Your message dated Tue, 03 Dec 2019 21:47:59 +0000 with message-id <e1icg1x-000ebe...@fasolo.debian.org> and subject line Bug#928420: fixed in php-imagick 3.4.3~rc2-2+deb9u1 has caused the Debian Bug report #928420, regarding php-imagick: CVE-2019-11037 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928420: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928420 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: php-imagick Version: 3.4.3~rc2-2 Severity: grave Tags: security upstream Forwarded: https://bugs.php.net/bug.php?id=77791 Hi, The following vulnerability was published for php-imagick. CVE-2019-11037[0]: | In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing | to an array of values in ImagickKernel::fromMatrix() function did not | check that the address will be within the allocated array. This could | lead to out of bounds write to memory if the function is called with | the data controlled by untrusted party. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11037 [1] https://bugs.php.net/bug.php?id=77791 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: php-imagick Source-Version: 3.4.3~rc2-2+deb9u1 We believe that the bug you reported is fixed in the latest version of php-imagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated php-imagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 24 Nov 2019 14:34:13 +0100 Source: php-imagick Architecture: source Version: 3.4.3~rc2-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian PHP PECL Maintainers <pkg-php-p...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 928420 Changes: php-imagick (3.4.3~rc2-2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Out-of-bounds write to memory in ImagickKernel::fromMatrix() (CVE-2019-11037) (Closes: #928420) Checksums-Sha1: a1cc87f89ec3aabbb714f430b34d4e446c53be9a 2411 php-imagick_3.4.3~rc2-2+deb9u1.dsc b79998d5d5a5e8c46ce9d3669c18e3b4c2d32f87 245396 php-imagick_3.4.3~rc2.orig.tar.gz 9a69fd95f519d1672daefec224d8e3749d1c09e7 13912 php-imagick_3.4.3~rc2-2+deb9u1.debian.tar.xz 690c653246b6829a2a443cb37b376cc917b42fc1 6361 php-imagick_3.4.3~rc2-2+deb9u1_source.buildinfo Checksums-Sha256: bbc9fa1a424ebfbe9fde21b336f2ff8dcdcc9b1be3e26c991cc12a23caac3316 2411 php-imagick_3.4.3~rc2-2+deb9u1.dsc beb00413702d479536a032be34294b6006fe0d8feab5c7d8af3dfa4fc6c370ab 245396 php-imagick_3.4.3~rc2.orig.tar.gz b1ce2952d41a8c91431b3bb9a32644fabb33327a39abefa630017cb4b2feab69 13912 php-imagick_3.4.3~rc2-2+deb9u1.debian.tar.xz 2a1f717c9fcf120851f99c365d8056fbaf52353d74fc1bdbeef21325e9084c1c 6361 php-imagick_3.4.3~rc2-2+deb9u1_source.buildinfo Files: 2caace637f4b897ab4ef13cca260ef9c 2411 php optional php-imagick_3.4.3~rc2-2+deb9u1.dsc d488ccdedbf8077e690548dd27acf820 245396 php optional php-imagick_3.4.3~rc2.orig.tar.gz 488e1324267a485430c5efcc063516be 13912 php optional php-imagick_3.4.3~rc2-2+deb9u1.debian.tar.xz 42338e78e867e66c3403774cfd1de86a 6361 php optional php-imagick_3.4.3~rc2-2+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl3arEZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E9JIP/2tkj8Dl2ly1IYsEYVFbMCzdK4aS4IEO ybRciEpHNwMeldVcJ0bqPCfUjoefp8FSEecVrKZksmipODy3U0WD8tluX72wZD3y Y0hbaUbzfdKLXSm8y8mldAnNQ5z85jT/Xu71yMWS72JD5cVHBuOYOPtI+VwfShDd fUZi/Zcs4QLOcbCTkXubz7q38jk3EKgz/F8us1bEInkyMeOtJ7oaGqMCpe1gLmdH grrF2FUjWbOH32hRiPxFGVE6Hv34DoFwUvZEW8uLz58LtGIHi3SHm1TAmefxJeJc pGHkcK7Sg+B29/mPtiYU6f7YwvZrDacHe+hYJlRZ+f474L7CG6hYqTNUNahjmKEO PEg46xNutVK4a3Zmx7bLGArilk+BCzDVuP5WowfkrWLrUsR/X7MQgKBUNMCoBj82 7sV+MPmc6sMkHd+0kqgWnbTHkkp554Kb7C+mLBq2gbyPbWlZUofjOZ34ovx0Ilas ueNsfTS+0n2Oo2KKQHXLRHVQKfY7qJ4PVb6lfznvKJP6r6bRe275/7Ov3YcN+Bc1 CUhNiN1VaAwo0lryXe+ClEMr0M70kbXfsE4ANm1K5bhyM1jYGjkkDDhwhMpOtdwM 43EK3XJFLzZvEa7tkI7PTrJBA7sKCyj9ycmdjpfRZEsUDkXYb2ZpA+3nKoypsUcO vaTlGFf8GUiY =iqDZ -----END PGP SIGNATURE-----
--- End Message ---
