Your message dated Sun, 28 Aug 2016 12:47:22 +0000
with message-id <e1bdzug-0000ey...@franck.debian.org>
and subject line Bug#832461: fixed in imagemagick 8:6.8.9.9-5+deb8u4
has caused the Debian Bug report #832461,
regarding Fixed check for the number of pixels that will be allocated.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
832461: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832461
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
Split of 823750
Fix rle file handling for corrupted file.
Origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
Bug-ubuntu:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445
Bug: https://github.com/ImageMagick/ImageMagick/issues/82
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u4
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 832...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated
imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 16 Aug 2016 14:13:24 +0200
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u4
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines
-- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header
files
libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick -
development files
libmagick++-dev - object-oriented C++ interface to ImageMagick
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth
Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library - extra
codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development
files (Q16)
libmagickcore-dev - low-level image manipulation library -- transition package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library - transition for development
files
perlmagick - Perl interface to ImageMagick -- transition package
Closes: 823750 827643 831034 832455 832457 832461 832464 832465 832467 832469
832474 832475 832478 832480 832482 832483 832504 832506 832633 832776 832780
832785 832787 832789 832791 832793 832885 832887 832888 832890 832942 832944
832968 833003 833042 833043 833044 833099 833101 833730 833732 833735 833743
833744 833812 834163 834183 834501 834504
Changes:
imagemagick (8:6.8.9.9-5+deb8u4) jessie-security; urgency=medium
.
* Fix a few security problems (Closes: #823750):
- Fix a off-by-one error leading to segfault (Closes: #832455).
- Fix an out-of-bounds read in coders/psd.c (Closes: #832457,
LP: #1533442).
- Fix rle file handling for corrupted file (Closes: #832461,
LP: #1533445)
- Fix a buffer overflow in sun file handling (Closes: #832464).
- Fix a potential DOS in sun file handling due to
malformed files (Closes: #832465).
- Fix multiple out of bound problem in rle, pict, viff and
sun files (Closes: #832467, LP: #1533452, LP: #1533449,
LP: #1533447, LP: #1533445).
- Fix a heap overflow in hdr file handling (Closes: #832469,
LP: #1537213).
- Fix a heap buffer overflow in psd file handling
(Closes: #832474, LP: #1537418).
- Fix an out of bound access for malformed psd file
(Closes: #832475, LP: #1537419).
- Fix a meta file out of bound access (Closes: #832478,
LP: #1537420)
- Fix heap buffer overflow in psd file coder
(Closes: #832480, LP: #1537424)
- Fix an out of bound access in wpg file coder (Closes: #832482,
LP: #1539050, LP: #1542115).
- Fix out of bound access for viff file coder (Closes: #832483,
LP: #1537425)
- Fix an out of bound access in xcf file coder (Closes: #832504,
LP: #1539051, LP: #1539052).
- Fix out of bound in quantum handling (Closes: #832506,
LP: #1539067, LP: #1539053).
- Fix a pbd file out of bound access (Closes: #832633,
LP: #1539061, LP: #1542112).
- Fix handling of corrupted psd file (Closes: #832776,
LP: #1539066).
- Fix a wpg file out of bound for corrupted file
(Closes: #832780, LP: #1542114).
- Fix an out of bound access in generic decoder (Closes: #832785,
LP: #1542785).
- Fix an out of bound access for corrupted psd file
(Closes: #832787, LP: #1545180).
- Fix a SEGV reported in corrupted profile handling
(Closes: #832789, LP: #1545367).
- Fix an out of bound access for corrupted pdb file
(Closes: #832791, LP: #1553366).
- Fix a SIGABRT for corrupted pdb file
(Closes: #832793, LP: #1556273).
* Prevent buffer overflow in magick/draw.c. Fix
CVE-2016-4562, CVE-2016-4563, CVE-2016-4564.
(Closes: #832885, #832887, #832888).
* Fix DOS due to corrupted DDS files
(Closes: #832942, #832944).
* Fix out of bounds memory read for DDS files. This fix
CVE-2016-5687. (Closes: #832890).
* Prevent possible buffer overflow when reading TIFF images.
This fix CVE-2016-5010. (Closes: #832968).
* Fix out of bound access for corrupted WPG file. This fix
CVE-2016-5688. (Closes: #833003).
* Add additional checks to DCM reader to prevent data-driven faults.
This fix CVE-2016-5689, CVE-2016-5690, CVE-2016-5691.
(Closes: #833044, #833043, #833042).
* Improve checking of EXIF profile to prevent integer overflow.
This fix CVE-2016-5841 and CVE-2016-5842.
(Closes: #831034).
* Prevent buffer overflow in properties reading.
This fix CVE-2016-6491. (Closes: #833099).
* Fix potential DOS by not releasing memory.
(Closes: #833101).
* Fix abort when writing to rgf format.
(Closes: #827643, LP: #1594060).
* Prevent possible stack overflow. (Closes: #833812)
* Prevent heap overflow in RLE file handling.
(Closes: #833744)
* Prevent Segfault in ReadRLEImage for corrupted file.
(Closes: #833743).
* Fix loading arbitrary module from user side.
(Closes: #833735).
* Fix small memory leak in XML file traversal.
(Closes: #833732).
* Prevent buffer overflow in draw.c
(Closes: #833730).
* Avoid a double free.
(Closes: #834183).
* Avoid an out of bound access for malformed exif data.
(Closes: #834501).
* Avoid a DOS due to improper locking in magick++ lib.
(Closes: #834163).
* Avoid a buffer overflow in bmp file reader.
(Closes: #834504).
Checksums-Sha1:
0a6999c81aec5a24db1be04266f2a535adc7ea12 4228 imagemagick_6.8.9.9-5+deb8u4.dsc
19044e7f30936c2e9498ba047f41fedd117a5e03 246016
imagemagick_6.8.9.9-5+deb8u4.debian.tar.xz
1e4a0883073926ceca0e07c8123bd918eabb7bfe 150826
imagemagick-common_6.8.9.9-5+deb8u4_all.deb
8074fd2b3e4056fc44fa4b0b3363747d54a2d26c 7710016
imagemagick-doc_6.8.9.9-5+deb8u4_all.deb
4cfd7fbfd36e1499da905e6eb833da8b5b9d8dbe 169142
libmagickcore-6-headers_6.8.9.9-5+deb8u4_all.deb
3f5de5d613f9a5fe30fddcb9c594d2c60d9210a6 132130
libmagickwand-6-headers_6.8.9.9-5+deb8u4_all.deb
48ded86c337a8622d6838074ea13f0088e4283dd 168076
libmagick++-6-headers_6.8.9.9-5+deb8u4_all.deb
82eaef39fe894cf7ca829f3080c445d7e59d4285 156996
imagemagick_6.8.9.9-5+deb8u4_amd64.deb
95687d52a84f9f7db6a3ba900c2e58241706781d 174764
libimage-magick-perl_6.8.9.9-5+deb8u4_all.deb
dc343c70209bad013fc0694f85598011d384620e 130948
libmagickcore-6-arch-config_6.8.9.9-5+deb8u4_amd64.deb
3dd1fa7f997cbeac5a3a39cd03f0208bcb111656 509726
imagemagick-6.q16_6.8.9.9-5+deb8u4_amd64.deb
89be0955a20e6cb65905a198684caba3b91225ae 1684302
libmagickcore-6.q16-2_6.8.9.9-5+deb8u4_amd64.deb
c01603cdce83175970239726a3472ce70771770a 171388
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u4_amd64.deb
c2747e3c466c97a5e86300c747a0de50e243e389 1028636
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
05b810ee74ad35d23edc4326f530f3a1bdad37a5 405388
libmagickwand-6.q16-2_6.8.9.9-5+deb8u4_amd64.deb
6e0b7d054c8e260df873e16ecc5e3f2b42de7621 393816
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
d7f4d1dc77b0d67dd934f8fc0c02c6517872b1a2 255008
libmagick++-6.q16-5_6.8.9.9-5+deb8u4_amd64.deb
3f16933511ec47ac7ca5d64120d5cf6bc7d95a32 223078
libmagick++-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
b7cbf4c25b562a1655e22be4e8da49aa09dc08e4 5008408
imagemagick-dbg_6.8.9.9-5+deb8u4_amd64.deb
b547bad1d440abba0b8fa9fb7c9eb75926a7d71d 221958
libimage-magick-q16-perl_6.8.9.9-5+deb8u4_amd64.deb
db7f2c8d567cf39733823192b6ecba68fae5563e 123352
perlmagick_6.8.9.9-5+deb8u4_all.deb
8bb1184589fbee5e5dad7c1d01af3dfac3a57590 123336
libmagickcore-dev_6.8.9.9-5+deb8u4_all.deb
51d206dfb8e173ab8a2ff6d476f14e45a9342b17 123322
libmagickwand-dev_6.8.9.9-5+deb8u4_all.deb
4bf3d5d518d9a410c01392757f70673d75f3fd1b 123362
libmagick++-dev_6.8.9.9-5+deb8u4_all.deb
Checksums-Sha256:
e74a8760b0ebbf547ab220ecc41bf93958ae2025c3d48ee5c99c735c61a7dec9 4228
imagemagick_6.8.9.9-5+deb8u4.dsc
b7f35645ce3814966fc6b9d820068df06f6895edc0f53635600a169f9dde5f62 246016
imagemagick_6.8.9.9-5+deb8u4.debian.tar.xz
3716e15045e41dcafbd7fe8b021776c497f0824fb2219630cf8e264d972b446e 150826
imagemagick-common_6.8.9.9-5+deb8u4_all.deb
6cec4797060ffffb0b1e6551fbfa0b2efe169b6fce03d8d8552b39ceaf03be81 7710016
imagemagick-doc_6.8.9.9-5+deb8u4_all.deb
0b8b4069aa79096aca84985b09b438872c010a7c28f2118f54467d6d8b63fe48 169142
libmagickcore-6-headers_6.8.9.9-5+deb8u4_all.deb
895f0f59e44abff4ab5b5b1b108e8347d4b1bffeeff4338443d3fb54e397bd41 132130
libmagickwand-6-headers_6.8.9.9-5+deb8u4_all.deb
d00809fbfa21a1d8f7152c989078abc498b66ccb9860708f40920b72e7e3f2de 168076
libmagick++-6-headers_6.8.9.9-5+deb8u4_all.deb
54ca108d2b61a50dfeaaef1ff3315e52bdd47bb1da1f731c02f2c4b7baf19992 156996
imagemagick_6.8.9.9-5+deb8u4_amd64.deb
f206a740e53920cd80bb6f9b1032fb56e35476435dba73ea03ab4fb9707c0567 174764
libimage-magick-perl_6.8.9.9-5+deb8u4_all.deb
f137e0a5cc2d703eda7a0a4f9210dc628dc18d812e922ff419f7a2e3793f0cb3 130948
libmagickcore-6-arch-config_6.8.9.9-5+deb8u4_amd64.deb
b5d70dbac90b6e240b724003bf84156e4bc34df47d18b42dd6087322b685b3b4 509726
imagemagick-6.q16_6.8.9.9-5+deb8u4_amd64.deb
4c399e83e8169cb369148e053ef32db2f10f5d0793aa86aae8dca4b2631f82ec 1684302
libmagickcore-6.q16-2_6.8.9.9-5+deb8u4_amd64.deb
3a0a97b89cfeb265d9a41d00be8429938400138ce0b29cec6459e2268348a957 171388
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u4_amd64.deb
8aaa3543e5c57386b9f91000be759f55580a30caa4ebc0213eea6203a8805b98 1028636
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
9dc6f34ff9717e32ad0b19af64639b8fbed5195adee6dc5df263cd8f55e24d32 405388
libmagickwand-6.q16-2_6.8.9.9-5+deb8u4_amd64.deb
447a31e5f0b8dd4daccd412faed283f652d867e7d9836534a14ced44f7b6e87d 393816
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
d21a034d3fcf4b13c0c407c2c5d723af7930ef9b181fdca712fbbd2d29d4809f 255008
libmagick++-6.q16-5_6.8.9.9-5+deb8u4_amd64.deb
d9784ee6117a14240defdf7dae8ee665bebda9b13ff72b8128ee142f1b8e92c5 223078
libmagick++-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
2b903a4a043301829164fdc755bea92b701b49c9a5ecedcf349f4188f66c5d1e 5008408
imagemagick-dbg_6.8.9.9-5+deb8u4_amd64.deb
88926109d0ce3d3aec2c7372431723726ade61caa64af413dc7bdb25c2fdde25 221958
libimage-magick-q16-perl_6.8.9.9-5+deb8u4_amd64.deb
e89326a781add8504326502631559273d31665da6bff6bcdfabf6a84cf62d6d7 123352
perlmagick_6.8.9.9-5+deb8u4_all.deb
f4c7b4e432c4364516a768111ff4a4ed39ff7fbaebacf0318acb2069d3669d81 123336
libmagickcore-dev_6.8.9.9-5+deb8u4_all.deb
fa1c693241caf01f54a8d72a22a7a5f82588b0b20d7c0e731939900d94c5acc7 123322
libmagickwand-dev_6.8.9.9-5+deb8u4_all.deb
6cf33b8e8fdb2ffe02e4e12d690387bf8c76f70e1f1f106ecb7a74536ad65dc7 123362
libmagick++-dev_6.8.9.9-5+deb8u4_all.deb
Files:
0fb04a43ab9bcf439662b542d6d4989a 4228 graphics optional
imagemagick_6.8.9.9-5+deb8u4.dsc
643660201b8adfb9bf1aa96ac2854fcc 246016 graphics optional
imagemagick_6.8.9.9-5+deb8u4.debian.tar.xz
27439ee49c9a44febab3daa40e6a7e54 150826 graphics optional
imagemagick-common_6.8.9.9-5+deb8u4_all.deb
844f66bd1bbd87cf1c4ddb0aecd9a732 7710016 doc optional
imagemagick-doc_6.8.9.9-5+deb8u4_all.deb
fbdc37bf86adaa0247dedb9eba758a9b 169142 libdevel optional
libmagickcore-6-headers_6.8.9.9-5+deb8u4_all.deb
92448eb4d79ec2ea371ac8d0297d7b1d 132130 libdevel optional
libmagickwand-6-headers_6.8.9.9-5+deb8u4_all.deb
2f2a52e38820a77886fa60c804dd03cf 168076 libdevel optional
libmagick++-6-headers_6.8.9.9-5+deb8u4_all.deb
c2cedf60dbc3d6f794fe78fb6d5fbe10 156996 graphics optional
imagemagick_6.8.9.9-5+deb8u4_amd64.deb
e7e27138e3cf31097bf17831d89003d7 174764 perl optional
libimage-magick-perl_6.8.9.9-5+deb8u4_all.deb
699f834d2bedb3f70c458a90704abe90 130948 libdevel optional
libmagickcore-6-arch-config_6.8.9.9-5+deb8u4_amd64.deb
eab9f3390b878f3e20513937f3e3b120 509726 graphics optional
imagemagick-6.q16_6.8.9.9-5+deb8u4_amd64.deb
f6a81af9c9bce6c40580127e7a199885 1684302 libs optional
libmagickcore-6.q16-2_6.8.9.9-5+deb8u4_amd64.deb
e52bd60ca008823da080e1fc0c168590 171388 libs optional
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u4_amd64.deb
38da729b601db73dd8bb0bc829bd1a14 1028636 libdevel optional
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
86e567782a1344386b39858443382885 405388 libs optional
libmagickwand-6.q16-2_6.8.9.9-5+deb8u4_amd64.deb
609e7bdd4caeee9b19a85f4f1e09b797 393816 libdevel optional
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
a0ae7895bb165140ca6ae6a8d8ef639a 255008 libs optional
libmagick++-6.q16-5_6.8.9.9-5+deb8u4_amd64.deb
69f060af2373d67e1a6fe7918316b78d 223078 libdevel optional
libmagick++-6.q16-dev_6.8.9.9-5+deb8u4_amd64.deb
5eaa24cdfeb2bb22eaba59ab366d0320 5008408 debug extra
imagemagick-dbg_6.8.9.9-5+deb8u4_amd64.deb
207ffb7c08782e8d86bc5503521ea09a 221958 perl optional
libimage-magick-q16-perl_6.8.9.9-5+deb8u4_amd64.deb
2a32f6ec9edb3afb78b1b806320fbdfc 123352 oldlibs extra
perlmagick_6.8.9.9-5+deb8u4_all.deb
00143f11520aa71667c9ae43c35adb9c 123336 oldlibs extra
libmagickcore-dev_6.8.9.9-5+deb8u4_all.deb
eca5a60c914b8d92731b6f9eeb839f1e 123322 oldlibs extra
libmagickwand-dev_6.8.9.9-5+deb8u4_all.deb
cfb83c2ecb2d2bf3de25acacdf81cd0d 123362 oldlibs extra
libmagick++-dev_6.8.9.9-5+deb8u4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXvyVUAAoJEBDCk7bDfE42c60P/21IELUchzJ9jZIeLsAiVcEy
PVX4M4stqbsRSYD3f2wIEdqpX7f/GVR1SyACDYo3oregvcRmcOR2xBfioZCHXvxa
89r/RUsbPm74sULqG+BZzKXNEMhX8vyoozmfBrQA8//P+jN5zEEfrwyfl31PINg6
cT+TOM73uNEpCYnZ+Zeob5Mvnb+7xnnYB0d7v/XEP0VKwqD1eVbWmTCkJ+Fph4q3
/dF6T8CMSULjctdBLqCPBboVvEvpuJOekq6ZsNAtVBIc83dFnYcIK0OYVH+vdw/S
WeCrRzd8jypU8frvIRAnqoP3dzlUs431Rdi4uhdtSPTUN9KekdCW6Ae+YG1P6R4L
YsRtvlWnVCbxCQf7iW4EG5daP3EyiZ8svAhJzr2DCPzqLsdeNqjlkt1eMjatlgzi
X2gMLZTLGe02kfrC3xWzFQx3oqmEf/OarrvY/L0bN79alIHi2XQ/5UmFT5yOm6sZ
3aee/bNuFhXN1bhCneTLiBruQ8Dmm+FqpYZsk4RzC+PnodhajU23YUfft1jJL+X+
1k97p5+svJQblh2iO63/5vBq7vkhcMc2i3d8JYNDizcDyOxM6dNuX7qY8ZTWO7Bt
JQxQ+gU3ecgGpuf2OMsE2Cr9iazPYxtPFSmUbXlSdkx5YKnzwvQNjJHCh+TPRrj4
3vtX8FqDL/W11WVsApA6
=gIQv
-----END PGP SIGNATURE-----
--- End Message ---
