Thanks, i could not take care of it before at least middle of next week.
You could do a nmu if needed, particularly for stable and testing
Thanks
Bastien
Le 10 févr. 2012 12:30, Henri Salo he...@nerv.fi a écrit :
Package: imagemagick
Version: 8:6.6.0.4-3
Severity: important
Tags: security
Concerning ImageMagick 6.7.5-0 and earlier:
CVE-2012-0247: When parsing a maliciously crafted image with incorrect
offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies
two bytes into an invalid address.
CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose
all IOP tags' value offsets point to the beginning of the IFD itself. As a
result, ImageMagick parses the IFD structure indefinitely, causing a denial
of service.
For more details please read:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4t=20286
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages imagemagick depends on:
ii libbz2-1.01.0.5-6+squeeze1 high-quality block-sorting
file co
ii libc6 2.11.3-2 Embedded GNU C Library: Shared
lib
ii libfontconfig12.8.0-2.1 generic font configuration
library
ii libfreetype6 2.4.2-2.1+squeeze3 FreeType 2 font engine, shared
lib
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgomp1 4.4.5-8GCC OpenMP (GOMP) support
library
ii libice6 2:1.0.6-2 X11 Inter-Client Exchange
library
ii libjpeg62 6b1-1 The Independent JPEG Group's
JPEG
ii liblcms1 1.18.dfsg-1.2+b3 Color management library
ii liblqr-1-00.4.1-1converts plain array images
into m
ii libltdl7 2.2.6b-2 A system independent dlopen
wrappe
ii libmagickcore38:6.6.0.4-3low-level image manipulation
libra
ii libmagickwand38:6.6.0.4-3image manipulation library
ii libsm62:1.1.1-1 X11 Session Management library
ii libtiff4 3.9.4-5+squeeze3 Tag Image File Format (TIFF)
libra
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension
librar
ii libxt61:1.0.7-1 X11 toolkit intrinsics library
ii zlib1g1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages imagemagick recommends:
ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript
PostScript/PDF
ii libmagickcore3-extra 8:6.6.0.4-3low-level image manipulation
libra
ii netpbm2:10.0-12.2+b1 Graphics conversion tools
between
ii ufraw-batch 0.16-3+b1 batch importer for raw camera
imag
Versions of packages imagemagick suggests:
pn autotrace none (no description available)
pn cups-bsd | lpr none (no description available)
ii curl7.21.0-2.1+squeeze1 Get a file from an HTTP, HTTPS
or
pn enscriptnone (no description available)
pn ffmpeg none (no description available)
ii gimp2.6.10-1+squeeze1The GNU Image Manipulation
Program
ii gnuplot 4.4.0-1.1A command-line driven
interactive
pn grads none (no description available)
ii groff-base 1.20.1-10GNU troff text-formatting
system (
pn hp2xx none (no description available)
pn html2ps none (no description available)
pn imagemagick-doc none (no description available)
pn libwmf-bin none (no description available)
ii mplayer 2:1.0~rc3++final.dfsg1-1 movie player for Unix-like
systems
pn povray none (no description available)
pn radiancenone (no description available)
ii sane-utils 1.0.21-9 API library for scanners --
utilit
ii texlive-binarie 2009-8 Binaries for TeX Live
ii transfig1:3.2.5.c-1 Utilities for converting XFig
figu
ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities
from
-- no debconf information
___
Pkg-gmagick-im-team mailing list
pkg-gmagick-im-t...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gmagick-im-team
