Your message dated Tue, 20 Mar 2018 11:05:42 +0000 with message-id <e1eyf5k-0002qt...@fasolo.debian.org> and subject line Bug#890805: fixed in imagemagick 8:6.9.9.39+dfsg-1 has caused the Debian Bug report #890805, regarding imagemagick: Update for 6.9.9-35 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 890805: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890805 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: imagemagick Severity: security This release fixes many many security issues. They have not been issued CVEs as far as I know. You can get a sense of them by reviewing the commit history: https://github.com/ImageMagick/ImageMagick/commits/ImageMagick-6 Commits which are links to the OSS-Fuzz issue tracker are often security vulnerability fixes. Cheers! -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.9.39+dfsg-1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 890...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 19 Mar 2018 17:03:39 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-5 libmagickcore-6.q16-5-extra libmagickcore-6.q16-dev libmagickwand-6.q16-5 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-5 libmagickcore-6.q16hdri-5-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-5 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.9.39+dfsg-1 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-5 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-5-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-5 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-5-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-5 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-5 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 890805 891291 891420 893030 Changes: imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium . * Fix security bugs (Closes: #890805): + Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). (Closes: #891291) + Fix CVE-2018-7470: The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.(Closes: #891420) + Fix CVE-2017-17880: there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. * Provide transitional packages from arch:any packages. (Closes: #893030) Checksums-Sha1: 68583368be415929d51d95e1fe948e2d2d1aa806 5122 imagemagick_6.9.9.39+dfsg-1.dsc 39ea5b36128c4cc0cdb6d6fe8db5eaf972893f4e 9058524 imagemagick_6.9.9.39+dfsg.orig.tar.xz 196f488ec4e3fc833228e5dd750cde7757a052b8 218996 imagemagick_6.9.9.39+dfsg-1.debian.tar.xz 42b622fcf7ab2fd0836c51822d64286f97381fcc 13907 imagemagick_6.9.9.39+dfsg-1_source.buildinfo Checksums-Sha256: a7f4fc23a31b7b83b0221d0a3bfae7089c4d36efd05d68d68d1cf6d3e4c7615f 5122 imagemagick_6.9.9.39+dfsg-1.dsc a8c2d67939938b7a45892090e154c84ef06e03f722ee9012f82f8b61c6454100 9058524 imagemagick_6.9.9.39+dfsg.orig.tar.xz c9a31d2d567cbe93d4daf68d3f6bbe81116432602a18bc4ddb3a13a0d466c61b 218996 imagemagick_6.9.9.39+dfsg-1.debian.tar.xz 273d54cb9b3de62b892b493ff96a5b7f77b86446193fe52a87756475094d461f 13907 imagemagick_6.9.9.39+dfsg-1_source.buildinfo Files: e0fa727e15ad1405d60a8fd279611f8e 5122 graphics optional imagemagick_6.9.9.39+dfsg-1.dsc 14e02933ec960a2152be1aa1bb7f593b 9058524 graphics optional imagemagick_6.9.9.39+dfsg.orig.tar.xz 88de16ba9ba01c723976ba0d5f913de3 218996 graphics optional imagemagick_6.9.9.39+dfsg-1.debian.tar.xz ef04b44105af8fb360546de531484b54 13907 graphics optional imagemagick_6.9.9.39+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlqw6YsACgkQADoaLapB CF8hxQ/+PJpC0e9EALtyrmJmNzyQl4y+S+2TnbZcEzniZ+YiEAPuln+212DCTAda o2KrUPM4jw2YZHaNcWeuaUYkvlcySWOoMkZTsNpXlmx3AgvUEiujNOzqXDkVKL6l ayRI0Ax0nKHGnPGnrF3OFgdVJz8+XyneVwjQOGA/Wg4p8l+FSRslJgboRJQx8jFl +IpLS0t/Oj6k9gw+n3WPzegcqHVrISzICE/13Hmo/NBiyQYC5/4QzGTDPZmPx732 Ni9LxCf3T8AEUkwu/IAXvyCWExEKernzeLV9VlIx9+hfq+T9XSpIILjiSsyt4Rp4 cynved8UIS/N9wONTilr40BeHk0Sz8N+GboK0GVLRhTVYbuk8nBW6/xiDMrJ87bu xOxR+ZPbAdQLVRVO+x2DKEYgG6vSSS6oHr1NJL30rT9h6op4FLVlm7OHYWxBk38t GYFH13OsdWDGfdFaOl4acvVQ4MGDncYKlh7snf7YNNa7vEB3WGxkV4eLJpt4NCHR DTfG6YBU5fD6aqT5dyVSMuJHHHjgjjWIZHR6G/3mz8nefOlOhVCKg9oebazQEX0I oVEcPqqiVBvFnqRp5EkNFk+pvolkIQypMZm+Myh2ZqpASPG+Z4OfDTh0DBkkjuxs j28JwGDATQK/3wnYAqFydi9+IgpoZ0SDlQ9/moPBPyrbl+kY80E= =VaKi -----END PGP SIGNATURE-----
--- End Message ---
