Your message dated Mon, 04 Jan 2016 12:02:14 +0000 with message-id <[email protected]> and subject line Bug#799524: fixed in imagemagick 8:6.9.2.10+dfsg-1 has caused the Debian Bug report #799524, regarding multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 799524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799524 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: src:imagemagick Version: 8:6.8.9.9-5 Severity: serious Tags: security Current version of imagemagick in stable/unstable is affected by multiple security bugs: - A DOS on specially crafted MIFF file (TEMP-0000000-FDAC72). - A DOS on specially crafted Vicar file (TEMP-0000000-EEF23C). - A DOS on specially crafted HDR file (TEMP-0000000-7C079F). - A DOS on specially crafted PDB file (TEMP-0000000-2FC21E). - Avoid a null pointer dereference in JNG decoder. - Avoid a DOS for RLE file. - Avoid double free on TGA file. - Avoid a bufer overflow by using field limit in sprintf. - Avoid a stack overflow in fx handling. More info there: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362 This bug report is just for tracking. Vincent -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.2.10+dfsg-1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <[email protected]> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 27 Dec 2015 22:36:38 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-6 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.9.2.10+dfsg-1 Distribution: experimental Urgency: medium Maintainer: ImageMagick Packaging Team <[email protected]> Changed-By: Bastien Roucariès <[email protected]> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-6 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 762004 763799 798597 799524 799891 Changes: imagemagick (8:6.9.2.10+dfsg-1) experimental; urgency=medium . * New upstream version. * Repack in order to avoid non free test images from upstream. * Security bug fixes (Closes: #799524, #799891) - Fix a Null dereference in coders/png.c (LP: #1492881). - Fix a double free in coders/tga.c (LP: #1490362). - Avoid a null pointer dereference in JNG decoder. - Avoid a DOS for RLE file.. - Avoid a bufer overflow by using field limit in sprintf. - Avoid a stack overflow in fx handling. - Fixed size of memory allocation in RLE coder to avoid segfault (LP: #1496649). - Add extra checks to avoid out of bounds error when parsing the 8bim profile. (LP: #1496645). - Fixed memory leak when reading incorrect PSD files - Fix PixelColor off by one on i386. - Fix out of bounds error in -splice operator. - Prevent null pointer access in magick/constitute.c - Fix another memory leak in string handling. * Fix density of JPEG working around TeX bug (Closes: #763799). * Recompile with g++-5 (Closes: #798597). * Replace quantum depth by channel depth (Closes: #762004). * Prepare imagemagick 7 by renaming imagemagick-common package to imagemagick-6-common and imagemagick-doc to imagemagick-6-doc. * Symlink doc dir of arch:all package to imagemagick-6-common. Checksums-Sha1: f20890b5ae90d79e7098bc490c082ae68e6965e1 3978 imagemagick_6.9.2.10+dfsg-1.dsc 0ed68e8d6d380c607045c4cbe367b3405b875ddc 8698752 imagemagick_6.9.2.10+dfsg.orig.tar.xz 331670bcd4207db232a08908cfa07651b37558c8 189516 imagemagick_6.9.2.10+dfsg-1.debian.tar.xz 522235e8ec49a3a24f7e0eb920e1019c1e8ec6df 156776 imagemagick-6-common_6.9.2.10+dfsg-1_all.deb 07c2849118988005c4eb8b48d3867084db43c434 7403292 imagemagick-6-doc_6.9.2.10+dfsg-1_all.deb b3fd1087bb3c1efc33f0e0bb4208abc0352047c8 90334 imagemagick-6.q16-dbgsym_6.9.2.10+dfsg-1_amd64.deb f23a371d65194da1c59e7db2e38cf2e5c169ffc0 519744 imagemagick-6.q16_6.9.2.10+dfsg-1_amd64.deb 0f3be5abf107ade0f262f1cd14c38127a4fb906a 1378 imagemagick-common_6.9.2.10+dfsg-1_all.deb ada0fabaaa6bd7f57c0e4d0be2ae3e795488e0c9 1242 imagemagick-doc_6.9.2.10+dfsg-1_all.deb e7b49999be0e5534c00a08d810bfa5c33e4904a7 163110 imagemagick_6.9.2.10+dfsg-1_amd64.deb 4ea7d64296243557c348a9903629aea5193966ea 53088 libimage-magick-perl_6.9.2.10+dfsg-1_all.deb 047e4e6298763c40cb2baaddadfb9ef8b2fe3fe9 354292 libimage-magick-q16-perl-dbgsym_6.9.2.10+dfsg-1_amd64.deb 3bc1155a7855618632176cc9790556728111d299 225672 libimage-magick-q16-perl_6.9.2.10+dfsg-1_amd64.deb 03ca226ac5ea5586624456bff4d352585b557e6d 47336 libmagick++-6-headers_6.9.2.10+dfsg-1_all.deb 124e4b70462e495628a1f6a2a3055286917f2d8b 873918 libmagick++-6.q16-6-dbgsym_6.9.2.10+dfsg-1_amd64.deb e0db1dfa44ae22df2085c1123fcd86d32a44b003 262734 libmagick++-6.q16-6_6.9.2.10+dfsg-1_amd64.deb a709ace9ef7f042502c954b3921b3ec39a134c50 231642 libmagick++-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb 0ca1d28c3a9b3e57db1d8a189a93bf1c615de16f 1256 libmagick++-dev_6.9.2.10+dfsg-1_all.deb 737f25058576b33a831d1151760af67748df1e84 137170 libmagickcore-6-arch-config_6.9.2.10+dfsg-1_amd64.deb b08d7baa1a9359f0bca25fb07d849daa2b32f821 47028 libmagickcore-6-headers_6.9.2.10+dfsg-1_all.deb 4bfac3043d6de4a8f014630ed972c69a6ca5c5f0 4258252 libmagickcore-6.q16-2-dbgsym_6.9.2.10+dfsg-1_amd64.deb b25f5ea9e09ffbc342250baa39543f31a6da5df2 162810 libmagickcore-6.q16-2-extra-dbgsym_6.9.2.10+dfsg-1_amd64.deb b849581ee2f9c680b2d103cf5c7e086c21c462ab 177684 libmagickcore-6.q16-2-extra_6.9.2.10+dfsg-1_amd64.deb e8187f57a5269545608c27cac041f8fc104e4a46 1714842 libmagickcore-6.q16-2_6.9.2.10+dfsg-1_amd64.deb 60e2d795dad202523d31aa70e7c442fad29388d5 1045216 libmagickcore-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb 64a94df36a87e4ae4ad739aad906b62bd329c57e 1230 libmagickcore-dev_6.9.2.10+dfsg-1_all.deb f13987757f4c102b6e2688eb2debcf653d0c7f24 10446 libmagickwand-6-headers_6.9.2.10+dfsg-1_all.deb d8c8495a71c078b21bbdac26f55eed7ab97febcb 671430 libmagickwand-6.q16-2-dbgsym_6.9.2.10+dfsg-1_amd64.deb 292ac1e606799b133fbd00f13aaeca795d8c2d04 409218 libmagickwand-6.q16-2_6.9.2.10+dfsg-1_amd64.deb f937fc30f4caa1d8c894235536d1a874ac735c7f 398380 libmagickwand-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb 755f438267d6a0790ace2c579b7a1ce474610c11 1208 libmagickwand-dev_6.9.2.10+dfsg-1_all.deb c37530eb5d905dc37e89f7ab1a6a0ae76ff2101b 1234 perlmagick_6.9.2.10+dfsg-1_all.deb Checksums-Sha256: fea44d97897759627c3231803cae0058bdec788471c05e7baba7556eb893dfe5 3978 imagemagick_6.9.2.10+dfsg-1.dsc fbd721206b7994dae942813630e19e9087065afa09fc8581a93215ca51cda48a 8698752 imagemagick_6.9.2.10+dfsg.orig.tar.xz 3679dd59eff0082404045ab5c06d5d445617e9c86d96f60117c101e13acb50ef 189516 imagemagick_6.9.2.10+dfsg-1.debian.tar.xz 2eebc291aadeb65b4c3da05e18eaa4ddcc7333b506a7efe4ae781dd4f6e56e54 156776 imagemagick-6-common_6.9.2.10+dfsg-1_all.deb e535e4fb991a44be9e3284474586240868d4d1c0bdfd706f81daa0e7a7cf3a17 7403292 imagemagick-6-doc_6.9.2.10+dfsg-1_all.deb bf81f62a3e683affe0aab216bafa3d7fc7a0195761deac60a15403b535573e3a 90334 imagemagick-6.q16-dbgsym_6.9.2.10+dfsg-1_amd64.deb 5df62e8c4ccd43a0100f0adff99bab1b4e9598f27d5dffc82e73f9f1cf961884 519744 imagemagick-6.q16_6.9.2.10+dfsg-1_amd64.deb b30b5af7ba87f0de435c8f0fc5e150cad4abb1da0796faaa8bba21d06c6b95cb 1378 imagemagick-common_6.9.2.10+dfsg-1_all.deb 0bfddd5648a269b0d27987433360a7a8529ede2fb1a52d1e2f8d2e0fca0cabca 1242 imagemagick-doc_6.9.2.10+dfsg-1_all.deb c257db7ee9cc555ca5ee6162de4899765efc8c5541beb6635d1633a8ffcb65e3 163110 imagemagick_6.9.2.10+dfsg-1_amd64.deb bea6a768047cbe9444591333628806c2af1c08465c72a499ba0b0b0a8eef25ac 53088 libimage-magick-perl_6.9.2.10+dfsg-1_all.deb 1fbec5a9cfbe83dbef13fb68a149a976479538f28665698a2c4b4b95839790fe 354292 libimage-magick-q16-perl-dbgsym_6.9.2.10+dfsg-1_amd64.deb d0dfaea003497fa35f6ef20b60a81cda4951b0a8db76478b16881e7aff5a6be5 225672 libimage-magick-q16-perl_6.9.2.10+dfsg-1_amd64.deb 8681c0a11054f69f4fcc95c6589b1ae688c01a199937964cb57971a5c6157252 47336 libmagick++-6-headers_6.9.2.10+dfsg-1_all.deb 217333202e99792b6d09b21359891fe67d9de1acad1a21cd26316b9f3e5c9b58 873918 libmagick++-6.q16-6-dbgsym_6.9.2.10+dfsg-1_amd64.deb c3734c4ba0d9c8c585ac27eb2274aba40bae6035ac9b1d139fc1b5650768bf7a 262734 libmagick++-6.q16-6_6.9.2.10+dfsg-1_amd64.deb 48d50a121dde00aa3b6f4862b1ab5b0080feff78a396624dfae99c1411016546 231642 libmagick++-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb 4b1f1b678b4425aecce37d5e0d62fe81e533b4b6fe72ee81982bc8eaac84e875 1256 libmagick++-dev_6.9.2.10+dfsg-1_all.deb 473c0ae2d69940f541819e245dfd53420c4d0a3f8c0e68d71221c14f069a570a 137170 libmagickcore-6-arch-config_6.9.2.10+dfsg-1_amd64.deb 409c3a99b003d1b5fe762d17dcd5265c80b98879b778f692a1864bd00295c9d9 47028 libmagickcore-6-headers_6.9.2.10+dfsg-1_all.deb b60c9ca2d0b0686246db885869b655dff89f98e97a77582d75c344deaedd9c7c 4258252 libmagickcore-6.q16-2-dbgsym_6.9.2.10+dfsg-1_amd64.deb e4e3204c2adbb71380ed3022bd2513a337ced167e6121c6c68cad9995ffa604e 162810 libmagickcore-6.q16-2-extra-dbgsym_6.9.2.10+dfsg-1_amd64.deb cc20cf93bd28e3601d3a7aed8cfb6b79ee2cd9a32a05f9879d0c11298e8364fe 177684 libmagickcore-6.q16-2-extra_6.9.2.10+dfsg-1_amd64.deb b1a989f40e15c54364c8cdb7a2a2ff1cba1156e2d07e505427e92de9e8fde066 1714842 libmagickcore-6.q16-2_6.9.2.10+dfsg-1_amd64.deb 0aefcb7f33f73e32fb6c07276ff8becb2b26ef089c7a968143eefacd6c47b1b3 1045216 libmagickcore-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb 0e514ef524ee64c54a4dc84a9863083cecf1201ad27d74db71c85783cb71c348 1230 libmagickcore-dev_6.9.2.10+dfsg-1_all.deb 21b6e66bfcee52d8204a56797792aeb9a3e4a64d1ab5811ea1e66d8d40d25cf9 10446 libmagickwand-6-headers_6.9.2.10+dfsg-1_all.deb e650ca60edfeb0a7beda02d1588ae3a438ce95f6dc6c74c94f34776a4f0ef799 671430 libmagickwand-6.q16-2-dbgsym_6.9.2.10+dfsg-1_amd64.deb b3ebdfcb5f016c289e26f796a84143d0491ddd3b443b8a1c87ff62d5b4c58e47 409218 libmagickwand-6.q16-2_6.9.2.10+dfsg-1_amd64.deb e788f52aec0d90b17484994837b8310fd1ea9fe2b6ed13f0f7d296a4c85b4fff 398380 libmagickwand-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb d9b356fecc2d8b6a47cd9b5127166f12eb9217360b7ed1e82849e3382315e1c2 1208 libmagickwand-dev_6.9.2.10+dfsg-1_all.deb cda4faedde7cf6ac330ab03636453f1c86a156b0a588c5205a0d286a438d4c0b 1234 perlmagick_6.9.2.10+dfsg-1_all.deb Files: 6001bef8edd6c0487cce5b764233fd6e 3978 graphics optional imagemagick_6.9.2.10+dfsg-1.dsc 37e9d84d6e37d589b40148d9cdeafebc 8698752 graphics optional imagemagick_6.9.2.10+dfsg.orig.tar.xz 1f69b2e0df32f21680296ca24ba1b6d8 189516 graphics optional imagemagick_6.9.2.10+dfsg-1.debian.tar.xz 5b479834d8ab98621cb6472bd060ca2b 156776 graphics optional imagemagick-6-common_6.9.2.10+dfsg-1_all.deb ec233486c7158544ef0d1c65e75c621c 7403292 doc optional imagemagick-6-doc_6.9.2.10+dfsg-1_all.deb e1160f3bf780175615fbb4b7460961f0 90334 debug extra imagemagick-6.q16-dbgsym_6.9.2.10+dfsg-1_amd64.deb efe526a5e8f5ba2a5362209e2d743201 519744 graphics optional imagemagick-6.q16_6.9.2.10+dfsg-1_amd64.deb 18a8b8a14e6bc3a409b0923d5490ee68 1378 oldlibs extra imagemagick-common_6.9.2.10+dfsg-1_all.deb 7dd3010d15cede9dfbff22c6d5baac6d 1242 oldlibs extra imagemagick-doc_6.9.2.10+dfsg-1_all.deb b00252cdeb71b41e34fab9b78f667e16 163110 graphics optional imagemagick_6.9.2.10+dfsg-1_amd64.deb 4fd61b0b50cdc15792c3f86f460c9a1e 53088 perl optional libimage-magick-perl_6.9.2.10+dfsg-1_all.deb a481b0796830c11c4551a49dfb18bfca 354292 debug extra libimage-magick-q16-perl-dbgsym_6.9.2.10+dfsg-1_amd64.deb d5ffe94bd05a97e5cf2bb302b0dd9a0f 225672 perl optional libimage-magick-q16-perl_6.9.2.10+dfsg-1_amd64.deb 9a60611c9df15eb5d0b1b6ab7ddad7c0 47336 libdevel optional libmagick++-6-headers_6.9.2.10+dfsg-1_all.deb f27b4d9fc20ffec1739b889748f45b4f 873918 debug extra libmagick++-6.q16-6-dbgsym_6.9.2.10+dfsg-1_amd64.deb e70d55611e8f90e555c9b00c9cf87f71 262734 libs optional libmagick++-6.q16-6_6.9.2.10+dfsg-1_amd64.deb 1a37d4b96d747d798e3742903f667e9b 231642 libdevel optional libmagick++-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb 829bf8f73cb3f00bee0ed3e27a9f6da1 1256 oldlibs extra libmagick++-dev_6.9.2.10+dfsg-1_all.deb dd99812cea99c871a7853aea0e4c4a62 137170 libdevel optional libmagickcore-6-arch-config_6.9.2.10+dfsg-1_amd64.deb 0441bd003405cd4c0bf9308e6ebbd169 47028 libdevel optional libmagickcore-6-headers_6.9.2.10+dfsg-1_all.deb ccb51c9985408d0d249185d86dddd875 4258252 debug extra libmagickcore-6.q16-2-dbgsym_6.9.2.10+dfsg-1_amd64.deb d9b313c8df1fb24a0d53291941bed8da 162810 debug extra libmagickcore-6.q16-2-extra-dbgsym_6.9.2.10+dfsg-1_amd64.deb ff15653e1ed282a2ca999ca1b0b5f2eb 177684 libs optional libmagickcore-6.q16-2-extra_6.9.2.10+dfsg-1_amd64.deb f81558b7becc44c3bb7e2707e2517b05 1714842 libs optional libmagickcore-6.q16-2_6.9.2.10+dfsg-1_amd64.deb f217fc1f28030a65a027b899b6067540 1045216 libdevel optional libmagickcore-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb ad332b7ed0eda0d1370570859a4b784d 1230 oldlibs extra libmagickcore-dev_6.9.2.10+dfsg-1_all.deb ec0d375f7fec3c90aa1e25361a876ece 10446 libdevel optional libmagickwand-6-headers_6.9.2.10+dfsg-1_all.deb 795e1fd1d97186d69bce929ea6c9ff63 671430 debug extra libmagickwand-6.q16-2-dbgsym_6.9.2.10+dfsg-1_amd64.deb e5e5639eb53b23f006259c67fdeed670 409218 libs optional libmagickwand-6.q16-2_6.9.2.10+dfsg-1_amd64.deb 77909ea03299659a5621ca39b67c0719 398380 libdevel optional libmagickwand-6.q16-dev_6.9.2.10+dfsg-1_amd64.deb 0e46effaf4f704d68492c9880873b69d 1208 oldlibs extra libmagickwand-dev_6.9.2.10+dfsg-1_all.deb 6435e4b982fd45b39521419b94299393 1234 oldlibs extra perlmagick_6.9.2.10+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWgcOgAAoJEO3GeJm/E8RXUkQIAKMgGIGMRXz7ILumFm2ZuY07 b4Ndz73n+mYR0+djFDCfsfUgQEzwLqaBwHHoOkuRMRcfhnucbfUXUyZ5rTggu4wt daRAbEIcZ+3b7LtKfRmeGpo8cxmCcUL3/Re4T02pUKw+QIKriWjmSAxRaEehGZNH fDAnam+eMrFpGm+iJ1/hQCW3e+FzHiOTLXHbqpO2huPjyNCD0xnJvnfg1m8mIZJV ckrwJWgV6YU1qRmgESr6ZzBzaG3UkR7IeZLJuynQc1Z7xD9D546cCbpFym5bFZqN 3YxDxs+ldEs7lcyMR84swEqGnX3cpLi2+b+IY1r1lzHUhqoHlk1Kj6T43HX/fog= =HV+Z -----END PGP SIGNATURE-----
--- End Message ---
