Your message dated Sun, 17 Jan 2016 22:04:03 +0000
with message-id <[email protected]>
and subject line Bug#806441: fixed in imagemagick 8:6.8.9.9-7
has caused the Debian Bug report #806441,
regarding Buffer overflow in coders/icon.c and integer truncation in
coders/pict.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
806441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806441
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.6.0.4-3
Tags: security patch
Severity: important
Control: fixed -1 8:6.6.0.4-3+squeeze7
This bug is about two security issues in image parsing code that had been
reported to Ubuntu (and are tracked in the Debian security tracker):
The one in coders/icon.c:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
The one in coders/pict.c:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
The attached patches fix both of those issues in squeeze. I guess they
will be easy to forward-port to other versions.
Both of those issues apply to all versions currently in Debian.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Description: Fix buffer overflow in icon parsing code
This patch backports a small extract of a larger upstream
commit that addresses this specific issue.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Applied-Upstream: 7.0.0
Last-Update: 2015-11-26
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/coders/icon.c
+++ b/coders/icon.c
@@ -275,6 +275,8 @@ static Image *ReadICONImage(const ImageI
Icon image encoded as a compressed PNG image.
*/
length=icon_file.directory[i].size;
+ if (~length < 12)
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
png=(unsigned char *) AcquireQuantumMemory(length+12,sizeof(*png));
if (png == (unsigned char *) NULL)
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
Description: Fix overflow in pict image parsing
Backport a small part of an upstream commit fixing
an issue with pict image parsing.
Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
Applied-Upstream: 7.0.0
Last-Update: 2015-11-27
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/coders/pict.c
+++ b/coders/pict.c
@@ -1589,6 +1589,7 @@ static MagickBooleanType WritePICTImage(
x;
size_t
+ row_bytes,
count;
unsigned char
@@ -1602,7 +1603,6 @@ static MagickBooleanType WritePICTImage(
unsigned short
base_address,
- row_bytes,
transfer_mode;
/*
@@ -1633,7 +1633,7 @@ static MagickBooleanType WritePICTImage(
source_rectangle=size_rectangle;
destination_rectangle=size_rectangle;
base_address=0xff;
- row_bytes=(unsigned short) (image->columns | 0x8000);
+ row_bytes=image->columns;
bounds.top=0;
bounds.left=0;
bounds.bottom=(short) image->rows;
@@ -1663,7 +1663,7 @@ static MagickBooleanType WritePICTImage(
pixmap.bits_per_pixel=32;
pixmap.pack_type=0x04;
transfer_mode=0x40;
- row_bytes=(unsigned short) ((4*image->columns) | 0x8000);
+ row_bytes=4*image->columns;
}
/*
Allocate memory.
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-7
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Fourmond <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 17 Jan 2016 21:18:19 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2
libmagickwand-6.q16-dev libmagick++-6.q16-5v5 libmagick++-6.q16-dev
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev
libmagickwand-dev libmagick++-dev
Architecture: source amd64 all
Version: 8:6.8.9.9-7
Distribution: unstable
Urgency: low
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Vincent Fourmond <[email protected]>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines
-- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header
files
libmagick++-6.q16-5v5 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick -
development files
libmagick++-dev - object-oriented C++ interface to ImageMagick
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth
Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library - extra
codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development
files (Q16)
libmagickcore-dev - low-level image manipulation library -- transition package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library - transition for development
files
perlmagick - Perl interface to ImageMagick -- transition package
Closes: 806441 811308
Changes:
imagemagick (8:6.8.9.9-7) unstable; urgency=low
.
* Fix various minor security issues
- Fix an integer overflow that can lead to a buffer overrun
in the icon parsing code (LP: #1459747, closes: #806441)
- Fix an integer overflow that can lead to a double free in
pict parsing (LP: #1448803, closes: #806441).
- Memory Leak while handle psd file (closes: #811308)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
- IM 6.9.2 crash with some PNG (closes: #811308, LP: #1492881)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
- Null pointer access in magick/constitute.c (closes: #811308)
https://github.com/ImageMagick/ImageMagick/pull/34
- PixelColor off by one on i386 (closes: #811308)
https://github.com/ImageMagick/ImageMagick/issues/54
- Fixed other memory leaks (closes: #811308)
Checksums-Sha1:
1421921721bba1b498329d03625fabcdb6cde282 3856 imagemagick_6.8.9.9-7.dsc
af5564f8a5c8364b1eb24fdcca0f9b818bc13799 203432
imagemagick_6.8.9.9-7.debian.tar.xz
75b2fe2c30256ff132efefb13273e7e272ef7aec 511838
imagemagick-6.q16_6.8.9.9-7_amd64.deb
33c26af0ade76ba94fc7c26bb88fa1a691a83261 148820
imagemagick-common_6.8.9.9-7_all.deb
1ff46b1b8e40ed60131c44569323dd2e8c3ddf32 6348526
imagemagick-dbg_6.8.9.9-7_amd64.deb
cce52e22c7ca65296e833e0e951a383d0be56a59 7033968
imagemagick-doc_6.8.9.9-7_all.deb
97028da3d4aad1420eb6fbe1d87e2801fcf4cdbc 155184 imagemagick_6.8.9.9-7_amd64.deb
a2982f14bfda1d47217feadecc40f80a0fa845d4 173182
libimage-magick-perl_6.8.9.9-7_all.deb
c4848a7194647cf95cc5a08bc3b907e5f85ef900 219626
libimage-magick-q16-perl_6.8.9.9-7_amd64.deb
c9a3cb34cb10cf35cdfbeb94352d399506eb2b1c 166242
libmagick++-6-headers_6.8.9.9-7_all.deb
b39131a5d706eeb93a7106378efd501062b22fe7 249266
libmagick++-6.q16-5v5_6.8.9.9-7_amd64.deb
c652813fb9a1a23d540b2e5143e632ef65d2c3d2 221380
libmagick++-6.q16-dev_6.8.9.9-7_amd64.deb
c9349e71bc588d0fdc617407531f2aeff2ee8c54 121906
libmagick++-dev_6.8.9.9-7_all.deb
7f682a441719268429505489cba008403f5f4447 129360
libmagickcore-6-arch-config_6.8.9.9-7_amd64.deb
92cf6606d0fb61c3e70e5894a9c5fd6f153d4345 167290
libmagickcore-6-headers_6.8.9.9-7_all.deb
9a47000ff01e495dd377f98c24459b0817e1e5a7 168588
libmagickcore-6.q16-2-extra_6.8.9.9-7_amd64.deb
9e162dea3179c0c41fdca376fffffeef43485365 1675834
libmagickcore-6.q16-2_6.8.9.9-7_amd64.deb
cb922bd5e6dfb073a0b429377b49caaf8a730315 1028084
libmagickcore-6.q16-dev_6.8.9.9-7_amd64.deb
fb49e0d45e48da7bef36b357df86f8bf8990ca75 121880
libmagickcore-dev_6.8.9.9-7_all.deb
b363a94fc0488b1488ea5b5ae87865cf6bbacdbb 130592
libmagickwand-6-headers_6.8.9.9-7_all.deb
8e3c6250c8776e36e47b832a4905a2a4c39b018a 397940
libmagickwand-6.q16-2_6.8.9.9-7_amd64.deb
ab3e10d2a620692d9c5e7b8232851b5b2fab3283 388666
libmagickwand-6.q16-dev_6.8.9.9-7_amd64.deb
df28721b9495ca72f0b9d1cdf15a1fb49f1a29cd 121876
libmagickwand-dev_6.8.9.9-7_all.deb
1370e0b02af6d75040b3eeaec362b84be0dcce4a 121906 perlmagick_6.8.9.9-7_all.deb
Checksums-Sha256:
4f6860ec9c4c5195e45f59080084facbe532a2dcfa5acd69feee05e15fa52840 3856
imagemagick_6.8.9.9-7.dsc
8aa6fb9c96117ec92f9d6d61b06dca1360c2d77608fb2ae17dd55de6ffc4a8a8 203432
imagemagick_6.8.9.9-7.debian.tar.xz
2e5399a2b1c1915d680141545dff5c0855a90b74137278f50c1b3b0e88314515 511838
imagemagick-6.q16_6.8.9.9-7_amd64.deb
4a12aaccd367cba7798baa0cc5fcc0f58b134ebe28796c1df859171ad9b961b0 148820
imagemagick-common_6.8.9.9-7_all.deb
e4831cc7c471eab0cd95d299f88587988943053b58555cf6e6991252c9b2a528 6348526
imagemagick-dbg_6.8.9.9-7_amd64.deb
a9416fced5eede95be7906dfa65f1a9626adf317c48959745ae5beb07a833e14 7033968
imagemagick-doc_6.8.9.9-7_all.deb
57c7563f84c1e494548cad7ab4a66928713824925436cfed837614eecbe02e63 155184
imagemagick_6.8.9.9-7_amd64.deb
dfbc85abe232963ce31659020df293cf8264687366d64b9bccebd2c7203e981e 173182
libimage-magick-perl_6.8.9.9-7_all.deb
d8c0c26b5a6e757c55c83e7871451a8009b9d083b9bf55b43a1f2102721b80ad 219626
libimage-magick-q16-perl_6.8.9.9-7_amd64.deb
312ce2c4230b9b07e5418e748e7be92b708033f20b5ebb35cdbc639e65ab8c94 166242
libmagick++-6-headers_6.8.9.9-7_all.deb
f0a44b6d237cf72d73e4aec3cf934b8053dd71ecd7e8c57d5ffbd554cbfa52f5 249266
libmagick++-6.q16-5v5_6.8.9.9-7_amd64.deb
87ef73615e8b60b4e6bc9b4cb96329fe38088242df2e4cf22f952d7d07a8b120 221380
libmagick++-6.q16-dev_6.8.9.9-7_amd64.deb
d37c797980975c777d1c3d50d07beed1618f28928301ce62966eb4bfef7d7fc9 121906
libmagick++-dev_6.8.9.9-7_all.deb
ec543d2a005fc7cb17e6b0601740c00de67c8abbc6e71c64975a2aa5eb7b3191 129360
libmagickcore-6-arch-config_6.8.9.9-7_amd64.deb
dcbae107057ed1e596818d8be2279c72f4fb3e8cf7b80acce2f9844c9b154fda 167290
libmagickcore-6-headers_6.8.9.9-7_all.deb
a125ae49340aa40140c7744dd864e2b871d5497cbcbe0c95ed3d0e3091afe2e9 168588
libmagickcore-6.q16-2-extra_6.8.9.9-7_amd64.deb
295b8b021c65bd75d547e0182c2b69303414051005214685e1449f7338ea0828 1675834
libmagickcore-6.q16-2_6.8.9.9-7_amd64.deb
695d37cc2ec4cb58f1e384014921b838a213269070932856f9caeeb1daea7aa4 1028084
libmagickcore-6.q16-dev_6.8.9.9-7_amd64.deb
4f8d14c72268d036d366e48c8757663713666f1b23da82823c4ba19162a7c673 121880
libmagickcore-dev_6.8.9.9-7_all.deb
93cac5a57d33ef21ea44bf804cb0d739415916795dc786fa26dbb4b70bd1f8ed 130592
libmagickwand-6-headers_6.8.9.9-7_all.deb
7239e40a7beceacaec7763c5caf560f98fcbd1241bb61888abc485497782f2de 397940
libmagickwand-6.q16-2_6.8.9.9-7_amd64.deb
10efbb0e40c7e99cf420977d8515b9ad4d9786f3af9ef1d5cb2640b175801288 388666
libmagickwand-6.q16-dev_6.8.9.9-7_amd64.deb
78404d13be3cc1be7839e09efcd14f438130d93e33c9530879636e5ee7a9ba0c 121876
libmagickwand-dev_6.8.9.9-7_all.deb
47b2ee297f0bf27629177ccd820bb823b12ade9cee7e678d69805517d4dce033 121906
perlmagick_6.8.9.9-7_all.deb
Files:
e199cef710a125a9b27733d6ff173f33 3856 graphics optional
imagemagick_6.8.9.9-7.dsc
60758dd844101d9fd881b7fc5e8cdd54 203432 graphics optional
imagemagick_6.8.9.9-7.debian.tar.xz
6119d1bfeb1343c7981504cadb0babbf 511838 graphics optional
imagemagick-6.q16_6.8.9.9-7_amd64.deb
f2da781b84a96abdf9c889372ba86a3f 148820 graphics optional
imagemagick-common_6.8.9.9-7_all.deb
6b0d84078b74905d3ba66c1e236c4ff8 6348526 debug extra
imagemagick-dbg_6.8.9.9-7_amd64.deb
2118f00d01d20f44887a7fa7b36c2a58 7033968 doc optional
imagemagick-doc_6.8.9.9-7_all.deb
b6ae5e445c81962cb79c99aa717222a4 155184 graphics optional
imagemagick_6.8.9.9-7_amd64.deb
723932b730862c7b45e623afeebf6d3f 173182 perl optional
libimage-magick-perl_6.8.9.9-7_all.deb
5d87a1ac71f5fc6d2a817170fc502f5d 219626 perl optional
libimage-magick-q16-perl_6.8.9.9-7_amd64.deb
84e1e28dd84f08c873d28a489e436853 166242 libdevel optional
libmagick++-6-headers_6.8.9.9-7_all.deb
04f7120383876f3eed70b2a50211f2df 249266 libs optional
libmagick++-6.q16-5v5_6.8.9.9-7_amd64.deb
ef175dcd15b27bf4893cd773ba397dcf 221380 libdevel optional
libmagick++-6.q16-dev_6.8.9.9-7_amd64.deb
501bc4523792c62d2307d79f1724a261 121906 oldlibs extra
libmagick++-dev_6.8.9.9-7_all.deb
cbd48a28ec3f209a6f99760d5cbe14db 129360 libdevel optional
libmagickcore-6-arch-config_6.8.9.9-7_amd64.deb
a9d9dae33d04c27fe74e803c0da3ca5a 167290 libdevel optional
libmagickcore-6-headers_6.8.9.9-7_all.deb
0d85497c522e1a0f73f176d41640328c 168588 libs optional
libmagickcore-6.q16-2-extra_6.8.9.9-7_amd64.deb
b14ea892b993187c45c53cf52a8f10da 1675834 libs optional
libmagickcore-6.q16-2_6.8.9.9-7_amd64.deb
d19dc4c735fe4b8a4ebf35e2e2289d7c 1028084 libdevel optional
libmagickcore-6.q16-dev_6.8.9.9-7_amd64.deb
f74d0bc4ddf479d94f07df943279be7f 121880 oldlibs extra
libmagickcore-dev_6.8.9.9-7_all.deb
0573659969faec8420825a45ae0a79e4 130592 libdevel optional
libmagickwand-6-headers_6.8.9.9-7_all.deb
f9ab3a718c0b9db98ee7a0110343ba89 397940 libs optional
libmagickwand-6.q16-2_6.8.9.9-7_amd64.deb
f94f497aab9a8e3d3c3a988239f6da73 388666 libdevel optional
libmagickwand-6.q16-dev_6.8.9.9-7_amd64.deb
fe69dd460b0bccabffb1db46f652514d 121876 oldlibs extra
libmagickwand-dev_6.8.9.9-7_all.deb
a09d4925e67439fc64c14980f19d1863 121906 oldlibs extra
perlmagick_6.8.9.9-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJWnAMaAAoJEO3GeJm/E8RXmZ0H/1TN/LdbzCC/ADQjKP3xZQnn
FcOnD6PHjneGsGYoPB6tivhsQZm2MYlYRFnqTcCZ9eK3iFT1THPjSokR65euDFiz
pBHkjaxXyhP2Oj+nNjWmWZlBWGigshI/01wkX5h95z2OzGpOdcMI852RNmwrzir5
DscKikqX0kIWtXHmX1BmqGpp2J9cx6uI2gruUvsviACRIey0/tGIBBmRHT6Cp+zK
EhXK1fiz1mJLoRlZd57tSav/crbS4VXPb4kO9Wj6rCl2l/XYctlvFSxsLqoouiaH
z46hfYW9kuvhTRm6hQnfRloyjdGHE3zKe41D6w++90k+kwW4y/Q8fJ7T/4jCmQ4=
=xhP9
-----END PGP SIGNATURE-----
--- End Message ---
