Debian Bug report logs -
#665007
CVE-2012-1185 / CVE-2012-1186: incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Thu, 22 Mar 2012 11:09:02 UTC
Severity: serious
Tags: security
Fixed in versions imagemagick/8:6.6.9.7-7, imagemagick/8:6.7.4.0-3, imagemagick/8:6.6.0.4-3+squeeze2
Done: Vincent Fourmond <fourmond@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Information forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#665007; Package imagemagick.
(Thu, 22 Mar 2012 11:09:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
Extra info received and forwarded to list. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Thu, 22 Mar 2012 11:09:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: imagemagick
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The original fixes for the ImageMagick issues CVE-2012-0247 and
CVE-2012-0248 are incomplete.
Please see:
http://seclists.org/oss-sec/2012/q1/685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk9q/WUACgkQNxpp46476arBQgCeLZLei0zKKvxadUhYfFUpLw6f
EF4An30VihPmJDQmyY8MzuOibIoIT5Yx
=mRjI
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#665007; Package imagemagick.
(Wed, 28 Mar 2012 06:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Wed, 28 Mar 2012 06:33:03 GMT) (full text, mbox, link).
Message #10 received at 665007@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Thanks,
Patch are under git
My usual mentors may apply tomorrow or saturday
Bastien
Le 22 mars 2012 12:09, "Giuseppe Iuculano" <iuculano@debian.org> a écrit :
Package: imagemagick
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The original fixes for the ImageMagick issues CVE-2012-0247 and
CVE-2012-0248 are incomplete.
Please see:
http://seclists.org/oss-sec/2012/q1/685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk9q/WUACgkQNxpp46476arBQgCeLZLei0zKKvxadUhYfFUpLw6f
EF4An30VihPmJDQmyY8MzuOibIoIT5Yx
=mRjI
-----END PGP SIGNATURE-----
[Message part 2 (text/html, inline)]
Reply sent
to Bastien Roucariès <roucaries.bastien+debian@gmail.com>:
You have taken responsibility.
(Thu, 29 Mar 2012 21:21:07 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Thu, 29 Mar 2012 21:21:07 GMT) (full text, mbox, link).
Message #15 received at 665007-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Source-Version: 8:6.6.9.7-7
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick-common_6.6.9.7-7_all.deb
to main/i/imagemagick/imagemagick-common_6.6.9.7-7_all.deb
imagemagick-dbg_6.6.9.7-7_amd64.deb
to main/i/imagemagick/imagemagick-dbg_6.6.9.7-7_amd64.deb
imagemagick-doc_6.6.9.7-7_all.deb
to main/i/imagemagick/imagemagick-doc_6.6.9.7-7_all.deb
imagemagick_6.6.9.7-7.debian.tar.bz2
to main/i/imagemagick/imagemagick_6.6.9.7-7.debian.tar.bz2
imagemagick_6.6.9.7-7.dsc
to main/i/imagemagick/imagemagick_6.6.9.7-7.dsc
imagemagick_6.6.9.7-7_amd64.deb
to main/i/imagemagick/imagemagick_6.6.9.7-7_amd64.deb
libmagick++-dev_6.6.9.7-7_amd64.deb
to main/i/imagemagick/libmagick++-dev_6.6.9.7-7_amd64.deb
libmagick++4_6.6.9.7-7_amd64.deb
to main/i/imagemagick/libmagick++4_6.6.9.7-7_amd64.deb
libmagickcore-dev_6.6.9.7-7_amd64.deb
to main/i/imagemagick/libmagickcore-dev_6.6.9.7-7_amd64.deb
libmagickcore4-extra_6.6.9.7-7_amd64.deb
to main/i/imagemagick/libmagickcore4-extra_6.6.9.7-7_amd64.deb
libmagickcore4_6.6.9.7-7_amd64.deb
to main/i/imagemagick/libmagickcore4_6.6.9.7-7_amd64.deb
libmagickwand-dev_6.6.9.7-7_amd64.deb
to main/i/imagemagick/libmagickwand-dev_6.6.9.7-7_amd64.deb
libmagickwand4_6.6.9.7-7_amd64.deb
to main/i/imagemagick/libmagickwand4_6.6.9.7-7_amd64.deb
perlmagick_6.6.9.7-7_amd64.deb
to main/i/imagemagick/perlmagick_6.6.9.7-7_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 665007@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+debian@gmail.com> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 27 Mar 2012 16:47:41 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore4 libmagickcore4-extra libmagickcore-dev libmagickwand4 libmagickwand-dev libmagick++4 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.6.9.7-7
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+debian@gmail.com>
Description:
imagemagick - image manipulation programs
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
libmagick++4 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore4 - low-level image manipulation library
libmagickcore4-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand4 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 665007
Changes:
imagemagick (8:6.6.9.7-7) unstable; urgency=high
.
* Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186"
(Closes: #665007)
* Bumping urgency to high to fix open security issue in testing
Checksums-Sha1:
eb996dc7a57eb423d132f2e77e058a8e4fd815e4 2418 imagemagick_6.6.9.7-7.dsc
35b1b847d01bfccf5da6e72bb577e2a4377b4b18 44411 imagemagick_6.6.9.7-7.debian.tar.bz2
895094f098c2a5122e244ca6e82bcfe43c160845 124656 imagemagick_6.6.9.7-7_amd64.deb
61fc6a48e331dd7a3a8a15cb66fea27b1623c1f5 4611484 imagemagick-dbg_6.6.9.7-7_amd64.deb
f69bbbe6be22f6faf3ea1e2626a954daeadcdab2 112690 imagemagick-common_6.6.9.7-7_all.deb
0934a62c05d8dd047d6b7b8260aa05d297b03abd 5538204 imagemagick-doc_6.6.9.7-7_all.deb
d0f85cc30c9328a6e6ba4899d203d1a12f6ef3c4 1950676 libmagickcore4_6.6.9.7-7_amd64.deb
bb1b3df981ebda14cc61b052a4cfb99fb76adb19 125032 libmagickcore4-extra_6.6.9.7-7_amd64.deb
fb35a0e83ead3cddb4ea82fd43b1af8cc377ce69 1295038 libmagickcore-dev_6.6.9.7-7_amd64.deb
043b123189cd248367867e1d1cb66c8f48c716eb 442530 libmagickwand4_6.6.9.7-7_amd64.deb
2f06e901c56629ee6a915ec7ed3b79744dc9a979 524140 libmagickwand-dev_6.6.9.7-7_amd64.deb
0d973a20c9e2fe4e4310616852d7c28e95bee81a 217874 libmagick++4_6.6.9.7-7_amd64.deb
7c66c3419c1b8f99b18e8d397e98d2e95a54c808 268926 libmagick++-dev_6.6.9.7-7_amd64.deb
0ed5debd278b47255e2d7d418b3bc8358c4ca969 240176 perlmagick_6.6.9.7-7_amd64.deb
Checksums-Sha256:
1cb3de433874f324dba0ef5514c046db800a5795dea0d8075803c144b014127f 2418 imagemagick_6.6.9.7-7.dsc
7735b914881d5369b3c347920db688f1d32f470ac0a7f0084d8e7a5916e6e050 44411 imagemagick_6.6.9.7-7.debian.tar.bz2
9dbe49528153cc27e608102f576e0a889f957dbc186eefb03262abecd9c0816b 124656 imagemagick_6.6.9.7-7_amd64.deb
1090b248b8ed4e3b339ffca59380246351335ec89eead17ca4bc1290b71c86a3 4611484 imagemagick-dbg_6.6.9.7-7_amd64.deb
9619986bda0e6ba3b916acaf2215956376440615bf21f4d673d80c0f5fd6be23 112690 imagemagick-common_6.6.9.7-7_all.deb
8cf5fd2ef7f44a0db539678960fe2d4652941cc9483b90301bae8f2b24de9667 5538204 imagemagick-doc_6.6.9.7-7_all.deb
080ae70f47b1b9a374b7c68b70c9ed4c9748cb4ade9bb821b000b963d4930498 1950676 libmagickcore4_6.6.9.7-7_amd64.deb
5939e52dc9b5e714d4d091889c3b6558b72d2862868abff0305cf7f1827d2fb1 125032 libmagickcore4-extra_6.6.9.7-7_amd64.deb
6cd0851ab7663da199560c828042ec0847eecd6799a02431f42fec8923c993ad 1295038 libmagickcore-dev_6.6.9.7-7_amd64.deb
ac05daf3f7a297acfb830d49e6057445ff36e0705bb6d3252bebd056b34ad736 442530 libmagickwand4_6.6.9.7-7_amd64.deb
e9c01a9bf0e3a9a6c853eb380c707d3adf4e9a3fa02fc4539490b99c62f85310 524140 libmagickwand-dev_6.6.9.7-7_amd64.deb
e97ca2c772432a9e14376ee4ef3734a230bc1b02368e23ca06170defcc80299a 217874 libmagick++4_6.6.9.7-7_amd64.deb
90895f39a0203a339744e820a295429cef86f6627b02b7e2499a3070ae0babee 268926 libmagick++-dev_6.6.9.7-7_amd64.deb
0abf9fdf9ce8033fbcfb312f94ff050aff9d692769e4e28b8db6e82b4407a701 240176 perlmagick_6.6.9.7-7_amd64.deb
Files:
4a7803d456a48af8e28c7ae63df21710 2418 graphics optional imagemagick_6.6.9.7-7.dsc
25f7edaecfa88772ff6a3fee57248d05 44411 graphics optional imagemagick_6.6.9.7-7.debian.tar.bz2
78a0033fa259fc021476ce99e6011a5d 124656 graphics optional imagemagick_6.6.9.7-7_amd64.deb
74af50ad60b7ee85a2644194070dc1be 4611484 debug extra imagemagick-dbg_6.6.9.7-7_amd64.deb
c5a1c81d06dfa1fcc07760c7e4122edd 112690 graphics optional imagemagick-common_6.6.9.7-7_all.deb
610c3a9871f2b25088b61046025fbf4b 5538204 doc optional imagemagick-doc_6.6.9.7-7_all.deb
6206f55c3bd2dee2adef4c5fb73aa1bd 1950676 libs optional libmagickcore4_6.6.9.7-7_amd64.deb
0b489ddc474ea4e2ab4a7aedc7dd7eee 125032 libs optional libmagickcore4-extra_6.6.9.7-7_amd64.deb
8ae48236f763bb129f949c69c943b0ba 1295038 libdevel optional libmagickcore-dev_6.6.9.7-7_amd64.deb
a87d6df3120a854f0b60a25ce893db23 442530 libs optional libmagickwand4_6.6.9.7-7_amd64.deb
897426fc85be571314dbdaf0390a7e90 524140 libdevel optional libmagickwand-dev_6.6.9.7-7_amd64.deb
ceb774a9a0cfb5f063d573fbeeca9d4f 217874 libs optional libmagick++4_6.6.9.7-7_amd64.deb
cca048af558c68494dc96a04f0477884 268926 libdevel optional libmagick++-dev_6.6.9.7-7_amd64.deb
e8618445171afbf0ce1936b53554fd26 240176 perl optional perlmagick_6.6.9.7-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk90u+8ACgkQx/UhwSKygspR/QCgvbUVmJ1OYcIQ0oDQbiCvuRyp
43sAn1JpN8nPdYzuuJnKO2ZpjaRrqV/m
=/L4i
-----END PGP SIGNATURE-----
Reply sent
to Vincent Fourmond <fourmond@debian.org>:
You have taken responsibility.
(Sun, 01 Apr 2012 19:39:13 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Sun, 01 Apr 2012 19:39:13 GMT) (full text, mbox, link).
Message #20 received at 665007-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Source-Version: 8:6.7.4.0-3
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick-common_6.7.4.0-3_all.deb
to main/i/imagemagick/imagemagick-common_6.7.4.0-3_all.deb
imagemagick-dbg_6.7.4.0-3_amd64.deb
to main/i/imagemagick/imagemagick-dbg_6.7.4.0-3_amd64.deb
imagemagick-doc_6.7.4.0-3_all.deb
to main/i/imagemagick/imagemagick-doc_6.7.4.0-3_all.deb
imagemagick_6.7.4.0-3.debian.tar.bz2
to main/i/imagemagick/imagemagick_6.7.4.0-3.debian.tar.bz2
imagemagick_6.7.4.0-3.dsc
to main/i/imagemagick/imagemagick_6.7.4.0-3.dsc
imagemagick_6.7.4.0-3_amd64.deb
to main/i/imagemagick/imagemagick_6.7.4.0-3_amd64.deb
libmagick++-dev_6.7.4.0-3_amd64.deb
to main/i/imagemagick/libmagick++-dev_6.7.4.0-3_amd64.deb
libmagick++5_6.7.4.0-3_amd64.deb
to main/i/imagemagick/libmagick++5_6.7.4.0-3_amd64.deb
libmagickcore-dev_6.7.4.0-3_amd64.deb
to main/i/imagemagick/libmagickcore-dev_6.7.4.0-3_amd64.deb
libmagickcore5-extra_6.7.4.0-3_amd64.deb
to main/i/imagemagick/libmagickcore5-extra_6.7.4.0-3_amd64.deb
libmagickcore5_6.7.4.0-3_amd64.deb
to main/i/imagemagick/libmagickcore5_6.7.4.0-3_amd64.deb
libmagickwand-dev_6.7.4.0-3_amd64.deb
to main/i/imagemagick/libmagickwand-dev_6.7.4.0-3_amd64.deb
libmagickwand5_6.7.4.0-3_amd64.deb
to main/i/imagemagick/libmagickwand5_6.7.4.0-3_amd64.deb
perlmagick_6.7.4.0-3_amd64.deb
to main/i/imagemagick/perlmagick_6.7.4.0-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 665007@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Fourmond <fourmond@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 01 Apr 2012 20:51:53 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.7.4.0-3
Distribution: unstable
Urgency: low
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Vincent Fourmond <fourmond@debian.org>
Description:
imagemagick - image manipulation programs
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
libmagick++5 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore5 - low-level image manipulation library
libmagickcore5-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand5 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 665007
Changes:
imagemagick (8:6.7.4.0-3) unstable; urgency=low
.
[ Bastien Roucariès ]
* Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186"
(Closes: #665007)
.
[ Vincent Fourmond ]
* Uploading to unstable, opening the way for the transition (see bug
#652650)
* Hurray, it seems the package conforms to standards 3.9.3 !
Checksums-Sha1:
ef8470e8295770cf83d5dce03b9f0cd10e24546e 2434 imagemagick_6.7.4.0-3.dsc
5e03443e614a4e53d5eaefe46950672ff8b9341d 41987 imagemagick_6.7.4.0-3.debian.tar.bz2
5901ef4c98462bdb7d81a8c33f386572766c407c 129726 imagemagick_6.7.4.0-3_amd64.deb
57c109f851f66bad45b4942913f7154e0bcedd41 4770668 imagemagick-dbg_6.7.4.0-3_amd64.deb
2ce85bc85a246672583b2988b357f14078eb5ab0 175284 imagemagick-common_6.7.4.0-3_all.deb
2a52517dc52f4dc24773202b230d5d48e5889772 5576612 imagemagick-doc_6.7.4.0-3_all.deb
36e00a8044be5c3f36549ef4d38c7a8c45c2b237 2040336 libmagickcore5_6.7.4.0-3_amd64.deb
ca91456d9bfbff5ce17e3e24d2af9d56e0a05b7d 131242 libmagickcore5-extra_6.7.4.0-3_amd64.deb
a16ce789246db39bd8f4b6e450e76bd0d06abeae 1361336 libmagickcore-dev_6.7.4.0-3_amd64.deb
7753effb931feeee6985a5419ab6405e1c35f73d 447516 libmagickwand5_6.7.4.0-3_amd64.deb
f6882e134f25aa06ef1141bfea223343e11be1c9 528368 libmagickwand-dev_6.7.4.0-3_amd64.deb
f465b7886b957d5ff2806a63c265b6c1ed097943 224064 libmagick++5_6.7.4.0-3_amd64.deb
a8a68ce3055e728fc43768b35b638fc952de6a74 274264 libmagick++-dev_6.7.4.0-3_amd64.deb
dab1421c66b3ad9a1cf4b9738c90981138ab6189 240972 perlmagick_6.7.4.0-3_amd64.deb
Checksums-Sha256:
8563c4042c2d09ea76e5c1dbdeb6844b7b2de367491e91bb44017d2e0210d3e5 2434 imagemagick_6.7.4.0-3.dsc
9d53d1b0be4b0082639b9e94a9c4444b45578f698ecd688cf8d1b64ddc0fda88 41987 imagemagick_6.7.4.0-3.debian.tar.bz2
9328da1d1dd14a7370541d829a092fd359f192321b9f4d6b059767d327a50760 129726 imagemagick_6.7.4.0-3_amd64.deb
69f88131d295eca4baaaacade0d2ee6f079a0a518b8f00310698f6f957f5c47e 4770668 imagemagick-dbg_6.7.4.0-3_amd64.deb
cedb71bf2306e024b85d567ff9adbec9bee8e30610892b9b02c5b58968a00d16 175284 imagemagick-common_6.7.4.0-3_all.deb
2ab498de1203f301856bfcfb0cb4799a3e066e7974e247e3e4de8019e9d47b8f 5576612 imagemagick-doc_6.7.4.0-3_all.deb
28d0985d4f386f350badbeaf0e89f327a8738ef32fce73ce738af2ab1dd68bdf 2040336 libmagickcore5_6.7.4.0-3_amd64.deb
ef5c3df8649fb8a3175d377be3a3f44f3e595613503b7de2ceef5315976acdb0 131242 libmagickcore5-extra_6.7.4.0-3_amd64.deb
db4cf539868458b0c7230a623dc7e7c1ce56fa2b1ec2bff23d939d02ef8a159e 1361336 libmagickcore-dev_6.7.4.0-3_amd64.deb
b6d8efa87c8842150780d79bd2e17914f46f959a308dcc27ca2ea5238e471135 447516 libmagickwand5_6.7.4.0-3_amd64.deb
4839a8de25012839f555584fa6011ce82fef61eaa7a73c0bbc4707c84834dfd1 528368 libmagickwand-dev_6.7.4.0-3_amd64.deb
7c45bea257bd592479d106e3120cf65e3c31c18ecf1641aca7eaf21c6638d1d0 224064 libmagick++5_6.7.4.0-3_amd64.deb
8e22dd0c00e41abe3a55a97726e31707c1a7ffb116f0622395e3d34ef42c2882 274264 libmagick++-dev_6.7.4.0-3_amd64.deb
f3c4994bd62539b579a3a247a7a5e669ec31504e168a70276a28fccf79ed0321 240972 perlmagick_6.7.4.0-3_amd64.deb
Files:
5bbb6adcea778ea8c85eeb710c50bdd7 2434 graphics optional imagemagick_6.7.4.0-3.dsc
c79afd69f9739bc9273d83bbf7181933 41987 graphics optional imagemagick_6.7.4.0-3.debian.tar.bz2
eba33fae6afaac2e8fe00ecd5bf6d9cc 129726 graphics optional imagemagick_6.7.4.0-3_amd64.deb
39b3d48650b41780d3f2b5c4c70e1c6a 4770668 debug extra imagemagick-dbg_6.7.4.0-3_amd64.deb
5e2dee3e1712252b4af7a6760d183875 175284 graphics optional imagemagick-common_6.7.4.0-3_all.deb
80f5765405ceb76f2fd0090e33fe42dc 5576612 doc optional imagemagick-doc_6.7.4.0-3_all.deb
26e5a694de106b8d7557e9ea4e4d833c 2040336 libs optional libmagickcore5_6.7.4.0-3_amd64.deb
299e866b44576d4623a78e5adff10eda 131242 libs optional libmagickcore5-extra_6.7.4.0-3_amd64.deb
0be59d20a56a9e0e441c80fe442d217a 1361336 libdevel optional libmagickcore-dev_6.7.4.0-3_amd64.deb
fba960e87daae17cabd9d617e267bd96 447516 libs optional libmagickwand5_6.7.4.0-3_amd64.deb
453e9e7759398fb78362d477b43f14fc 528368 libdevel optional libmagickwand-dev_6.7.4.0-3_amd64.deb
3d8ac086f6f7c0147d32eeb67176a817 224064 libs optional libmagick++5_6.7.4.0-3_amd64.deb
cf33bce2e8d0ed91d128758632477630 274264 libdevel optional libmagick++-dev_6.7.4.0-3_amd64.deb
3fa5e0b14549f91000bcf6e3529fc1cd 240972 perl optional perlmagick_6.7.4.0-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk94qQcACgkQx/UhwSKygsoXKQCfYte/C8O0/X4iTvdB4ZbEDMA/
p18AniDyt2Q42rqYpzBcYaxKwdBIZjnF
=pcG3
-----END PGP SIGNATURE-----
Reply sent
to Vincent Fourmond <fourmond@debian.org>:
You have taken responsibility.
(Wed, 02 May 2012 22:33:14 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer.
(Wed, 02 May 2012 22:33:14 GMT) (full text, mbox, link).
Message #25 received at 665007-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Source-Version: 8:6.6.0.4-3+squeeze2
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
to main/i/imagemagick/imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
imagemagick_6.6.0.4-3+squeeze2.dsc
to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2.dsc
imagemagick_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2_amd64.deb
libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
perlmagick_6.6.0.4-3+squeeze2_amd64.deb
to main/i/imagemagick/perlmagick_6.6.0.4-3+squeeze2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 665007@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Fourmond <fourmond@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 18 Apr 2012 23:05:08 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-doc libmagickcore3 libmagickcore3-extra libmagickcore-dev libmagickwand3 libmagickwand-dev libmagick++3 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.6.0.4-3+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Vincent Fourmond <fourmond@debian.org>
Description:
imagemagick - image manipulation programs
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
libmagick++3 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore3 - low-level image manipulation library
libmagickcore3-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand3 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 665007 667635
Changes:
imagemagick (8:6.6.0.4-3+squeeze2) stable-security; urgency=high
.
* Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186 (incomplete fix)"
(Closes: #665007)
* Fix CVE-2012-0259 / CVE-2012-0260 / CVE-2012-1798 /
CVE-2012-1610 (Closes: #667635)
- Vulnerability CVE-2012-0259 can cause a DoS in a system
via handing JPEG files with invalid EXIF XResolution tag.
- Vulnerability CVE-2012-0260 can lead to excessive use of
memory in target system, when processing a malicious JPEG file.
Excessive use of memory can lead to denial of service.
- Vulnerability CVE-2012-1798 can cause program to crash when
reading invalid memory, while parsing EXIF IFD in a TIFF file.
- Vulnerability CVE-2012-1610 Fix a Potential EXIF Integer Overflow
Checksums-Sha1:
e2cb845e70cd066986c6cf0cadebf17e8bfad30e 1914 imagemagick_6.6.0.4-3+squeeze2.dsc
9be53f846b0c17721d6425977c407b353ee870c6 39845 imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
561288cbf24eccb9387c43c3eb4c592142b02ea2 105678 imagemagick_6.6.0.4-3+squeeze2_amd64.deb
936d6d3eab461b5a8631d5ef8353e11be516bbcc 3691536 imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
3115ea171278ab5170eec2a52cb75ac2fcf1ccb7 4176596 imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
3e91dd0748ef1ef31926e2aa80356e5bba774e57 1764922 libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
57f7e32677994a75399136623ebe5020b7c7f01e 120952 libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
e035b6890f149efb5cc4c988b9f6a842388d3702 1190578 libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
8c0ad856f61a9ff83dcfdc940758d04b22e5d86b 417792 libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
b76abd4437d0bd4c3a2d63532087eefbf47637d1 493638 libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
728568de5de726211758c4adfb274a2daa3c848b 209606 libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
0afd88e7604a2eb16c0be75bf6234688010e2166 259554 libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
2cbd39fbd98f5c25a5b1d1bd0b1d7f45f2d37d34 226278 perlmagick_6.6.0.4-3+squeeze2_amd64.deb
Checksums-Sha256:
caa7b926865880c7f802d36f7b0b799ea61e127764c41361cc536f77f702c6e9 1914 imagemagick_6.6.0.4-3+squeeze2.dsc
236a6d5bd5cc20819cea6cd48a05c593035b49b5e0d2b1ed4f4427e9bd7103d5 39845 imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
39ef2a452324d986002f3473a61afe1ce792c993e2db1489488d07fe646c568a 105678 imagemagick_6.6.0.4-3+squeeze2_amd64.deb
d499387cd3c4d4f2e7cf09b3833954a4b3c8a029224365bbd00f90247c053cbb 3691536 imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
ff2acc3f4a7512f5ea9e214cfc3b1433bc03365b1699ee6ac230f2a6b5a9bcf6 4176596 imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
dc6d7f29fffed83a2408c1de4eb429a16038d8092778931feb53880702d1f3ea 1764922 libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
c7d175c6a66395b2e26066d5853d028e6b5971048633f977dc45fc8715425554 120952 libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
2948d6d98bda4a513a218c72869647f2303eaac4fba1647bffeb90b8a079b403 1190578 libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
a664cd1b3e78e4eccde7cc8a61c91739747793c3773e61a35df25dcdfbd19f06 417792 libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
177777438c53bbf1e935697dc18373428e71a84d6605ffa0410ee2864d2af790 493638 libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
324f140e45eaacc5cc66e9f6faca16bb99344abc7c79d956ae91d7d2936b9766 209606 libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
22bce2ee29ab77a5f91f7f947ac0acdbf2c9515cd073f19e5ef57e75d4f94299 259554 libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
1146a1246b6c273b669563feb3a8068ab75f6a4b399ab8cfe7b6d6f240c91f0e 226278 perlmagick_6.6.0.4-3+squeeze2_amd64.deb
Files:
d631468b69eacfdf7d6aba560d7bf993 1914 graphics optional imagemagick_6.6.0.4-3+squeeze2.dsc
79f34c9902d38ab886e8882446efb0be 39845 graphics optional imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2
51e5952c660ab180ee97041c1f7f23d3 105678 graphics optional imagemagick_6.6.0.4-3+squeeze2_amd64.deb
f692d337d2cc10e3ac23365fc3900c51 3691536 debug extra imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb
81e33241b1092de87a021d79f3c20b72 4176596 doc optional imagemagick-doc_6.6.0.4-3+squeeze2_all.deb
6b567c00b8b91798e98c8506d1739f03 1764922 libs optional libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb
993eb589e37f6cd4ff51244ff2c02ed2 120952 libs optional libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb
38b411c0015de2f146607333cde49de0 1190578 libdevel optional libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb
178329c95b35148db5b02d566030a712 417792 libs optional libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb
3d9852d3c2d63d7290a8230fe473b9b5 493638 libdevel optional libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb
8315ccb5913fc96561f2cd62fc20a3bb 209606 libs optional libmagick++3_6.6.0.4-3+squeeze2_amd64.deb
c4d30d1a41650124c6b127f9bccc736e 259554 libdevel optional libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb
50579e1d3d0c98f3bbba735920f77801 226278 perl optional perlmagick_6.6.0.4-3+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+ZkU8ACgkQx/UhwSKygsp0IwCguvsvhNBi/IxwDbt+ctuH8UW/
YVsAn1tKSHhh8puLwqDZ/jDX+st9WIdv
=VkXP
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 09 Jun 2012 07:34:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:16:43 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon