Your message dated Tue, 24 Oct 2006 11:17:30 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#383314: fixed in imagemagick 7:6.2.4.5.dfsg1-0.11
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libmagick9
Version: 6.2.4.5.dfsg1-0.9
Severity: grave
Tags: security patch
http://www.overflow.pl/adv/imsgiheap.txt reported a buffer overflow in
the SGI parser (demo exploit linked in the report).
This has been assigned CVE-2006-4144, please mention this number in
the changelog when you fix this.
Ubuntu patch:
http://people.ubuntu.com/patches/imagemagick.CVE-2006-4144.diff
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 7:6.2.4.5.dfsg1-0.11
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:
imagemagick_6.2.4.5.dfsg1-0.11.diff.gz
to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.11.diff.gz
imagemagick_6.2.4.5.dfsg1-0.11.dsc
to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.11.dsc
imagemagick_6.2.4.5.dfsg1-0.11_i386.deb
to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.11_i386.deb
libmagick++9-dev_6.2.4.5.dfsg1-0.11_i386.deb
to pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.11_i386.deb
libmagick++9c2a_6.2.4.5.dfsg1-0.11_i386.deb
to pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.11_i386.deb
libmagick9-dev_6.2.4.5.dfsg1-0.11_i386.deb
to pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.11_i386.deb
libmagick9_6.2.4.5.dfsg1-0.11_i386.deb
to pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.11_i386.deb
perlmagick_6.2.4.5.dfsg1-0.11_i386.deb
to pool/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.11_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kobras <[EMAIL PROTECTED]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Oct 2006 20:52:25 +0200
Source: imagemagick
Binary: perlmagick libmagick9 libmagick9-dev imagemagick libmagick++9-dev
libmagick++9c2a
Architecture: source i386
Version: 7:6.2.4.5.dfsg1-0.11
Distribution: unstable
Urgency: high
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Daniel Kobras <[EMAIL PROTECTED]>
Description:
imagemagick - Image manipulation programs
libmagick++9-dev - The object-oriented C++ API to the ImageMagick
library--developme
libmagick++9c2a - The object-oriented C++ API to the ImageMagick library
libmagick9 - Image manipulation library
libmagick9-dev - Image manipulation library -- development
perlmagick - A perl interface to the libMagick graphics routines
Closes: 317083 340401 358148 360400 383314 393025
Changes:
imagemagick (7:6.2.4.5.dfsg1-0.11) unstable; urgency=high
.
* Non-maintainer upload.
* coders/dcm.c, coders/palm.c: Fix buffer overflows in DCM and Palm coders.
Patches thanks to M Joonas Pihlaja. Closes: #393025
* coders/sgi.c: Put back missing initialisation of loop variable that
was erroneously removed in fix for CVE-2006-4144. Spotted by
Martin Pitt. Closes: #383314
* coders/sgi.c: Fix off-by-one error in boundary check causing slightly
garbled image output. Also introduced in fix for for CVE-2006-4144.
* coders/xpm.c: Do not gratuitously limit the allowed number of
bytes per pixel. Patch thanks to Jens Seidel. Closes: #358148
* magick/display.c: Fix NULL pointer dereference in display's
"Visual Directory". Patch thanks to Frédéric Bothamy. Closes: #360400
* utilities/ImageMagick.1.in: Replace UTF-8 encoded characters with
latin1 equivalents to placate lintian.
* debian/control: perlmagick provides libimage-magick-perl to comply
with Perl policy. Closes: #317083
* debian/control: Add gs-gpl build dependency, used in testsuite.
* debian/control: Tries hard to comply with version 3.7.2 of Debian
policy.
* debian/rules: Eliminate -l entries that slipped into --ldflags output.
They're already present in --libs anyway. Closes: #340401
* debian/rules: Run the testsuite, but don't treat failures as fatal
errors for now.
* debian/rules: At configure time, change X11 search paths to X11R7
locations.
* debian/rules: Remove duplicate of license file from imagemagick
package.
Files:
fa7a342dd7933605581497582746758f 940 graphics optional
imagemagick_6.2.4.5.dfsg1-0.11.dsc
0ec01dc713b9f55c6dcb4a0b69c81b54 87518 graphics optional
imagemagick_6.2.4.5.dfsg1-0.11.diff.gz
7f2cd1fd49109b2a8edb0c8d006abb80 738784 graphics optional
imagemagick_6.2.4.5.dfsg1-0.11_i386.deb
1c15a7e7156b55226309e345bf992087 1296034 libs optional
libmagick9_6.2.4.5.dfsg1-0.11_i386.deb
d8a9d0d8829bebc9f391b2016a0de0ef 1638156 libdevel optional
libmagick9-dev_6.2.4.5.dfsg1-0.11_i386.deb
589890ec32b4c75af734805f710d2c85 178500 libs optional
libmagick++9c2a_6.2.4.5.dfsg1-0.11_i386.deb
3a33e323b85c5e89fa7f8ced8c362f59 227830 libdevel optional
libmagick++9-dev_6.2.4.5.dfsg1-0.11_i386.deb
ce466baaf3f1b3d4f45a854679c7961d 169082 perl optional
perlmagick_6.2.4.5.dfsg1-0.11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFFPhR/pOKIA4m/fisRAs0+AKC2roHolvPxwM2QWqE0R72KKGXnGwCgqiPF
s14MlIyWNdIOMThj1/u5gOI=
=vYkE
-----END PGP SIGNATURE-----
--- End Message ---
