Bug#683285: marked as done (CVE-2012-3437)

[Debian Bug Tracking System]

Your message dated Mon, 30 Jul 2012 22:03:02 +0000
with message-id <e1svy3k-0002sc...@franck.debian.org>
and subject line Bug#683285: fixed in imagemagick 8:6.7.7.10-3
has caused the Debian Bug report #683285,
regarding CVE-2012-3437
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
683285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683285
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: imagemagick
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3437 for 
details.

Please fix this for Wheezy with an isolated fix instead of updating to a new 
upstream release (since the freeze is in effect)

This doesn't warrant a DSA, but can be fixed through a stable point update for
Squeeze (adding Jonathan to CC, who's managing this)

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: imagemagick
Source-Version: 8:6.7.7.10-3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 683...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated 
imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 30 Jul 2012 22:47:47 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc 
libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 
libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.7.7.10-3
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com>
Description: 
 imagemagick - image manipulation programs
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libmagick++-dev - object-oriented C++ interface to ImageMagick - development 
files
 libmagick++5 - object-oriented C++ interface to ImageMagick
 libmagickcore-dev - low-level image manipulation library - development files
 libmagickcore5 - low-level image manipulation library
 libmagickcore5-extra - low-level image manipulation library - extra codecs
 libmagickwand-dev - image manipulation library - development files
 libmagickwand5 - image manipulation library
 perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 683285
Changes: 
 imagemagick (8:6.7.7.10-3) unstable; urgency=high
 .
   * Bug fix: "CVE-2012-3437", ImageMagick: Magick_png_malloc() size
     argument thanks to Moritz Muehlenhoff (Closes: #683285).
Checksums-Sha1: 
 01ad45561e3c553fb3cfa67207a374b9dc093bfb 2505 imagemagick_6.7.7.10-3.dsc
 eb8efe1085466adaa8dc7d6de96cf952a000a637 132184 
imagemagick_6.7.7.10-3.debian.tar.bz2
 72152171da364578d7ff9d02a280345b4335adad 284526 
imagemagick_6.7.7.10-3_amd64.deb
 b304c51b1f34607fa54c4728683d1296b8579622 6275018 
imagemagick-dbg_6.7.7.10-3_amd64.deb
 91619cc2de8135cf80d9ec08c703130cf2f5e9e7 127810 
imagemagick-common_6.7.7.10-3_all.deb
 2c10cae0ed58c76b4daf230aa1ea89a865386deb 5627548 
imagemagick-doc_6.7.7.10-3_all.deb
 d00ad424ebbebe394fd8ff92775afae7fc575c92 2082882 
libmagickcore5_6.7.7.10-3_amd64.deb
 f03ab1757842383359494832a34b2afc114aeff2 163386 
libmagickcore5-extra_6.7.7.10-3_amd64.deb
 d532564f4162bcd702ea371ebb9720aea0a22a21 1386230 
libmagickcore-dev_6.7.7.10-3_amd64.deb
 f504860fe84f2a0f100ddf947a77db47e46b42d1 461860 
libmagickwand5_6.7.7.10-3_amd64.deb
 33f6dce72ad75eca5855c425ac859a34bcc16448 543964 
libmagickwand-dev_6.7.7.10-3_amd64.deb
 6f79cfcdc708c9d635bf4d64e934bcb22b27224e 236128 
libmagick++5_6.7.7.10-3_amd64.deb
 06bf131b21f979bcfefbad427b51d3149ef410b9 284536 
libmagick++-dev_6.7.7.10-3_amd64.deb
 147b71230ff1d5276e55038c2a4bcdcc8ec4d16f 255204 perlmagick_6.7.7.10-3_amd64.deb
Checksums-Sha256: 
 06f5875094ecf809fd5d32c0285713c293dfeab275c55045347b3e2b35d9ed85 2505 
imagemagick_6.7.7.10-3.dsc
 e3192bdcf8d9a9412ded9e34662d4196e5ca20b9ed7e6156fd7677c2551d5cbf 132184 
imagemagick_6.7.7.10-3.debian.tar.bz2
 5443d0d501c4c72b36015585690c961b5c2b72bdad43d8f7940ea92fd9a5c87b 284526 
imagemagick_6.7.7.10-3_amd64.deb
 62e0c1f85cc366a21b97bad5f19bea0efe4e730021bee6b4ab649c872fc77331 6275018 
imagemagick-dbg_6.7.7.10-3_amd64.deb
 cedfce612fcc6272e7b3d947fec78d9a60d0c4a83ca0422ccbff779e9773a5eb 127810 
imagemagick-common_6.7.7.10-3_all.deb
 f4b1b84ae34dbe630a2fb4ca256197505a3e13266dc864984675b20d0f09938e 5627548 
imagemagick-doc_6.7.7.10-3_all.deb
 98774db66222e7fcc682e55e422f9418e740dfdd81e0ada8aed5f7d668edac7a 2082882 
libmagickcore5_6.7.7.10-3_amd64.deb
 d2ab429bacc882ec9329261406448b98829e69be76c0174f91b6d87e577d4f39 163386 
libmagickcore5-extra_6.7.7.10-3_amd64.deb
 db034514d2e08dd2f0865b35810524998b0f2f20a12864981464223994671634 1386230 
libmagickcore-dev_6.7.7.10-3_amd64.deb
 9092da17f05208af80ea08e45661229b5442fb283d9129889311fadf5fee3ac1 461860 
libmagickwand5_6.7.7.10-3_amd64.deb
 89b81e5ac657e81fb1e24bc435e86939469099fab8c65b703ecb678acffdef21 543964 
libmagickwand-dev_6.7.7.10-3_amd64.deb
 eeb6af2e40bc55aed99245043b6bbf11536bac0f439f7373367d800a6c2eb614 236128 
libmagick++5_6.7.7.10-3_amd64.deb
 8ae74e143541062821fa7e35d9d8ec5cef00c4c27470af5495d7440460eba9aa 284536 
libmagick++-dev_6.7.7.10-3_amd64.deb
 ff1febf12b722c2debb3580bd2474ae84f8916f395f39d160c42f10f99b1269c 255204 
perlmagick_6.7.7.10-3_amd64.deb
Files: 
 b611638ede5d3b6e614dad15367003a4 2505 graphics optional 
imagemagick_6.7.7.10-3.dsc
 f22bd708b87554caedb43c9c1d76ebf8 132184 graphics optional 
imagemagick_6.7.7.10-3.debian.tar.bz2
 2311a472481174a10fcc612981695ede 284526 graphics optional 
imagemagick_6.7.7.10-3_amd64.deb
 129ba6ce79d2f2cb1b484bb43bb12a36 6275018 debug extra 
imagemagick-dbg_6.7.7.10-3_amd64.deb
 60340b6a56c1fb0e5163bde2062748d1 127810 graphics optional 
imagemagick-common_6.7.7.10-3_all.deb
 24a21b9d0ab54d42e9802389d5e1b2b4 5627548 doc optional 
imagemagick-doc_6.7.7.10-3_all.deb
 6edd2540fbb9873803c519682d933162 2082882 libs optional 
libmagickcore5_6.7.7.10-3_amd64.deb
 c2c2bc0e28feb3eb51898641f24dad32 163386 libs optional 
libmagickcore5-extra_6.7.7.10-3_amd64.deb
 0905c5d1869fce007dd174a6f6281916 1386230 libdevel optional 
libmagickcore-dev_6.7.7.10-3_amd64.deb
 320b7d6b42b39f7e2d800d5f886ab8bc 461860 libs optional 
libmagickwand5_6.7.7.10-3_amd64.deb
 076470e146723e600caf34e50bb5af50 543964 libdevel optional 
libmagickwand-dev_6.7.7.10-3_amd64.deb
 2f5823f82cff493d4cc7405af5ed5923 236128 libs optional 
libmagick++5_6.7.7.10-3_amd64.deb
 f6571cc6de8c1999c77d5afcbcf68aa9 284536 libdevel optional 
libmagick++-dev_6.7.7.10-3_amd64.deb
 24a5e4ada7b43a2bec2e924869bb8118 255204 perl optional 
perlmagick_6.7.7.10-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlAXATMACgkQx/UhwSKygsrKlQCfXTmN+J3+mKnDKzSdOMBjFjvU
SWQAoKxR0E9l3fibCJHE/InsmddYHtUN
=UXHE
-----END PGP SIGNATURE-----

--- End Message ---