Your message dated Mon, 29 Oct 2018 16:50:36 +0000 with message-id <e1ghako-0006bn...@fasolo.debian.org> and subject line Bug#910887: fixed in imagemagick 8:6.9.10.14+dfsg-1 has caused the Debian Bug report #910887, regarding imagemagick: CVE-2018-16412 CVE-2018-16413 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 910887: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910887 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: grave Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/1250 Control: fixed -1 8:6.9.7.4+dfsg-11+deb9u6 [adding already the fixed version for strech-security as DSA pending] Hi, The following vulnerability was published for imagemagick. CVE-2018-16412[0]: | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the | coders/psd.c ParseImageResourceBlocks function. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16412 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16412 [1] https://github.com/ImageMagick/ImageMagick/issues/1250 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.10.14+dfsg-1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 910...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 Oct 2018 13:13:38 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickcore-6.q16-dev libmagickwand-6.q16-6 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-6 libmagickcore-6.q16hdri-6-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-6 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.10.14+dfsg-1 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-6 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-6-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-6 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-6-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-6 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-6 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 907776 910887 910888 910889 Changes: imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium . * New upstream version * Fix new privacy breach * Fix duplicate files in documentation * Fix security bugs: + CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of coders/msl.c + CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the coders/bmp.c file can cause a DOS via a crafted bmp file. + CVE-2018-18023: A heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. + CVE-2018-16645: Fix an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c, which allows remote attackers to cause a denial of service via a crafted image file. (Closes: #910889) + CVE-2018-16644: Fix a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c, which allows remote attackers to cause a denial of service via a crafted image. (Closes: #910888) + CVE-2018-16413: Fix a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. (Closes: #910887) + CVE-2018-16323: Fix an information disclosure vulnerability that existed in ImageMagick when processing XBM images. An attacker could use this to expose sensitive information. (Closes: #907776) + CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. + CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage in coders/sgi.c. + CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage in coders/pdb.c. + CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage in coders/bgr.c. + CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage in coders/pcx.c. Checksums-Sha1: 972ca44de25be18b0863a731412a8a1bb858138c 5088 imagemagick_6.9.10.14+dfsg-1.dsc b89e12b1bb347599a554a0d8956df155bc3e8424 9064460 imagemagick_6.9.10.14+dfsg.orig.tar.xz 00fd312cce21ed868240aaa98e38b04f3cd3ee2e 220640 imagemagick_6.9.10.14+dfsg-1.debian.tar.xz c2af8003036c39e6bcc287c31b5387ee55ab41c7 13028 imagemagick_6.9.10.14+dfsg-1_source.buildinfo Checksums-Sha256: 067d2fe88c0a45752ddd4c10abbf8cc378f290e1c72d53c8582896fd36f0f31c 5088 imagemagick_6.9.10.14+dfsg-1.dsc 20f48004c696eee645c5e468b1ff291ceed2759d9c0ed75eb9e616067cc096fd 9064460 imagemagick_6.9.10.14+dfsg.orig.tar.xz 9f529960fdca255aa70d120320a1d9db7688c5e3c658b193384b06c2265af97c 220640 imagemagick_6.9.10.14+dfsg-1.debian.tar.xz 93b5fe1a6162bce2f3a0e053c24126e678fbc160144f19a0aa488c4730f3a3cb 13028 imagemagick_6.9.10.14+dfsg-1_source.buildinfo Files: f465fd83511edb9d141e6ce8f2925e48 5088 graphics optional imagemagick_6.9.10.14+dfsg-1.dsc 0d020c6128ef3a8bbf4324eda0d550ad 9064460 graphics optional imagemagick_6.9.10.14+dfsg.orig.tar.xz 0334fca01ab4646eb030bc7c42c756cd 220640 graphics optional imagemagick_6.9.10.14+dfsg-1.debian.tar.xz 2baf1f1047178cc4688307309220df92 13028 graphics optional imagemagick_6.9.10.14+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlvXOLYACgkQADoaLapB CF/mag//XEHjTIr1u1zhst4RsdDpNCH5fYfO/NoKQjqzMGdVxF2shg3cIgR8k0cS 3tOI7fbybazecbbni4m2QR83dAO4h9FoeTWKiivlRK9uKggDNu6RnxBfK5Pk5WLz tUMMOEOxeDIri5IT+csC+bVo+kWH8+iH8oPMp98/QGFP0pysUUTtbmEBpnxyK+OA MtAWaVXXXcsBa0efjj28j8WSYiIXsYMbmiF1xnpWvZpRI0nntSbAa2IPviaHlwz7 OtfzYVmXz5Ho/9bomzdY7AlNEr4e2nMCIc7iK4lnyoeYwMgaqXfU8uwftMcDFOCg 2QRLIrRYNmVPE3Fr9NYA6BtzVampwUqB6E6PL+5zIN4w08f2YsQIaSstHJep5ofP MHY3U7RKB/mhsZ+7xVB+ubf0CKOQ55fw+YCorlgq5uT5O4poFpPGful9tM4IW3ot 7SsgPlE6hIyDkVRNejAG7YXaOS2As5xtH2/hVmu42yPjsGhAlgJ901W5QtAniTmV tra5s+HFGOzklkH50Ocfg2wxuRnWK50FmF2W3KGr1OXh1xU0Mz1Fg85NXan1WGkX yjBaCFW/q29Vijn2iNOEcSAYz7/mthYC5N40Zg1OJFw9re7dWIcDrwYqdbVC3LIk n/nbr+javZqJBt7CP+JdApi89Jiksbpzc6uYqczsX/+t8lxWmaI= =0pvk -----END PGP SIGNATURE-----
--- End Message ---
