Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon).
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Thu, 22 Mar 2012 11:09:02 UTC
Severity: serious
Tags: security
Fixed in versions imagemagick/8:6.6.9.7-7, imagemagick/8:6.7.4.0-3, imagemagick/8:6.6.0.4-3+squeeze2
Done: Vincent Fourmond <fourmond@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Information forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#665007
; Package imagemagick
.
(Thu, 22 Mar 2012 11:09:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>
:
Extra info received and forwarded to list. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Thu, 22 Mar 2012 11:09:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: imagemagick Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The original fixes for the ImageMagick issues CVE-2012-0247 and CVE-2012-0248 are incomplete. Please see: http://seclists.org/oss-sec/2012/q1/685 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk9q/WUACgkQNxpp46476arBQgCeLZLei0zKKvxadUhYfFUpLw6f EF4An30VihPmJDQmyY8MzuOibIoIT5Yx =mRjI -----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#665007
; Package imagemagick
.
(Wed, 28 Mar 2012 06:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Wed, 28 Mar 2012 06:33:03 GMT) (full text, mbox, link).
Message #10 received at 665007@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Thanks, Patch are under git My usual mentors may apply tomorrow or saturday Bastien Le 22 mars 2012 12:09, "Giuseppe Iuculano" <iuculano@debian.org> a écrit : Package: imagemagick Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The original fixes for the ImageMagick issues CVE-2012-0247 and CVE-2012-0248 are incomplete. Please see: http://seclists.org/oss-sec/2012/q1/685 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk9q/WUACgkQNxpp46476arBQgCeLZLei0zKKvxadUhYfFUpLw6f EF4An30VihPmJDQmyY8MzuOibIoIT5Yx =mRjI -----END PGP SIGNATURE-----
[Message part 2 (text/html, inline)]
Reply sent
to Bastien Roucariès <roucaries.bastien+debian@gmail.com>
:
You have taken responsibility.
(Thu, 29 Mar 2012 21:21:07 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>
:
Bug acknowledged by developer.
(Thu, 29 Mar 2012 21:21:07 GMT) (full text, mbox, link).
Message #15 received at 665007-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.6.9.7-7 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive: imagemagick-common_6.6.9.7-7_all.deb to main/i/imagemagick/imagemagick-common_6.6.9.7-7_all.deb imagemagick-dbg_6.6.9.7-7_amd64.deb to main/i/imagemagick/imagemagick-dbg_6.6.9.7-7_amd64.deb imagemagick-doc_6.6.9.7-7_all.deb to main/i/imagemagick/imagemagick-doc_6.6.9.7-7_all.deb imagemagick_6.6.9.7-7.debian.tar.bz2 to main/i/imagemagick/imagemagick_6.6.9.7-7.debian.tar.bz2 imagemagick_6.6.9.7-7.dsc to main/i/imagemagick/imagemagick_6.6.9.7-7.dsc imagemagick_6.6.9.7-7_amd64.deb to main/i/imagemagick/imagemagick_6.6.9.7-7_amd64.deb libmagick++-dev_6.6.9.7-7_amd64.deb to main/i/imagemagick/libmagick++-dev_6.6.9.7-7_amd64.deb libmagick++4_6.6.9.7-7_amd64.deb to main/i/imagemagick/libmagick++4_6.6.9.7-7_amd64.deb libmagickcore-dev_6.6.9.7-7_amd64.deb to main/i/imagemagick/libmagickcore-dev_6.6.9.7-7_amd64.deb libmagickcore4-extra_6.6.9.7-7_amd64.deb to main/i/imagemagick/libmagickcore4-extra_6.6.9.7-7_amd64.deb libmagickcore4_6.6.9.7-7_amd64.deb to main/i/imagemagick/libmagickcore4_6.6.9.7-7_amd64.deb libmagickwand-dev_6.6.9.7-7_amd64.deb to main/i/imagemagick/libmagickwand-dev_6.6.9.7-7_amd64.deb libmagickwand4_6.6.9.7-7_amd64.deb to main/i/imagemagick/libmagickwand4_6.6.9.7-7_amd64.deb perlmagick_6.6.9.7-7_amd64.deb to main/i/imagemagick/perlmagick_6.6.9.7-7_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665007@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <roucaries.bastien+debian@gmail.com> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 27 Mar 2012 16:47:41 +0200 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore4 libmagickcore4-extra libmagickcore-dev libmagickwand4 libmagickwand-dev libmagick++4 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.6.9.7-7 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <roucaries.bastien+debian@gmail.com> Description: imagemagick - image manipulation programs imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++4 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore4 - low-level image manipulation library libmagickcore4-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand4 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 665007 Changes: imagemagick (8:6.6.9.7-7) unstable; urgency=high . * Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186" (Closes: #665007) * Bumping urgency to high to fix open security issue in testing Checksums-Sha1: eb996dc7a57eb423d132f2e77e058a8e4fd815e4 2418 imagemagick_6.6.9.7-7.dsc 35b1b847d01bfccf5da6e72bb577e2a4377b4b18 44411 imagemagick_6.6.9.7-7.debian.tar.bz2 895094f098c2a5122e244ca6e82bcfe43c160845 124656 imagemagick_6.6.9.7-7_amd64.deb 61fc6a48e331dd7a3a8a15cb66fea27b1623c1f5 4611484 imagemagick-dbg_6.6.9.7-7_amd64.deb f69bbbe6be22f6faf3ea1e2626a954daeadcdab2 112690 imagemagick-common_6.6.9.7-7_all.deb 0934a62c05d8dd047d6b7b8260aa05d297b03abd 5538204 imagemagick-doc_6.6.9.7-7_all.deb d0f85cc30c9328a6e6ba4899d203d1a12f6ef3c4 1950676 libmagickcore4_6.6.9.7-7_amd64.deb bb1b3df981ebda14cc61b052a4cfb99fb76adb19 125032 libmagickcore4-extra_6.6.9.7-7_amd64.deb fb35a0e83ead3cddb4ea82fd43b1af8cc377ce69 1295038 libmagickcore-dev_6.6.9.7-7_amd64.deb 043b123189cd248367867e1d1cb66c8f48c716eb 442530 libmagickwand4_6.6.9.7-7_amd64.deb 2f06e901c56629ee6a915ec7ed3b79744dc9a979 524140 libmagickwand-dev_6.6.9.7-7_amd64.deb 0d973a20c9e2fe4e4310616852d7c28e95bee81a 217874 libmagick++4_6.6.9.7-7_amd64.deb 7c66c3419c1b8f99b18e8d397e98d2e95a54c808 268926 libmagick++-dev_6.6.9.7-7_amd64.deb 0ed5debd278b47255e2d7d418b3bc8358c4ca969 240176 perlmagick_6.6.9.7-7_amd64.deb Checksums-Sha256: 1cb3de433874f324dba0ef5514c046db800a5795dea0d8075803c144b014127f 2418 imagemagick_6.6.9.7-7.dsc 7735b914881d5369b3c347920db688f1d32f470ac0a7f0084d8e7a5916e6e050 44411 imagemagick_6.6.9.7-7.debian.tar.bz2 9dbe49528153cc27e608102f576e0a889f957dbc186eefb03262abecd9c0816b 124656 imagemagick_6.6.9.7-7_amd64.deb 1090b248b8ed4e3b339ffca59380246351335ec89eead17ca4bc1290b71c86a3 4611484 imagemagick-dbg_6.6.9.7-7_amd64.deb 9619986bda0e6ba3b916acaf2215956376440615bf21f4d673d80c0f5fd6be23 112690 imagemagick-common_6.6.9.7-7_all.deb 8cf5fd2ef7f44a0db539678960fe2d4652941cc9483b90301bae8f2b24de9667 5538204 imagemagick-doc_6.6.9.7-7_all.deb 080ae70f47b1b9a374b7c68b70c9ed4c9748cb4ade9bb821b000b963d4930498 1950676 libmagickcore4_6.6.9.7-7_amd64.deb 5939e52dc9b5e714d4d091889c3b6558b72d2862868abff0305cf7f1827d2fb1 125032 libmagickcore4-extra_6.6.9.7-7_amd64.deb 6cd0851ab7663da199560c828042ec0847eecd6799a02431f42fec8923c993ad 1295038 libmagickcore-dev_6.6.9.7-7_amd64.deb ac05daf3f7a297acfb830d49e6057445ff36e0705bb6d3252bebd056b34ad736 442530 libmagickwand4_6.6.9.7-7_amd64.deb e9c01a9bf0e3a9a6c853eb380c707d3adf4e9a3fa02fc4539490b99c62f85310 524140 libmagickwand-dev_6.6.9.7-7_amd64.deb e97ca2c772432a9e14376ee4ef3734a230bc1b02368e23ca06170defcc80299a 217874 libmagick++4_6.6.9.7-7_amd64.deb 90895f39a0203a339744e820a295429cef86f6627b02b7e2499a3070ae0babee 268926 libmagick++-dev_6.6.9.7-7_amd64.deb 0abf9fdf9ce8033fbcfb312f94ff050aff9d692769e4e28b8db6e82b4407a701 240176 perlmagick_6.6.9.7-7_amd64.deb Files: 4a7803d456a48af8e28c7ae63df21710 2418 graphics optional imagemagick_6.6.9.7-7.dsc 25f7edaecfa88772ff6a3fee57248d05 44411 graphics optional imagemagick_6.6.9.7-7.debian.tar.bz2 78a0033fa259fc021476ce99e6011a5d 124656 graphics optional imagemagick_6.6.9.7-7_amd64.deb 74af50ad60b7ee85a2644194070dc1be 4611484 debug extra imagemagick-dbg_6.6.9.7-7_amd64.deb c5a1c81d06dfa1fcc07760c7e4122edd 112690 graphics optional imagemagick-common_6.6.9.7-7_all.deb 610c3a9871f2b25088b61046025fbf4b 5538204 doc optional imagemagick-doc_6.6.9.7-7_all.deb 6206f55c3bd2dee2adef4c5fb73aa1bd 1950676 libs optional libmagickcore4_6.6.9.7-7_amd64.deb 0b489ddc474ea4e2ab4a7aedc7dd7eee 125032 libs optional libmagickcore4-extra_6.6.9.7-7_amd64.deb 8ae48236f763bb129f949c69c943b0ba 1295038 libdevel optional libmagickcore-dev_6.6.9.7-7_amd64.deb a87d6df3120a854f0b60a25ce893db23 442530 libs optional libmagickwand4_6.6.9.7-7_amd64.deb 897426fc85be571314dbdaf0390a7e90 524140 libdevel optional libmagickwand-dev_6.6.9.7-7_amd64.deb ceb774a9a0cfb5f063d573fbeeca9d4f 217874 libs optional libmagick++4_6.6.9.7-7_amd64.deb cca048af558c68494dc96a04f0477884 268926 libdevel optional libmagick++-dev_6.6.9.7-7_amd64.deb e8618445171afbf0ce1936b53554fd26 240176 perl optional perlmagick_6.6.9.7-7_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk90u+8ACgkQx/UhwSKygspR/QCgvbUVmJ1OYcIQ0oDQbiCvuRyp 43sAn1JpN8nPdYzuuJnKO2ZpjaRrqV/m =/L4i -----END PGP SIGNATURE-----
Reply sent
to Vincent Fourmond <fourmond@debian.org>
:
You have taken responsibility.
(Sun, 01 Apr 2012 19:39:13 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>
:
Bug acknowledged by developer.
(Sun, 01 Apr 2012 19:39:13 GMT) (full text, mbox, link).
Message #20 received at 665007-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.7.4.0-3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive: imagemagick-common_6.7.4.0-3_all.deb to main/i/imagemagick/imagemagick-common_6.7.4.0-3_all.deb imagemagick-dbg_6.7.4.0-3_amd64.deb to main/i/imagemagick/imagemagick-dbg_6.7.4.0-3_amd64.deb imagemagick-doc_6.7.4.0-3_all.deb to main/i/imagemagick/imagemagick-doc_6.7.4.0-3_all.deb imagemagick_6.7.4.0-3.debian.tar.bz2 to main/i/imagemagick/imagemagick_6.7.4.0-3.debian.tar.bz2 imagemagick_6.7.4.0-3.dsc to main/i/imagemagick/imagemagick_6.7.4.0-3.dsc imagemagick_6.7.4.0-3_amd64.deb to main/i/imagemagick/imagemagick_6.7.4.0-3_amd64.deb libmagick++-dev_6.7.4.0-3_amd64.deb to main/i/imagemagick/libmagick++-dev_6.7.4.0-3_amd64.deb libmagick++5_6.7.4.0-3_amd64.deb to main/i/imagemagick/libmagick++5_6.7.4.0-3_amd64.deb libmagickcore-dev_6.7.4.0-3_amd64.deb to main/i/imagemagick/libmagickcore-dev_6.7.4.0-3_amd64.deb libmagickcore5-extra_6.7.4.0-3_amd64.deb to main/i/imagemagick/libmagickcore5-extra_6.7.4.0-3_amd64.deb libmagickcore5_6.7.4.0-3_amd64.deb to main/i/imagemagick/libmagickcore5_6.7.4.0-3_amd64.deb libmagickwand-dev_6.7.4.0-3_amd64.deb to main/i/imagemagick/libmagickwand-dev_6.7.4.0-3_amd64.deb libmagickwand5_6.7.4.0-3_amd64.deb to main/i/imagemagick/libmagickwand5_6.7.4.0-3_amd64.deb perlmagick_6.7.4.0-3_amd64.deb to main/i/imagemagick/perlmagick_6.7.4.0-3_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665007@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Fourmond <fourmond@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 01 Apr 2012 20:51:53 +0200 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.7.4.0-3 Distribution: unstable Urgency: low Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Vincent Fourmond <fourmond@debian.org> Description: imagemagick - image manipulation programs imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++5 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore5 - low-level image manipulation library libmagickcore5-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand5 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 665007 Changes: imagemagick (8:6.7.4.0-3) unstable; urgency=low . [ Bastien Roucariès ] * Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186" (Closes: #665007) . [ Vincent Fourmond ] * Uploading to unstable, opening the way for the transition (see bug #652650) * Hurray, it seems the package conforms to standards 3.9.3 ! Checksums-Sha1: ef8470e8295770cf83d5dce03b9f0cd10e24546e 2434 imagemagick_6.7.4.0-3.dsc 5e03443e614a4e53d5eaefe46950672ff8b9341d 41987 imagemagick_6.7.4.0-3.debian.tar.bz2 5901ef4c98462bdb7d81a8c33f386572766c407c 129726 imagemagick_6.7.4.0-3_amd64.deb 57c109f851f66bad45b4942913f7154e0bcedd41 4770668 imagemagick-dbg_6.7.4.0-3_amd64.deb 2ce85bc85a246672583b2988b357f14078eb5ab0 175284 imagemagick-common_6.7.4.0-3_all.deb 2a52517dc52f4dc24773202b230d5d48e5889772 5576612 imagemagick-doc_6.7.4.0-3_all.deb 36e00a8044be5c3f36549ef4d38c7a8c45c2b237 2040336 libmagickcore5_6.7.4.0-3_amd64.deb ca91456d9bfbff5ce17e3e24d2af9d56e0a05b7d 131242 libmagickcore5-extra_6.7.4.0-3_amd64.deb a16ce789246db39bd8f4b6e450e76bd0d06abeae 1361336 libmagickcore-dev_6.7.4.0-3_amd64.deb 7753effb931feeee6985a5419ab6405e1c35f73d 447516 libmagickwand5_6.7.4.0-3_amd64.deb f6882e134f25aa06ef1141bfea223343e11be1c9 528368 libmagickwand-dev_6.7.4.0-3_amd64.deb f465b7886b957d5ff2806a63c265b6c1ed097943 224064 libmagick++5_6.7.4.0-3_amd64.deb a8a68ce3055e728fc43768b35b638fc952de6a74 274264 libmagick++-dev_6.7.4.0-3_amd64.deb dab1421c66b3ad9a1cf4b9738c90981138ab6189 240972 perlmagick_6.7.4.0-3_amd64.deb Checksums-Sha256: 8563c4042c2d09ea76e5c1dbdeb6844b7b2de367491e91bb44017d2e0210d3e5 2434 imagemagick_6.7.4.0-3.dsc 9d53d1b0be4b0082639b9e94a9c4444b45578f698ecd688cf8d1b64ddc0fda88 41987 imagemagick_6.7.4.0-3.debian.tar.bz2 9328da1d1dd14a7370541d829a092fd359f192321b9f4d6b059767d327a50760 129726 imagemagick_6.7.4.0-3_amd64.deb 69f88131d295eca4baaaacade0d2ee6f079a0a518b8f00310698f6f957f5c47e 4770668 imagemagick-dbg_6.7.4.0-3_amd64.deb cedb71bf2306e024b85d567ff9adbec9bee8e30610892b9b02c5b58968a00d16 175284 imagemagick-common_6.7.4.0-3_all.deb 2ab498de1203f301856bfcfb0cb4799a3e066e7974e247e3e4de8019e9d47b8f 5576612 imagemagick-doc_6.7.4.0-3_all.deb 28d0985d4f386f350badbeaf0e89f327a8738ef32fce73ce738af2ab1dd68bdf 2040336 libmagickcore5_6.7.4.0-3_amd64.deb ef5c3df8649fb8a3175d377be3a3f44f3e595613503b7de2ceef5315976acdb0 131242 libmagickcore5-extra_6.7.4.0-3_amd64.deb db4cf539868458b0c7230a623dc7e7c1ce56fa2b1ec2bff23d939d02ef8a159e 1361336 libmagickcore-dev_6.7.4.0-3_amd64.deb b6d8efa87c8842150780d79bd2e17914f46f959a308dcc27ca2ea5238e471135 447516 libmagickwand5_6.7.4.0-3_amd64.deb 4839a8de25012839f555584fa6011ce82fef61eaa7a73c0bbc4707c84834dfd1 528368 libmagickwand-dev_6.7.4.0-3_amd64.deb 7c45bea257bd592479d106e3120cf65e3c31c18ecf1641aca7eaf21c6638d1d0 224064 libmagick++5_6.7.4.0-3_amd64.deb 8e22dd0c00e41abe3a55a97726e31707c1a7ffb116f0622395e3d34ef42c2882 274264 libmagick++-dev_6.7.4.0-3_amd64.deb f3c4994bd62539b579a3a247a7a5e669ec31504e168a70276a28fccf79ed0321 240972 perlmagick_6.7.4.0-3_amd64.deb Files: 5bbb6adcea778ea8c85eeb710c50bdd7 2434 graphics optional imagemagick_6.7.4.0-3.dsc c79afd69f9739bc9273d83bbf7181933 41987 graphics optional imagemagick_6.7.4.0-3.debian.tar.bz2 eba33fae6afaac2e8fe00ecd5bf6d9cc 129726 graphics optional imagemagick_6.7.4.0-3_amd64.deb 39b3d48650b41780d3f2b5c4c70e1c6a 4770668 debug extra imagemagick-dbg_6.7.4.0-3_amd64.deb 5e2dee3e1712252b4af7a6760d183875 175284 graphics optional imagemagick-common_6.7.4.0-3_all.deb 80f5765405ceb76f2fd0090e33fe42dc 5576612 doc optional imagemagick-doc_6.7.4.0-3_all.deb 26e5a694de106b8d7557e9ea4e4d833c 2040336 libs optional libmagickcore5_6.7.4.0-3_amd64.deb 299e866b44576d4623a78e5adff10eda 131242 libs optional libmagickcore5-extra_6.7.4.0-3_amd64.deb 0be59d20a56a9e0e441c80fe442d217a 1361336 libdevel optional libmagickcore-dev_6.7.4.0-3_amd64.deb fba960e87daae17cabd9d617e267bd96 447516 libs optional libmagickwand5_6.7.4.0-3_amd64.deb 453e9e7759398fb78362d477b43f14fc 528368 libdevel optional libmagickwand-dev_6.7.4.0-3_amd64.deb 3d8ac086f6f7c0147d32eeb67176a817 224064 libs optional libmagick++5_6.7.4.0-3_amd64.deb cf33bce2e8d0ed91d128758632477630 274264 libdevel optional libmagick++-dev_6.7.4.0-3_amd64.deb 3fa5e0b14549f91000bcf6e3529fc1cd 240972 perl optional perlmagick_6.7.4.0-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk94qQcACgkQx/UhwSKygsoXKQCfYte/C8O0/X4iTvdB4ZbEDMA/ p18AniDyt2Q42rqYpzBcYaxKwdBIZjnF =pcG3 -----END PGP SIGNATURE-----
Reply sent
to Vincent Fourmond <fourmond@debian.org>
:
You have taken responsibility.
(Wed, 02 May 2012 22:33:14 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>
:
Bug acknowledged by developer.
(Wed, 02 May 2012 22:33:14 GMT) (full text, mbox, link).
Message #25 received at 665007-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick Source-Version: 8:6.6.0.4-3+squeeze2 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive: imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb imagemagick-doc_6.6.0.4-3+squeeze2_all.deb to main/i/imagemagick/imagemagick-doc_6.6.0.4-3+squeeze2_all.deb imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2 to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2 imagemagick_6.6.0.4-3+squeeze2.dsc to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2.dsc imagemagick_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/imagemagick_6.6.0.4-3+squeeze2_amd64.deb libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb libmagick++3_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/libmagick++3_6.6.0.4-3+squeeze2_amd64.deb libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb perlmagick_6.6.0.4-3+squeeze2_amd64.deb to main/i/imagemagick/perlmagick_6.6.0.4-3+squeeze2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665007@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Fourmond <fourmond@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 18 Apr 2012 23:05:08 +0200 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-doc libmagickcore3 libmagickcore3-extra libmagickcore-dev libmagickwand3 libmagickwand-dev libmagick++3 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.6.0.4-3+squeeze2 Distribution: stable-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Vincent Fourmond <fourmond@debian.org> Description: imagemagick - image manipulation programs imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++3 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore3 - low-level image manipulation library libmagickcore3-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand3 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 665007 667635 Changes: imagemagick (8:6.6.0.4-3+squeeze2) stable-security; urgency=high . * Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186 (incomplete fix)" (Closes: #665007) * Fix CVE-2012-0259 / CVE-2012-0260 / CVE-2012-1798 / CVE-2012-1610 (Closes: #667635) - Vulnerability CVE-2012-0259 can cause a DoS in a system via handing JPEG files with invalid EXIF XResolution tag. - Vulnerability CVE-2012-0260 can lead to excessive use of memory in target system, when processing a malicious JPEG file. Excessive use of memory can lead to denial of service. - Vulnerability CVE-2012-1798 can cause program to crash when reading invalid memory, while parsing EXIF IFD in a TIFF file. - Vulnerability CVE-2012-1610 Fix a Potential EXIF Integer Overflow Checksums-Sha1: e2cb845e70cd066986c6cf0cadebf17e8bfad30e 1914 imagemagick_6.6.0.4-3+squeeze2.dsc 9be53f846b0c17721d6425977c407b353ee870c6 39845 imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2 561288cbf24eccb9387c43c3eb4c592142b02ea2 105678 imagemagick_6.6.0.4-3+squeeze2_amd64.deb 936d6d3eab461b5a8631d5ef8353e11be516bbcc 3691536 imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb 3115ea171278ab5170eec2a52cb75ac2fcf1ccb7 4176596 imagemagick-doc_6.6.0.4-3+squeeze2_all.deb 3e91dd0748ef1ef31926e2aa80356e5bba774e57 1764922 libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb 57f7e32677994a75399136623ebe5020b7c7f01e 120952 libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb e035b6890f149efb5cc4c988b9f6a842388d3702 1190578 libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb 8c0ad856f61a9ff83dcfdc940758d04b22e5d86b 417792 libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb b76abd4437d0bd4c3a2d63532087eefbf47637d1 493638 libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb 728568de5de726211758c4adfb274a2daa3c848b 209606 libmagick++3_6.6.0.4-3+squeeze2_amd64.deb 0afd88e7604a2eb16c0be75bf6234688010e2166 259554 libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb 2cbd39fbd98f5c25a5b1d1bd0b1d7f45f2d37d34 226278 perlmagick_6.6.0.4-3+squeeze2_amd64.deb Checksums-Sha256: caa7b926865880c7f802d36f7b0b799ea61e127764c41361cc536f77f702c6e9 1914 imagemagick_6.6.0.4-3+squeeze2.dsc 236a6d5bd5cc20819cea6cd48a05c593035b49b5e0d2b1ed4f4427e9bd7103d5 39845 imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2 39ef2a452324d986002f3473a61afe1ce792c993e2db1489488d07fe646c568a 105678 imagemagick_6.6.0.4-3+squeeze2_amd64.deb d499387cd3c4d4f2e7cf09b3833954a4b3c8a029224365bbd00f90247c053cbb 3691536 imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb ff2acc3f4a7512f5ea9e214cfc3b1433bc03365b1699ee6ac230f2a6b5a9bcf6 4176596 imagemagick-doc_6.6.0.4-3+squeeze2_all.deb dc6d7f29fffed83a2408c1de4eb429a16038d8092778931feb53880702d1f3ea 1764922 libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb c7d175c6a66395b2e26066d5853d028e6b5971048633f977dc45fc8715425554 120952 libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb 2948d6d98bda4a513a218c72869647f2303eaac4fba1647bffeb90b8a079b403 1190578 libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb a664cd1b3e78e4eccde7cc8a61c91739747793c3773e61a35df25dcdfbd19f06 417792 libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb 177777438c53bbf1e935697dc18373428e71a84d6605ffa0410ee2864d2af790 493638 libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb 324f140e45eaacc5cc66e9f6faca16bb99344abc7c79d956ae91d7d2936b9766 209606 libmagick++3_6.6.0.4-3+squeeze2_amd64.deb 22bce2ee29ab77a5f91f7f947ac0acdbf2c9515cd073f19e5ef57e75d4f94299 259554 libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb 1146a1246b6c273b669563feb3a8068ab75f6a4b399ab8cfe7b6d6f240c91f0e 226278 perlmagick_6.6.0.4-3+squeeze2_amd64.deb Files: d631468b69eacfdf7d6aba560d7bf993 1914 graphics optional imagemagick_6.6.0.4-3+squeeze2.dsc 79f34c9902d38ab886e8882446efb0be 39845 graphics optional imagemagick_6.6.0.4-3+squeeze2.debian.tar.bz2 51e5952c660ab180ee97041c1f7f23d3 105678 graphics optional imagemagick_6.6.0.4-3+squeeze2_amd64.deb f692d337d2cc10e3ac23365fc3900c51 3691536 debug extra imagemagick-dbg_6.6.0.4-3+squeeze2_amd64.deb 81e33241b1092de87a021d79f3c20b72 4176596 doc optional imagemagick-doc_6.6.0.4-3+squeeze2_all.deb 6b567c00b8b91798e98c8506d1739f03 1764922 libs optional libmagickcore3_6.6.0.4-3+squeeze2_amd64.deb 993eb589e37f6cd4ff51244ff2c02ed2 120952 libs optional libmagickcore3-extra_6.6.0.4-3+squeeze2_amd64.deb 38b411c0015de2f146607333cde49de0 1190578 libdevel optional libmagickcore-dev_6.6.0.4-3+squeeze2_amd64.deb 178329c95b35148db5b02d566030a712 417792 libs optional libmagickwand3_6.6.0.4-3+squeeze2_amd64.deb 3d9852d3c2d63d7290a8230fe473b9b5 493638 libdevel optional libmagickwand-dev_6.6.0.4-3+squeeze2_amd64.deb 8315ccb5913fc96561f2cd62fc20a3bb 209606 libs optional libmagick++3_6.6.0.4-3+squeeze2_amd64.deb c4d30d1a41650124c6b127f9bccc736e 259554 libdevel optional libmagick++-dev_6.6.0.4-3+squeeze2_amd64.deb 50579e1d3d0c98f3bbba735920f77801 226278 perl optional perlmagick_6.6.0.4-3+squeeze2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk+ZkU8ACgkQx/UhwSKygsp0IwCguvsvhNBi/IxwDbt+ctuH8UW/ YVsAn1tKSHhh8puLwqDZ/jDX+st9WIdv =VkXP -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 09 Jun 2012 07:34:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.