Your message dated Thu, 01 Jun 2017 10:19:04 +0000
with message-id <[email protected]>
and subject line Bug#863833: fixed in imagemagick 8:6.9.7.4+dfsg-10
has caused the Debian Bug report #863833,
regarding imagemagick: CVE-2017-9261: Memory leak in the ReadMNGImage function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
863833: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863833
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-9
Severity: normal
Tags: security patch upstream fixed-upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/476
Hi,
the following vulnerability was published for imagemagick.
CVE-2017-9261[0]:
| In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c
| allows attackers to cause a denial of service (memory leak) via a
| crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9261
[1] https://github.com/ImageMagick/ImageMagick/issues/476
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-10
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 Jun 2017 11:57:38 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-10
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy
package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines
-- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics
routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header
files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files
(Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth
Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra
codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development
files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum
depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra
codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library -
development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files
(Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 863833 863834
Changes:
imagemagick (8:6.9.7.4+dfsg-10) unstable; urgency=medium
.
* Fix minor security bugs:
+ CVE-2017-9262: Memory leak in the ReadJNGImage function
(Closes: #863834).
+ CVE-2017-9261: Memory leak in the ReadMNGImage function
(Closes: #863833).
Checksums-Sha1:
b12fa9d7d0cd04546b295616a2e543f6ace5434f 5137 imagemagick_6.9.7.4+dfsg-10.dsc
ea842a1750bdd9d5f85a479082553991ca91e38a 221408
imagemagick_6.9.7.4+dfsg-10.debian.tar.xz
ee779f7419ddd9c4ebdaa9c67d494d1922c56eaa 12930
imagemagick_6.9.7.4+dfsg-10_source.buildinfo
Checksums-Sha256:
c189d8f36caa0253783636ff978ba2d6ab87556c1c68ffcb4e91db433a96fc67 5137
imagemagick_6.9.7.4+dfsg-10.dsc
3b58fe20f3fb65730560e0f6230353c0b7e5620e3ff687a9ba0daf238ece839c 221408
imagemagick_6.9.7.4+dfsg-10.debian.tar.xz
049ec1835d6398cdb7fd2cd5e4515ad2f22695527b7a5478994d17acf97ea018 12930
imagemagick_6.9.7.4+dfsg-10_source.buildinfo
Files:
39df98c887d134e69299698c5d9f3af7 5137 graphics optional
imagemagick_6.9.7.4+dfsg-10.dsc
aff3e3a4450fb471514cdf6dc3484838 221408 graphics optional
imagemagick_6.9.7.4+dfsg-10.debian.tar.xz
dc2673929d00b5771cf9c8c9b251255a 12930 graphics optional
imagemagick_6.9.7.4+dfsg-10_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlkv5zoACgkQADoaLapB
CF9ivhAAj1E1kb/TMGngXOPcLsWlFhIvDZe3B4JTsWG6k4LJ7xDwyCuhLKxG8JSZ
j0XZe+0j2/T4rNS34sCDBAyvSvS558lOEoi3JO9ijKzDqT4ONhljX/JYCdIsu/Dr
Z6nPyS+Fwf6463ETUB71qzIGCCuPOsQ8mU8twg+G/qG6iEEVy+EAhHSuRHJR/UUg
04U2Wu9jU8yg/YzfbrVPo29RzJwfD8kHPjIou3yxYDVJqEsOK+XhC2u8nIIL+VJP
xIBF4HaC/CEr5pDH6bLH+ztcDtigr24ueLwYnbJjTljx9kjaaEPKpepDYGHzt4wd
FldnEr78OCb79xuPcKukfo1bihgVEqvpEVcHqzbPa5xKpOzGtHMC0FfsN5OqGdKL
TtW0DsDy+HWLbHa2a/ekcP8qkV5SGadJePw9QkKDxcUy6rDiJZH3ydDN3o/4BFoz
6hpFHfPe35h6JwQvDe+8mM5HwvrG/nl+wIl+37NEaUQ2VILPU4cKmuSyeA/s/6hB
k+A3VoTxec7dRH+2Wzs7eCDGYjVVKadM8eTEODq6IiEsuRgBhgjoAvspQBDiMnLx
mh3f7G0pIqK3Vi4vXiUQTGViLEGK6dj3GQE0GHe88ef21T2BiKNHKErO1LUuitmx
9GOccO9UR0VHOrDxyCpebLnkAlbh56ejgGwd1ve6BcnUMCr2csE=
=gxhg
-----END PGP SIGNATURE-----
--- End Message ---
