Bug#873134: marked as done (imagemagick: CVE-2017-12983)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +0000
with message-id <e1egbrl-0005p7...@fasolo.debian.org>
and subject line Bug#873134: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #873134,
regarding imagemagick: CVE-2017-12983
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
873134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873134
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/682

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-12983[0]:
| Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c
| in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of
| service (application crash) or possibly have unspecified other impact
| via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12983
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12983
[1] https://github.com/ImageMagick/ImageMagick/issues/682

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <j...@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Moritz Muehlenhoff <j...@debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 
files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 
876488 878507 878508 878527 878562 878578 881392
Changes:
 imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium
 .
   * Multiple security fixes
     CVE-2017-12983 (Closes: #873134)
     CVE-2017-13134 (Closes: #873099)
     CVE-2017-13769 (Closes: #878507)
     CVE-2017-14224 (Closes: #876097)
     CVE-2017-14607 (Closes: #878527)
     CVE-2017-14682 (Closes: #876488)
     CVE-2017-14989 (Closes: #878562)
     CVE-2017-15277 (Closes: #878578)
     CVE-2017-11352 (Closes: #868469)
     CVE-2017-11640 (Closes: #870067)
     CVE-2017-12431 (Closes: #869715)
     CVE-2017-12640 (Closes: #870106)
     CVE-2017-13139 (Closes: #870109)
     CVE-2017-13144 (Closes: #869728)
     CVE-2017-13758 (Closes: #878508)
     CVE-2017-16546 (Closes: #881392)
     CVE-2017-12877 (Closes: #872373)
Checksums-Sha1:
 b6b9f8ab9c1a83aa475491eb2c1bd0c3328d1b42 4228 imagemagick_6.8.9.9-5+deb8u11.dsc
 bc2b5fdd108515867075437a482ad99e0733d212 293332 
imagemagick_6.8.9.9-5+deb8u11.debian.tar.xz
 a75273b95705b9b0e7459fa7d4711ab1facbb82c 153236 
imagemagick-common_6.8.9.9-5+deb8u11_all.deb
 13f69c8b1d0f87c8be1a2a978143e1e09a209770 7656136 
imagemagick-doc_6.8.9.9-5+deb8u11_all.deb
 8c7f7b23cf094bd8168dc20ef0c59b76fab5232d 171710 
libmagickcore-6-headers_6.8.9.9-5+deb8u11_all.deb
 0967995516fce7f94051806b86650084a1468ed0 134632 
libmagickwand-6-headers_6.8.9.9-5+deb8u11_all.deb
 6e60ab7cf28fdd2f8232152421c3d8c683ff867b 170480 
libmagick++-6-headers_6.8.9.9-5+deb8u11_all.deb
 7a49c5cd66843f14f99ed7ac0f84e6b9f3c2b470 160064 
imagemagick_6.8.9.9-5+deb8u11_amd64.deb
 dd4577b678d108502c74371426f0d192a6dfa80f 178684 
libimage-magick-perl_6.8.9.9-5+deb8u11_all.deb
 7f4555b85f2a8ea4935861814562780a2859484c 133468 
libmagickcore-6-arch-config_6.8.9.9-5+deb8u11_amd64.deb
 7c1144148dccff6f6d7ee4b15ca4dee91f1aacb6 513024 
imagemagick-6.q16_6.8.9.9-5+deb8u11_amd64.deb
 2cc3b535e04182861beca3b6c4b76767268fa47e 1694962 
libmagickcore-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 b35d68e86c765f0513f2b7d856607e1a838e0f1e 173934 
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u11_amd64.deb
 30a0e4db2a34d305c5f7d7a4879ec12b0a48e053 1031176 
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 c11126ee2d4b846aed3e6df8364e7e5701430042 406902 
libmagickwand-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 3433860520107542b2116c3a0d8f26c3e09bfc40 394242 
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 b8dd01be8e7aa52d28796d058707104e7265ca7c 257650 
libmagick++-6.q16-5_6.8.9.9-5+deb8u11_amd64.deb
 fd18a992a46dedc440dce2bed5f75812f91827d1 225254 
libmagick++-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 82a0c1d8da85533acdbf2b765557cf1dd71c1236 5011280 
imagemagick-dbg_6.8.9.9-5+deb8u11_amd64.deb
 285e60515a2ba23e6c827aac6ab6419f97f424ae 224668 
libimage-magick-q16-perl_6.8.9.9-5+deb8u11_amd64.deb
 52b93797f8aba2cc445228c76ce5687304d7ed7a 125800 
perlmagick_6.8.9.9-5+deb8u11_all.deb
 95c687e5b0b8d8cd6aaf698483451a39657fdf82 125768 
libmagickcore-dev_6.8.9.9-5+deb8u11_all.deb
 8a2a967732985e96d972a836c376c38cd18b2c84 125762 
libmagickwand-dev_6.8.9.9-5+deb8u11_all.deb
 7dda94b2d620f43bc7c751614b52b545a8005e7c 125792 
libmagick++-dev_6.8.9.9-5+deb8u11_all.deb
Checksums-Sha256:
 837016302c1eec0140dad8fe37a88acc2e3f48ee058ea467e15b6c8d692c90e0 4228 
imagemagick_6.8.9.9-5+deb8u11.dsc
 efac665d5c7864cbd83ca913ccce82be03a858c4770a0020a1d0ac43e9f47ada 293332 
imagemagick_6.8.9.9-5+deb8u11.debian.tar.xz
 ab415a0eadfd07760229283547fd927f825fc8f72fb142520a3b146824d2d7ad 153236 
imagemagick-common_6.8.9.9-5+deb8u11_all.deb
 9a9eec48be2798fae87ebc09f15e5a94407505ee7d204b0f2c9af391b8ff22cb 7656136 
imagemagick-doc_6.8.9.9-5+deb8u11_all.deb
 38830227a3204969daca9edee8539261d9f746a63d4a2a937639f0035d4a72ff 171710 
libmagickcore-6-headers_6.8.9.9-5+deb8u11_all.deb
 860c35349ec468a67863eff600e1c4c49c6dfb418e113d654e4f8be5f8cd4af0 134632 
libmagickwand-6-headers_6.8.9.9-5+deb8u11_all.deb
 d4a03d38e76c4cc53b53ed1fb7b7b34c464d0391091590cb65db18541798029f 170480 
libmagick++-6-headers_6.8.9.9-5+deb8u11_all.deb
 5b6491f56846b485643876a14c719f54cd6f131426b1a59edd7d4d485f779648 160064 
imagemagick_6.8.9.9-5+deb8u11_amd64.deb
 eecc21222fd5ac35187663f594215517a5ee6aca05a3bbac5c2165f108eb0e37 178684 
libimage-magick-perl_6.8.9.9-5+deb8u11_all.deb
 416b6edf1baddf04a51b85074297104cf80675ab7a7ac9d076de86e5b5d52a9d 133468 
libmagickcore-6-arch-config_6.8.9.9-5+deb8u11_amd64.deb
 a22805bc8900d8a0f4e269f8e3f91f07b7e0e0fca806854249ef1bc275e1197f 513024 
imagemagick-6.q16_6.8.9.9-5+deb8u11_amd64.deb
 7fbfb34a69c770b187a004d0629f29152ab3181a6074dfd2bec035ee9b6438af 1694962 
libmagickcore-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 9e6991127186e3857a490e9dd438d4f75a03df0792554382b24d991869750615 173934 
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u11_amd64.deb
 aea276d56a0ec6dadb2d0eff92fd953cf946ff101f4c3fa566c67f5e5f0ac74f 1031176 
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 a8c2cbeb63f4ba583110fb5f6a46a565975f60b59dd5042121bc861bd87af198 406902 
libmagickwand-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 4b31f077edbecc8e6eaab6f27cc9b418220438c5b5a58a84964dfceaf1e403dd 394242 
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 bd1641953b50041cfc8d68c9b03c3f58462df325e7698e91a88e8a9c15ec6cdc 257650 
libmagick++-6.q16-5_6.8.9.9-5+deb8u11_amd64.deb
 6152e15fb2e4ac78875dc45c9e44d449a053db4600ca39359c287c7208374269 225254 
libmagick++-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 7ba04acdb3c8475e55375a734a2625992dc37f39cf9998f53310bfbebee6eb1c 5011280 
imagemagick-dbg_6.8.9.9-5+deb8u11_amd64.deb
 bec4a9241aab8843bf42a202ab919065a4ae1e0d8e2f5db7362852ee634a9a76 224668 
libimage-magick-q16-perl_6.8.9.9-5+deb8u11_amd64.deb
 39de5099c58ba648508ee4027a25e0f48e1857b421112e38502b85c6fc1e47b2 125800 
perlmagick_6.8.9.9-5+deb8u11_all.deb
 24a22b51fb6b9c85e21b4d195c27a8444d22c277574b8467c4b4b7de2109b010 125768 
libmagickcore-dev_6.8.9.9-5+deb8u11_all.deb
 4f0bc709f8379d4b8219bf3c9046203de9de69492ca7512a006604a3479c7475 125762 
libmagickwand-dev_6.8.9.9-5+deb8u11_all.deb
 2ac444502c303e0e90a60fe0b39ef1e2d37a7d52e50c61178947aa1120f80976 125792 
libmagick++-dev_6.8.9.9-5+deb8u11_all.deb
Files:
 7e4e8c90a54efdaeaa055c882fbded8d 4228 graphics optional 
imagemagick_6.8.9.9-5+deb8u11.dsc
 c856080867381ff91eac9d8c197c3a73 293332 graphics optional 
imagemagick_6.8.9.9-5+deb8u11.debian.tar.xz
 e7d8d3bf3799a7a70d09505f82d6e095 153236 graphics optional 
imagemagick-common_6.8.9.9-5+deb8u11_all.deb
 abbfa08d85487fca5bafa753c6c5ce89 7656136 doc optional 
imagemagick-doc_6.8.9.9-5+deb8u11_all.deb
 5c5fa3d24a6f0d03a32bd1e220bbe745 171710 libdevel optional 
libmagickcore-6-headers_6.8.9.9-5+deb8u11_all.deb
 29eb8a8fe6951a2a7c2aefdfe0056f9b 134632 libdevel optional 
libmagickwand-6-headers_6.8.9.9-5+deb8u11_all.deb
 6fa8374fd0de8426423eb5598bc764e1 170480 libdevel optional 
libmagick++-6-headers_6.8.9.9-5+deb8u11_all.deb
 6ea3ac3ff3441c9494fe78e81d2ca8a1 160064 graphics optional 
imagemagick_6.8.9.9-5+deb8u11_amd64.deb
 10ff88cf0bd355fad87408b54fe4c217 178684 perl optional 
libimage-magick-perl_6.8.9.9-5+deb8u11_all.deb
 d70847dcf1c9c7498b1b9c587879e21a 133468 libdevel optional 
libmagickcore-6-arch-config_6.8.9.9-5+deb8u11_amd64.deb
 1b5249cdfbf8fb43908d81916f4b7130 513024 graphics optional 
imagemagick-6.q16_6.8.9.9-5+deb8u11_amd64.deb
 c6fe4c1ac42fa2ade3d3f0d2495caa76 1694962 libs optional 
libmagickcore-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 b5a5906af7d10cba35b21a6b2d1ae66f 173934 libs optional 
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u11_amd64.deb
 a141ed4a3cc39eeb445fdf62115f198e 1031176 libdevel optional 
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 f36721cf4ea695afc8ddc44959514ddc 406902 libs optional 
libmagickwand-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 02fa56f8110125654128024efb94f244 394242 libdevel optional 
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 4b08add720fe70c4d6876e5e5e4de51b 257650 libs optional 
libmagick++-6.q16-5_6.8.9.9-5+deb8u11_amd64.deb
 0629a4a5c817fca7f5a496b9ac2bc832 225254 libdevel optional 
libmagick++-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 1864b8f7fc1e19aa10cf680d20f9bfb6 5011280 debug extra 
imagemagick-dbg_6.8.9.9-5+deb8u11_amd64.deb
 34bdd6735cb8a39c19096a9ce8dc97d1 224668 perl optional 
libimage-magick-q16-perl_6.8.9.9-5+deb8u11_amd64.deb
 c10ae51274d8d54b7f9d186568d3b51e 125800 oldlibs extra 
perlmagick_6.8.9.9-5+deb8u11_all.deb
 5a4f8cd97d439743d5b5778b41984f5d 125768 oldlibs extra 
libmagickcore-dev_6.8.9.9-5+deb8u11_all.deb
 fdeee70b8072091ca09326098cdbd9aa 125762 oldlibs extra 
libmagickwand-dev_6.8.9.9-5+deb8u11_all.deb
 56134a840deda18a66cc96892ec63270 125792 oldlibs extra 
libmagick++-dev_6.8.9.9-5+deb8u11_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloOGKwACgkQEMKTtsN8
TjbgixAAuc8WHvLwJgQj/3YBuzYD5uzNHlAUdmUgbtQbYgkibMcYnfD2pQc6XHEH
ZyhGs2ZGSt1o5zF8i9Gu7hnCzuUUGatuKGiHuROo9vr1JVwlXs2u77/qhLDED9dC
bi/dX8lsbh1OJL3e8Td9udff7MHIi4mwVb6cTUYr8U1CQEgSML47mbXQEFln+UGS
FQqzB7mWbTWSjHWNWtO/Oxra/9MSYdFv4o3xY6N+yTwewmVld5m+H+ivTwf9tIsU
9eDzPoMhvybhDZrhbI7PGr1fWhI1lanWVwAJwPRUyMvdrhrPBmoMxWf4W5wt6R4o
wz9E4BopvElur0gSxg3+NI3j5QPrwMo+toACUl9D5IFPA0cgNlouxfLVxxVVxOiG
IDTxZPxusTYlyGjkkmddS8jp1Ou+rREFIG2rLeGS6Uw+qqhIR4PJgTw/JDA6aAjf
eRjZX3C0axor0OKDFqkCXAwde28hzf8mcuKtgApGIe3D26OrZuDu8AKrN6q0eziL
KoPC0JBau7z6OKR1nj0zKFUbwbQRSJBmuSlXv9VbLiKK8kEJ2JoxSMK8Lv3DRCze
Bt/NlUaOWciBLR9Ijya/DyfBoE0GfzHC/KzaSd14nbMp64tmlDIyxm4H3xnSTajU
ELCLngjTkFKMyUmGH9Ybj9F8Y7caryIYpmpIBBTFJg7UVvG0Bws=
=og5h
-----END PGP SIGNATURE-----

--- End Message ---