Your message dated Sat, 26 Aug 2017 15:49:52 +0000
with message-id <[email protected]>
and subject line Bug#873129: fixed in graphicsmagick 1.3.26-7
has caused the Debian Bug report #873129,
regarding graphicsmagick: CVE-2017-13064
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
873129: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873129
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: graphicsmagick
Version: 1.3.26-5
Severity: important
Tags: upstream patch security
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/436/
Hi,
the following vulnerability was published for graphicsmagick.
Remark, I know CVE-2017-13063, CVE-2017-13064, CVE-2017-13065 have the
same fixing commit upstream. I though not verfied if common set goes
back to oldstable, so decided to fill the isuses individually. If you
disagree, please merge those three reports.
CVE-2017-13064[0]:
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in
| the function GetStyleTokens in coders/svg.c:311:12.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-13064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13064
[1] https://sourceforge.net/p/graphicsmagick/bugs/436/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.3.26-7
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated graphicsmagick
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 24 Aug 2017 19:53:07 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev
libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl
graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat
graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.26-7
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing
ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing
ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared
library
libgraphicsmagick++1-dev - format-independent image processing - C++
development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared
library
libgraphicsmagick1-dev - format-independent image processing - C development
files
Closes: 873119 873129 873130
Changes:
graphicsmagick (1.3.26-7) unstable; urgency=high
.
* Fix CVE-2017-13063: heap-based buffer overflow vulnerability in the
GetStyleTokens() function (closes: #873130).
* Fix CVE-2017-13064: another heap-based buffer overflow vulnerability in
the GetStyleTokens() function (closes: #873129).
* Fix CVE-2017-13065: NULL pointer dereference vulnerability in the
SVGStartElement() function (closes: #873119).
Checksums-Sha1:
f7ac14a095d4f2e60bf01be5ffb578ea60e89c6e 2794 graphicsmagick_1.3.26-7.dsc
62c11457542c08692904e0f8174881bed1abf18d 148552
graphicsmagick_1.3.26-7.debian.tar.xz
26917058c14dbb898cd8f714a56e9e6f72dc58f5 3174706
graphicsmagick-dbg_1.3.26-7_amd64.deb
f7501ced1a30b3b7b56d2a9fd743e5a653052546 23768
graphicsmagick-imagemagick-compat_1.3.26-7_all.deb
1903764c9756c7aa84298b0dc3925cb1486e27f1 27206
graphicsmagick-libmagick-dev-compat_1.3.26-7_all.deb
574296c02df28548b5288aeaf16562001f684241 11564
graphicsmagick_1.3.26-7_amd64.buildinfo
619aac2dbebb44460685e4ab1c78ced77a1b73b8 865192
graphicsmagick_1.3.26-7_amd64.deb
57164a1e5b831aee7b8785895c10c16e6ed188f1 70522
libgraphics-magick-perl_1.3.26-7_amd64.deb
2f4e9120bbdefd4428b940e98577491d066b024f 117712
libgraphicsmagick++-q16-12_1.3.26-7_amd64.deb
dfa658ac05116b290ee7230b91ebc2d817f392f9 302956
libgraphicsmagick++1-dev_1.3.26-7_amd64.deb
1816ace45b3067de445a5f0596ee5276f40130ff 1112498
libgraphicsmagick-q16-3_1.3.26-7_amd64.deb
7825d2c2c433b69e5143f49d002b7dc84ed22697 1335856
libgraphicsmagick1-dev_1.3.26-7_amd64.deb
Checksums-Sha256:
cfa24356bae608cdaee06891a1b6ba046b469958653eaf0622dc70bfde969cd1 2794
graphicsmagick_1.3.26-7.dsc
c5e531493a0b1d955ba92ab493a4435684678effe20c10e0383449dd94d6b31d 148552
graphicsmagick_1.3.26-7.debian.tar.xz
0c90e2e3c113814ee6800e5907a526261eb13a5e7ca4983b7ac12d7f5d25c8a8 3174706
graphicsmagick-dbg_1.3.26-7_amd64.deb
9f46ac889a94ea9d8160f404509dc1540186e24c002d56278d5e57a16dcc4e5a 23768
graphicsmagick-imagemagick-compat_1.3.26-7_all.deb
3e5ddf7508af53753df2c81941aa2d371d63385c5b632c46a16da5a573986b62 27206
graphicsmagick-libmagick-dev-compat_1.3.26-7_all.deb
f28efcd3cf35672ad222d111c6da2d48e37431a2ae5bf7f4b07840c20333d9ed 11564
graphicsmagick_1.3.26-7_amd64.buildinfo
f55c4645aaecbbf08c082d1da883504e7bcea8a5925f18e7c6fdb64eaf282a37 865192
graphicsmagick_1.3.26-7_amd64.deb
aea6761199dfb4517f2157f994d7f1464b3c880238302106e146ef3cba4e44bd 70522
libgraphics-magick-perl_1.3.26-7_amd64.deb
b3173219d8d8757f288a9ccfdd6087b4e72aa6de1e8df27913134ddfe18bdc54 117712
libgraphicsmagick++-q16-12_1.3.26-7_amd64.deb
3b990a06d913e4fa9bee8814142672dc23fc36cd0de1ded55769355bc6cb7d49 302956
libgraphicsmagick++1-dev_1.3.26-7_amd64.deb
770d1c053f922e79c7d94f955e193983adc538c5a263a3ce2496ff0a64be0f9f 1112498
libgraphicsmagick-q16-3_1.3.26-7_amd64.deb
ece35ff0ec807c3421160c7fe8f799e6e7e328e0439e69977c28ccfa31643fca 1335856
libgraphicsmagick1-dev_1.3.26-7_amd64.deb
Files:
49a321571790326c07f9fe4e6bbdeff3 2794 graphics optional
graphicsmagick_1.3.26-7.dsc
b0401ab95b31c7a54c98237642c30f83 148552 graphics optional
graphicsmagick_1.3.26-7.debian.tar.xz
0d25ced5d258659c34946811f582f444 3174706 debug extra
graphicsmagick-dbg_1.3.26-7_amd64.deb
8355dbe13d143b5de3b63f07c0a98b3f 23768 graphics optional
graphicsmagick-imagemagick-compat_1.3.26-7_all.deb
5ba0f14e603158dc8242e9dc5f9996b1 27206 graphics optional
graphicsmagick-libmagick-dev-compat_1.3.26-7_all.deb
f75074d686c3fda85f7bf8e002da8278 11564 graphics optional
graphicsmagick_1.3.26-7_amd64.buildinfo
6205acaadcb06e534ff22b6ca2b3e961 865192 graphics optional
graphicsmagick_1.3.26-7_amd64.deb
03bc7da0c3c6ecdb965884e5c69551a1 70522 perl optional
libgraphics-magick-perl_1.3.26-7_amd64.deb
83204493139aff9b67181fbc33dce886 117712 libs optional
libgraphicsmagick++-q16-12_1.3.26-7_amd64.deb
b2f31c3ea2e871919f444f2716cd57c1 302956 libdevel optional
libgraphicsmagick++1-dev_1.3.26-7_amd64.deb
f5d713475d95b3aab1abc3b65ed59fdc 1112498 libs optional
libgraphicsmagick-q16-3_1.3.26-7_amd64.deb
07a55cbcced59cc34151eeb0628a84a3 1335856 libdevel optional
libgraphicsmagick1-dev_1.3.26-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlmhjGMACgkQ3OMQ54ZM
yL9oDg/+PjUIPCNEOww0zF51DLgxSJh96arANFpbUjw/0ykkfu2S8kii3eoeUfIl
9tZyTE76Vr487K4K3x4KZbCORw9F6JO1QoQlpW1UDBGzT/S12rHn+HfmPu1+zy/Z
5On8SMZfdqD0IxG+ImsHvpfSfnlpUQ3OcUVAdTLW6nHKH2O3V6lkHq3TZuNtb3gZ
G+hHTGRNhVxzFNxH93xLdqiO+Lm683EId+DQogTHgqHjdenEA6sh5qDgHnwB/lty
5kPS3BHZLIKovo+KG8btzD+GDSpwbJYskyneMlQHhT5pEiGGhu13txFqycxfq3FB
okykoBwsB4LL+y4uUBJk0SojfQl0HVApApnQ7aKcXT3RficmiXrJ4M5aXx8/2L+9
GFoDAG3gyQErwot8d8CjuTHdCoSu5C3uVlBDWu6vIRm3y/sOevSmYA9eEUx5X2b/
krFBbnFJJWJYiTY/YnN7VjimnuKPTXa2uU/64cv7tPcyfcl90WRNsETbVEsSN0CT
MhKKgn0ie5pDjJAlzWdE6RMU3QSJNOMCwECrVUhHVxQcpjAZJ52+WUnbA9b26UHc
lAL9y/YxkXgdww7pt+v0dZ3RL5ptnqdOhg0eYtUjEmKx+JtbVLVwiiQAGFc1q+Fu
x7p2NoDpXUCVCErNZw7273AwMm1lkQyKb7W1k13GvW6V++Bnui8=
=VKrM
-----END PGP SIGNATURE-----
--- End Message ---
