subject:"Bug#836776\: marked as done \(SGI security bug\)"

Bug#836776: marked as done (SGI security bug)

2016-09-24 Thread Debian Bug Tracking System

Your message dated Sat, 24 Sep 2016 20:51:14 +
with message-id 
and subject line Bug#836776: fixed in imagemagick 8:6.8.9.9-5+deb8u5
has caused the Debian Bug report #836776,
regarding SGI security bug
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
836776: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:imagemagick
version: 8:6.7.7.10-4
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org


According to upstream changelog a new bug
buffer overflow in SGI coders (bug report from
  pwchen of tencent


Author: Cristy 
Date:   Thu Aug 18 18:24:24 2016 -0400

Prevent buffer overflow in BMP & SGI coders (bug report from
pwchen of tencent)

diff --git a/ChangeLog b/ChangeLog
index 89ea234..b5b3f1e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
 2016-08-15  6.9.5-8 Cristy  
-  * Prevent buffer overflow in BMP coder (bug report from
+  * Prevent buffer overflow in BMP & SGI coders (bug report from
  pwchen of tencent).

 2016-08-14  6.9.5-7 Cristy  
diff --git a/coders/sgi.c b/coders/sgi.c
index 756f7e6..96f18a0 100644
--- a/coders/sgi.c
+++ b/coders/sgi.c
@@ -355,13 +355,15 @@ static Image *ReadSGIImage(const ImageInfo
*image_info,ExceptionInfo *exception)
 image->rows=iris_info.rows;
 image->depth=(size_t) MagickMin(iris_info.depth,MAGICKCORE_QUANTUM_DEPTH);
 if (iris_info.pixel_format == 0)
-  image->depth=(size_t) MagickMin((size_t) 8*
-iris_info.bytes_per_pixel,MAGICKCORE_QUANTUM_DEPTH);
+  image->depth=(size_t) MagickMin((size_t) 8*iris_info.bytes_per_pixel,
+MAGICKCORE_QUANTUM_DEPTH);
 if (iris_info.depth < 3)
   {
 image->storage_class=PseudoClass;
 image->colors=iris_info.bytes_per_pixel > 1 ? 65535 : 256;
   }
+if (EOFBlob(image) != MagickFalse)
+  ThrowReaderException(CorruptImageError,"ImproperImageHeader");
 if ((image_info->ping != MagickFalse)  && (image_info->number_scenes != 0))
   if (image->scene >= (image_info->scene+image_info->number_scenes-1))
 break;
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u5

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 836...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès  (supplier of updated 
imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 21 Sep 2016 22:24:16 +0200
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u5
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Bastien Roucariès 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++

Bug#836776: marked as done (SGI security bug)

2016-09-19 Thread Debian Bug Tracking System

Your message dated Mon, 19 Sep 2016 07:00:16 +
with message-id 
and subject line Bug#836776: fixed in imagemagick 8:6.9.5.9+dfsg-1
has caused the Debian Bug report #836776,
regarding SGI security bug
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
836776: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:imagemagick
version: 8:6.7.7.10-4
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org


According to upstream changelog a new bug
buffer overflow in SGI coders (bug report from
  pwchen of tencent


Author: Cristy 
Date:   Thu Aug 18 18:24:24 2016 -0400

Prevent buffer overflow in BMP & SGI coders (bug report from
pwchen of tencent)

diff --git a/ChangeLog b/ChangeLog
index 89ea234..b5b3f1e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
 2016-08-15  6.9.5-8 Cristy  
-  * Prevent buffer overflow in BMP coder (bug report from
+  * Prevent buffer overflow in BMP & SGI coders (bug report from
  pwchen of tencent).

 2016-08-14  6.9.5-7 Cristy  
diff --git a/coders/sgi.c b/coders/sgi.c
index 756f7e6..96f18a0 100644
--- a/coders/sgi.c
+++ b/coders/sgi.c
@@ -355,13 +355,15 @@ static Image *ReadSGIImage(const ImageInfo
*image_info,ExceptionInfo *exception)
 image->rows=iris_info.rows;
 image->depth=(size_t) MagickMin(iris_info.depth,MAGICKCORE_QUANTUM_DEPTH);
 if (iris_info.pixel_format == 0)
-  image->depth=(size_t) MagickMin((size_t) 8*
-iris_info.bytes_per_pixel,MAGICKCORE_QUANTUM_DEPTH);
+  image->depth=(size_t) MagickMin((size_t) 8*iris_info.bytes_per_pixel,
+MAGICKCORE_QUANTUM_DEPTH);
 if (iris_info.depth < 3)
   {
 image->storage_class=PseudoClass;
 image->colors=iris_info.bytes_per_pixel > 1 ? 65535 : 256;
   }
+if (EOFBlob(image) != MagickFalse)
+  ThrowReaderException(CorruptImageError,"ImproperImageHeader");
 if ((image_info->ping != MagickFalse)  && (image_info->number_scenes != 0))
   if (image->scene >= (image_info->scene+image_info->number_scenes-1))
 break;
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.5.9+dfsg-1

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 836...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès  (supplier of updated 
imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 17 Sep 2016 21:26:12 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-6v6 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-common imagemagick-doc perlmagick 
libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source all amd64
Version: 8:6.9.5.9+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Bastien Roucariès 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio

Bug#836776: marked as done (SGI security bug)

Bug#836776: marked as done (SGI security bug)

2 matches

Site Navigation

Mail list logo

Footer information