Launchpad has imported 35 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=186030.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2007-07-20T21:26:44+00:00 graaff wrote: imagemagick 6.3.5 has been released on July 5th, with a -2 patch version on the 17th. The reason I am mentioning it is that I got a huge memory leak when using imagemagick 6.3.4 through rmagick 1.15.7-r1. Both imagemagick 6.3.3 and 6.3.5 don't have this problem. Since things work again with imagemagick 6.3.5 I'm not going to hunt for the actual cause, but let me know if you need more information. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/0 ------------------------------------------------------------------------ On 2007-09-04T19:44:12+00:00 pacho wrote: Also, seems that this bump could fix: http://bugs.gentoo.org/show_bug.cgi?id=191001 As said in: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=9602&p=0&e=0&sid=179acdbb16feb516eedb6f0477471371 Thanks a lot Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/1 ------------------------------------------------------------------------ On 2007-09-16T08:03:32+00:00 graaff wrote: Created attachment 131031 Ebuild for imagemagick 6.3.5-9 An updated ebuild for imagemagick-6.3.5-9. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/2 ------------------------------------------------------------------------ On 2007-09-20T22:32:42+00:00 betelgeuse wrote: (In reply to comment #2) > Created an attachment (id=131031) [edit] > Ebuild for imagemagick 6.3.5-9 > > An updated ebuild for imagemagick-6.3.5-9. > Couple months gone by since the original report so you could as well go ahead and do the bump yourself. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/3 ------------------------------------------------------------------------ On 2007-09-21T19:55:55+00:00 hoffie wrote: Just saw the advisories about CVE-2007-4985 [1], CVE-2007-4986 [2], CVE-2007-4987 [3] and CVE-2007-4988 [4] from iDefense, so transforming this one to a security bug. [1] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596 [2] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594 [3] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595 [4] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597 Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/4 ------------------------------------------------------------------------ On 2007-09-21T20:06:12+00:00 rbu wrote: Setting whiteboard to A2 because the application itself is not actively remotely exploitable. A combination with networked applications makes this bug more serious though. graphics, please provide an updated ebuild. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/5 ------------------------------------------------------------------------ On 2007-09-21T20:22:26+00:00 graaff wrote: I've added the ebuild for imagemagick 6.3.5-9 to CVS just now, as discussed on IRC with the graphics herd. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/6 ------------------------------------------------------------------------ On 2007-09-21T20:40:50+00:00 keytoaster wrote: Thanks. Arches, please stabilize media-gfx/imagemagick-6.3.5.9, target keywords are: "alpha amd64 hppa ia64 mips ppc ppc64 sparc x86 ~x86-fbsd". Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/7 ------------------------------------------------------------------------ On 2007-09-21T23:22:55+00:00 fauli wrote: x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/8 ------------------------------------------------------------------------ On 2007-09-21T23:39:31+00:00 fmccor wrote: Sparc stable. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/9 ------------------------------------------------------------------------ On 2007-09-22T05:44:15+00:00 jer wrote: Stable for HPPA. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/10 ------------------------------------------------------------------------ On 2007-09-22T09:55:03+00:00 jonas wrote: media-gfx/imagemagick-6.3.5.9 USE="X jpeg mpeg perl png tiff truetype xml zlib -bzip2 -doc -fpx -graphviz -gs -hdri -jbig -jpeg2k -lcms -nocxx -openexr -q32 -q8 -wmf" 1. Emerges on AMD64. 2. No collisions etc. 3. Works - have tried to convert images with convert tool. Portage 2.1.2.12 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r2 x86_64) ================================================================= System uname: 2.6.22-gentoo-r2 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Gentoo Base System release 1.12.9 Timestamp of tree: Wed, 19 Sep 2007 21:50:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://ds.thn.htu.se/linux/gentoo"; LC_ALL="en_DK.utf8" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/php-testing /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi aiglx alsa amd64 apache2 arts atk berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dga directfb dri dts dvd dvdr dvdread eds emboss encode evo fam fbcn ffmpeg firefox fortran ftp gd gdbm gif gphoto2 gpm gstreamer gtk hal iconv icq ieee1394 ipv6 isdnlog java jpeg kde kerberos lm_sensors mad midi mikmod mjpeg mmx mozilla mp2 mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly ogg oggvorbis opengl openmp pam pcre pda pdf perl png ppds pppd python qt qt3 qt3support qt4 quicktime readline reflection samba sdl session spell spl sse sse2 sse3 ssl svg tcpd test threads tiff truetype truetype-fonts type1-fonts unicode vorbis x264 xcomposite xml xorg xscreensaver xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="radeon" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/11 ------------------------------------------------------------------------ On 2007-09-22T14:10:35+00:00 ranger wrote: ppc64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/12 ------------------------------------------------------------------------ On 2007-09-22T14:40:34+00:00 dertobi123 wrote: 22 Sep 2007; Luca Barbato <[email protected]> imagemagick-6.3.5.9.ebuild: Marked ppc Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/13 ------------------------------------------------------------------------ On 2007-09-22T15:06:39+00:00 armin76 wrote: alpha/ia64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/14 ------------------------------------------------------------------------ On 2007-09-22T15:22:44+00:00 corsair wrote: removing ppc64 as ranger marked stable (comment #12) Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/15 ------------------------------------------------------------------------ On 2007-09-22T16:45:04+00:00 wolf31o2 wrote: amd64 done Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/16 ------------------------------------------------------------------------ On 2007-09-22T19:54:40+00:00 keytoaster wrote: Last supported arch, ready for GLSA. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/17 ------------------------------------------------------------------------ On 2007-09-24T08:50:30+00:00 py wrote: glsa request filed. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/18 ------------------------------------------------------------------------ On 2007-09-26T14:17:17+00:00 jakub wrote: The thing is broken, see Bug 193737. We need this bumped to 6.3.5.10 Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/20 ------------------------------------------------------------------------ On 2007-09-26T15:59:44+00:00 jaervosz wrote: Seems like a regression so yes we need fixed ebuild. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/21 ------------------------------------------------------------------------ On 2007-09-27T16:52:40+00:00 graaff wrote: imagemagick 6.3.5.10 is now in CVS and I got confirmation that it fixes the issues in bug 193737 Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/22 ------------------------------------------------------------------------ On 2007-09-27T18:24:50+00:00 rbu wrote: Re-cc'ing arches. There was a regression in media- gfx/imagemagick-6.3.5.9, please stabilize 6.3.5.10. See comments 19 to 21 for details. Targets are still: "alpha amd64 hppa ia64 mips ppc ppc64 sparc x86" Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/23 ------------------------------------------------------------------------ On 2007-09-27T23:50:31+00:00 ranger wrote: ppc64 stable thanks Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/24 ------------------------------------------------------------------------ On 2007-09-28T00:18:44+00:00 kumba wrote: mips stable. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/25 ------------------------------------------------------------------------ On 2007-09-28T12:06:41+00:00 fmccor wrote: Sparc stable for 6.3.5.10 Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/26 ------------------------------------------------------------------------ On 2007-09-28T17:56:07+00:00 armin76 wrote: alpha/ia64/x86 stable, removing bsd since they have nothing to do Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/27 ------------------------------------------------------------------------ On 2007-09-28T19:12:32+00:00 dertobi123 wrote: ppc stable Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/28 ------------------------------------------------------------------------ On 2007-09-28T20:42:27+00:00 philantrop wrote: Marked stable on amd64. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/29 ------------------------------------------------------------------------ On 2007-09-29T15:58:56+00:00 jer wrote: Stable for HPPA. Oh, by the way: # ChangeLog for dev-ruby/rmagick ... *rmagick-1.15.10 (17 Sep 2007) 17 Sep 2007; Hans de Graaff <[email protected]> +rmagick-1.15.10.ebuild: Version bump, fixes compatibility issue with ImageMagick-6.3.5-9 I will consider stabilising rmagick for hppa before it's due. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/30 ------------------------------------------------------------------------ On 2007-09-30T07:12:47+00:00 graaff wrote: Thanks Jeroen. I've now filed a stablization request as bug 194246. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/31 ------------------------------------------------------------------------ On 2007-09-30T09:57:14+00:00 rbu wrote: A2 -> GLSA request filed. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/32 ------------------------------------------------------------------------ On 2007-10-25T07:11:32+00:00 falco wrote: GLSA 200710-27, sorry for the delay Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/37 ------------------------------------------------------------------------ On 2007-10-25T07:15:35+00:00 fauli wrote: I assume it should be closed Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/38 ------------------------------------------------------------------------ On 2007-11-18T11:11:46+00:00 hoffie wrote: mips, you've stabled the wrong version (6.3.5.9), I guess you want 6.3.5.10 stable to not cause any breakage (see comment #22). Thanks to chithead who noticed that on #gentoo-security. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/39 ** Bug watch added: Gentoo Bugzilla #191001 https://bugs.gentoo.org/show_bug.cgi?id=191001 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/144425 Title: [ImageMagick] security issues with releases prior to 6.3.5-9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/graphicsmagick/+bug/144425/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
