 123290 oldlibs extra libmagickcore-dev_6.8.9.9-5+deb8u7_all.deb
3a8aa1025e16f2ab61a38d2f5c97bf8a 123272 oldlibs extra libmagickwand-dev_6.8.9.9-5+deb8u7_all.deb
35583e8c46ca77bf7567ae7326f4aaef 123306 oldlibs extra libmagick++-dev_6.8.9.9-5+deb8u7_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAli0SgIACgkQADoaLapB
CF+rfA//aCdU8Vr1DCMMn3o9VpqUWZbiyZhIw85fNrQVeVd/3RPeotbMqVhlcwp3
tJcYjNH1XjG8bt6ljF8G5yhteEv5fLQYBFQd5EDzIIRB4Y7rlpv4od7EG4AlRLnU
fVYKJhodZ3pkooxkoDHSXjN/ra+sROA2TL7JjFVjBUdwk0NcaSkspyyCQgk0/gnP
wSu14wZsvufGnBODcFKuHtAg9HrJbHlWovE2W/9tAswhmRLqoBgYCrpKJPcJDRRD
9g14VV6ySyEGOjSL2xIyuokPBESPd/NlJxtwHj2vf3A+7W+9KpCIN+r1SOFBCUYv
sigHS4W6n8q/UGrQhapFG5xH7jifULB+1p0D1hQAQ1/HD1uzFau5bxPmEUr2pcji
nIDK/eZgVSbLfWINKPcCWvXA44r4iPhurFzVzrn2J6IVGDJkRJZCncV6XIYwC9XB
0EOeZtAkKCNa9RM1y3mTsEJ36l1WZcwN1eKzAUQZCKJPBsPdw5/Ti94CPXsoM3KM
k2mSEtGiPlJHNyvMe0/nStLRFgh45QCxuDihInm1BXBALzsDqdkqTA98RMGNNlrG
0l/txGtSVfD9kxeQ8ePNK3ZO/ty4pH+nHKCQ5v7Asj6vt2FkXOvalmdgqFMiI56E
CUMR4XslBrsowNqOSUc/nVuXW78GcH87L4cDg/XDhSbmnp1lgWo=
=3VIo
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 07 May 2017 07:31:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:37:29 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon