Debian Bug report logs - #383314
libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]

version graph

Package: libmagick9; Maintainer for libmagick9 is (unknown);

Reported by: Martin Pitt <martin.pitt@ubuntu.com>

Date: Wed, 16 Aug 2006 14:48:06 UTC

Severity: grave

Tags: fixed, patch, security

Found in versions 6.2.4.5.dfsg1-0.9, 6:6.0.6.2-2.6

Fixed in versions 7:6.2.4.5.dfsg1-0.10, imagemagick/7:6.2.4.5.dfsg1-0.11, imagemagick/7:6.2.4.5.dfsg1-1

Done: Daniel Kobras <kobras@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Ryuichi Arafune <arafune@debian.org>:
Bug#383314; Package libmagick9. Full text and rfc822 format available.

Acknowledgement sent to Martin Pitt <martin.pitt@ubuntu.com>:
New Bug report received and forwarded. Copy sent to Ryuichi Arafune <arafune@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Martin Pitt <martin.pitt@ubuntu.com>
To: Debian BTS Submit <submit@bugs.debian.org>
Subject: libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]
Date: Wed, 16 Aug 2006 15:51:15 +0200
[Message part 1 (text/plain, inline)]
Package: libmagick9
Version: 6.2.4.5.dfsg1-0.9
Severity: grave
Tags: security patch


http://www.overflow.pl/adv/imsgiheap.txt reported a buffer overflow in
the SGI parser (demo exploit linked in the report).

This has been assigned CVE-2006-4144, please mention this number in
the changelog when you fix this.

Ubuntu patch:

  http://people.ubuntu.com/patches/imagemagick.CVE-2006-4144.diff
 
Thanks,

Martin
-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Ryuichi Arafune <arafune@debian.org>:
Bug#383314; Package libmagick9. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Copy sent to Ryuichi Arafune <arafune@debian.org>. Full text and rfc822 format available.

Message #10 received at 383314@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Martin Pitt <martin.pitt@ubuntu.com>, 383314@bugs.debian.org
Subject: Re: Bug#383314: libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]
Date: Wed, 16 Aug 2006 17:20:01 +0200
tags 383314 - patch
clone 383314 -1
reassign -1 graphicsmagick
retitle -1 libgraphicsmagick1: Buffer overflow in SGI parser [CVE-2006-4144]
thanks

On Wed, Aug 16, 2006 at 03:51:15PM +0200, Martin Pitt wrote:
> http://www.overflow.pl/adv/imsgiheap.txt reported a buffer overflow in
> the SGI parser (demo exploit linked in the report).
> 
> This has been assigned CVE-2006-4144, please mention this number in
> the changelog when you fix this.
> 
> Ubuntu patch:
> 
>   http://people.ubuntu.com/patches/imagemagick.CVE-2006-4144.diff

This patch looks insufficient. In only deals sanitises user input for
the run-length encoded format, but the overflow as described on the page
linked above is present in the non-RLE case as well.

Regards,

Daniel.




Tags removed: patch Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug 383314 cloned as bug 383333. Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ryuichi Arafune <arafune@debian.org>:
Bug#383314; Package libmagick9. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Copy sent to Ryuichi Arafune <arafune@debian.org>. Full text and rfc822 format available.

Message #19 received at 383314@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: 383314@bugs.debian.org
Cc: Martin Pitt <martin.pitt@ubuntu.com>
Subject: Re: Bug#383314: libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]
Date: Fri, 18 Aug 2006 19:02:01 +0200
[Message part 1 (text/plain, inline)]
tag 383314 + patch
thanks

On Wed, Aug 16, 2006 at 05:20:01PM +0200, Daniel Kobras wrote:
> On Wed, Aug 16, 2006 at 03:51:15PM +0200, Martin Pitt wrote:
> > http://www.overflow.pl/adv/imsgiheap.txt reported a buffer overflow in
> > the SGI parser (demo exploit linked in the report).
> > 
> > This has been assigned CVE-2006-4144, please mention this number in
> > the changelog when you fix this.
> > 
> > Ubuntu patch:
> > 
> >   http://people.ubuntu.com/patches/imagemagick.CVE-2006-4144.diff
> 
> This patch looks insufficient. In only deals sanitises user input for
> the run-length encoded format, but the overflow as described on the page
> linked above is present in the non-RLE case as well.

I've now had the time to look at it in detail:

- The heap overflow described in CVE-2006-4144 has been fixed for ages.
  It is present in graphicsmagick (forked from imagemagick 5), but not
  in any imagemagick 6.x version we ship.
- The heap overflow triggered by the demo exploit to CVE-2006-4144
  triggers a different vulnerability that was fixed upstream in 6.2.9.
  This is the patch you extracted.
- I've discovered two more heap overflows in sgi.c that apparently have
  gone unnoticed so far: ReadSGIImage() implicitly assumes iris_info.depth
  to be no greater than four. Anything else will trivially overflow the
  irix_pixels array. Also the checks in SGIDecode() for an overflow
  condition come too late, and an overflow up to 126 bytes might already
  have happened.

Hope this clears up the confusion. Here's a proposed fix for the current
version in unstable and testing. I haven't checked yet, but it's
probably applicable to stable as well. The first three hunks are not yet
contained in Ubuntu's security update, either.

Regards,

Daniel.

[diff (text/plain, inline)]
--- imagemagick-6.2.4.5.dfsg1.orig/coders/sgi.c
+++ imagemagick-6.2.4.5.dfsg1/coders/sgi.c
@@ -171,13 +171,13 @@
   q=pixels;
   if (bytes_per_pixel == 2)
     {
-      for (i=0; i < (long) width; )
+      for ( ; ; )
       {
         pixel=(unsigned long) (*p++) << 8;
         pixel|=(*p++);
         count=(ssize_t) (pixel & 0x7f);
         i+=count;
-        if (count == 0)
+	if (count == 0 || i >= (long) width)
           break;
         if ((pixel & 0x80) != 0)
           for ( ; count != 0; count--)
@@ -200,13 +200,13 @@
       }
       return;
     }
-  for (i=0; i < (long) width; )
+  for ( ; ; )
   {
     pixel=(unsigned long) (*p++);
     count=(ssize_t) (pixel & 0x7f);
-    if (count == 0)
-      break;
     i+=count;
+    if (count == 0 || i >= (long) width)
+      break;
     if ((pixel & 0x80) != 0)
       for ( ; count != 0; count--)
       {
@@ -304,6 +304,8 @@
     image->columns=iris_info.columns;
     image->rows=iris_info.rows;
     image->depth=(unsigned long) (iris_info.depth <= 8 ? 8 : QuantumDepth);
+    if (iris_info.depth > 4 || iris_info.depth == 0)
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
     if (iris_info.depth < 3)
       {
         image->storage_class=PseudoClass;
@@ -396,7 +398,11 @@
         for (i=0; i < (int) (iris_info.rows*iris_info.depth); i++)
           offsets[i]=(ssize_t) ReadBlobMSBLong(image);
         for (i=0; i < (int) (iris_info.rows*iris_info.depth); i++)
-          runlength[i]=ReadBlobMSBLong(image);
+	  {
+            runlength[i]=ReadBlobMSBLong(image);
+            if (runlength[i] > 4*iris_info.columns+10)
+              ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+          }
         /*
           Check data order.
         */

Tags added: patch Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ryuichi Arafune <arafune@debian.org>:
Bug#383314; Package libmagick9. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Copy sent to Ryuichi Arafune <arafune@debian.org>. Full text and rfc822 format available.

Message #26 received at 383314@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: 383314@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#383314: libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]
Date: Sat, 19 Aug 2006 02:16:22 +0200
[Message part 1 (text/plain, inline)]
found 383314 6:6.0.6.2-2.6
thanks

On Fri, Aug 18, 2006 at 07:02:01PM +0200, Daniel Kobras wrote:
> On Wed, Aug 16, 2006 at 05:20:01PM +0200, Daniel Kobras wrote:
> > On Wed, Aug 16, 2006 at 03:51:15PM +0200, Martin Pitt wrote:
> > > http://www.overflow.pl/adv/imsgiheap.txt reported a buffer overflow in
> > > the SGI parser (demo exploit linked in the report).
> > > 
> > > This has been assigned CVE-2006-4144, please mention this number in
> > > the changelog when you fix this.
> > > 
> > > Ubuntu patch:
> > > 
> > >   http://people.ubuntu.com/patches/imagemagick.CVE-2006-4144.diff
> > 
> > This patch looks insufficient. In only deals sanitises user input for
> > the run-length encoded format, but the overflow as described on the page
> > linked above is present in the non-RLE case as well.
> 
> I've now had the time to look at it in detail:
> 
> - The heap overflow described in CVE-2006-4144 has been fixed for ages.
>   It is present in graphicsmagick (forked from imagemagick 5), but not
>   in any imagemagick 6.x version we ship.
> - The heap overflow triggered by the demo exploit to CVE-2006-4144
>   triggers a different vulnerability that was fixed upstream in 6.2.9.
>   This is the patch you extracted.
> - I've discovered two more heap overflows in sgi.c that apparently have
>   gone unnoticed so far: ReadSGIImage() implicitly assumes iris_info.depth
>   to be no greater than four. Anything else will trivially overflow the
>   irix_pixels array. Also the checks in SGIDecode() for an overflow
>   condition come too late, and an overflow up to 126 bytes might already
>   have happened.
> 
> Hope this clears up the confusion. Here's a proposed fix for the current
> version in unstable and testing. I haven't checked yet, but it's
> probably applicable to stable as well. The first three hunks are not yet
> contained in Ubuntu's security update, either.

The vulnerabilities are present in stable as well. The attached patch
should work, but is untested on stable. Please note that the technical
description in the CVE database is incorrect and refers to a bug that
was fixed years ago, as explained above. Author of the original advisory
has been notified.

Regards,

Daniel.

[diff-stable (text/plain, inline)]
diff -u imagemagick-6.0.6.2/debian/changelog imagemagick-6.0.6.2/debian/changelog
--- imagemagick-6.0.6.2/debian/changelog
+++ imagemagick-6.0.6.2/debian/changelog
@@ -1,3 +1,14 @@
+imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high
+
+  * Non-maintainer upload for the Security Team.
+  * coders/sgi.c: Fix heap overflow vulnerabilities due to
+    + insufficient validation of runlength fields in run-length encoded
+      images (CVE-2006-4144); Closes: #383314
+    + insufficient validation of image depth field;
+    + insufficient boundary checks in SGIDecode().
+
+ -- Daniel Kobras <kobras@debian.org>  Sat, 19 Aug 2006 01:42:49 +0200
+
 imagemagick (6:6.0.6.2-2.6) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
only in patch2:
unchanged:
--- imagemagick-6.0.6.2.orig/coders/sgi.c
+++ imagemagick-6.0.6.2/coders/sgi.c
@@ -168,13 +168,13 @@
   q=pixels;
   if (bytes_per_pixel == 2)
     {
-      for (i=0; i < (long) width; )
+      for ( ; ; )
       {
         pixel=(unsigned long) (*p++) << 8;
         pixel|=(*p++);
         count=(ssize_t) (pixel & 0x7f);
         i+=count;
-        if (count == 0)
+	if (count == 0 || i >= (long) width)
           break;
         if ((pixel & 0x80) != 0)
           for ( ; count != 0; count--)
@@ -197,13 +197,13 @@
       }
       return;
     }
-  for (i=0; i < (long) width; )
+  for ( ; ; )
   {
     pixel=(unsigned long) (*p++);
     count=(ssize_t) (pixel & 0x7f);
-    if (count == 0)
-      break;
     i+=count;
+    if (count == 0 || i >= (long) width)
+      break;
     if ((pixel & 0x80) != 0)
       for ( ; count != 0; count--)
       {
@@ -297,6 +297,8 @@
     image->columns=iris_info.columns;
     image->rows=iris_info.rows;
     image->depth=(unsigned long) (iris_info.depth <= 8 ? 8 : QuantumDepth);
+    if (iris_info.depth > 4 || iris_info.depth == 0)
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
     if (iris_info.depth < 3)
       {
         image->storage_class=PseudoClass;
@@ -387,7 +389,11 @@
         for (i=0; i < (int) (iris_info.rows*iris_info.depth); i++)
           offsets[i]=(ssize_t) ReadBlobMSBLong(image);
         for (i=0; i < (int) (iris_info.rows*iris_info.depth); i++)
-          runlength[i]=ReadBlobMSBLong(image);
+	  {
+            runlength[i]=ReadBlobMSBLong(image);
+            if (runlength[i] > 4*iris_info.columns+10)
+              ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+          }
         /*
           Check data order.
         */

Bug marked as found in version 6:6.0.6.2-2.6. Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ryuichi Arafune <arafune@debian.org>:
Bug#383314; Package libmagick9. Full text and rfc822 format available.

Message #31 received at 383314@bugs.debian.org (full text, mbox):

From: Don Armstrong <don@donarmstrong.com>
To: 383314@bugs.debian.org, 349264@bugs.debian.org, 360362@bugs.debian.org, 385062@bugs.debian.org
Subject: Diff for NMU to fix these bugs
Date: Mon, 11 Sep 2006 01:52:22 -0700
[Message part 1 (text/plain, inline)]
Please find attached the diff for the NMU which I have made to fix
these bugs:

+imagemagick (7:6.2.4.5.dfsg1-0.10) unstable; urgency=high
+
+  * Non-Maintainer Upload
+  * Fix buffer overflow in SGI parser [CVE-2006-4144] (closes: #383314)
+    Thanks to Daniel Kobras
+  * Fix double free in ICC profile in PerlMagick (closes: #349264)
+  * Fix incomaptibility with graphviz >= 2.8 and build-depend on an
+    appropriate version (closes: #360362)
+  * Fix XCF and Sun Raster File buffer overflows [CVE-2006-3743/-3744]
+    (closes: #385062)
+  
+ -- Don Armstrong <don@debian.org>  Sun, 10 Sep 2006 20:15:57 -0700
+


Don Armstrong

-- 
"Because," Fee-5 explained patiently, "I was born in the fifth row.
Any fool would understand that, but against stupidity the very Gods
themselves contend in vain."
 -- Alfred Bester _The Computer Connection_ p19

http://www.donarmstrong.com              http://rzlab.ucr.edu
[nmu_diff_for_security_bugs.diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Tags added: fixed Request was from Don Armstrong <don@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ryuichi Arafune <arafune@debian.org>:
Bug#383314; Package libmagick9. Full text and rfc822 format available.

Acknowledgement sent to Martin Pitt <martin.pitt@canonical.com>:
Extra info received and forwarded to list. Copy sent to Ryuichi Arafune <arafune@debian.org>. Full text and rfc822 format available.

Message #38 received at 383314@bugs.debian.org (full text, mbox):

From: Martin Pitt <martin.pitt@canonical.com>
To: Daniel Kobras <kobras@debian.org>
Cc: 383314@bugs.debian.org
Subject: Re: Bug#383314: libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]
Date: Mon, 16 Oct 2006 10:41:25 +0200
[Message part 1 (text/plain, inline)]
Hi Daniel,

Daniel Kobras [2006-08-18 19:02 +0200]:
> --- imagemagick-6.2.4.5.dfsg1.orig/coders/sgi.c
> +++ imagemagick-6.2.4.5.dfsg1/coders/sgi.c
> @@ -171,13 +171,13 @@
>    q=pixels;
>    if (bytes_per_pixel == 2)
>      {
> -      for (i=0; i < (long) width; )
> +      for ( ; ; )
>        {
>          pixel=(unsigned long) (*p++) << 8;
>          pixel|=(*p++);
>          count=(ssize_t) (pixel & 0x7f);
>          i+=count;

BTW, this hunk looks wrong: You removed the initialization 'i=0'
without adding a replacement. I'm not intimately familiar with the C
specification, is a 'register long i' guaranteed to be initialized to
0? It would surprise me if that was true. For being on the safe side,
the 'i=0' should be put back.


> @@ -200,13 +200,13 @@
>        }
>        return;
>      }
> -  for (i=0; i < (long) width; )
> +  for ( ; ; )
>    {
>      pixel=(unsigned long) (*p++);
>      count=(ssize_t) (pixel & 0x7f);
> -    if (count == 0)
> -      break;
>      i+=count;

(same here)

Thanks,

Martin
-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Ryuichi Arafune <arafune@debian.org>:
Bug#383314; Package libmagick9. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Copy sent to Ryuichi Arafune <arafune@debian.org>. Full text and rfc822 format available.

Message #43 received at 383314@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Martin Pitt <martin.pitt@canonical.com>
Cc: 383314@bugs.debian.org
Subject: Re: Bug#383314: libmagick9: Buffer overflow in SGI parser [CVE-2006-4144]
Date: Tue, 17 Oct 2006 15:35:39 +0200
On Mon, Oct 16, 2006 at 10:41:25AM +0200, Martin Pitt wrote:
> Daniel Kobras [2006-08-18 19:02 +0200]:
> > --- imagemagick-6.2.4.5.dfsg1.orig/coders/sgi.c
> > +++ imagemagick-6.2.4.5.dfsg1/coders/sgi.c
> > @@ -171,13 +171,13 @@
> >    q=pixels;
> >    if (bytes_per_pixel == 2)
> >      {
> > -      for (i=0; i < (long) width; )
> > +      for ( ; ; )
> >        {
> >          pixel=(unsigned long) (*p++) << 8;
> >          pixel|=(*p++);
> >          count=(ssize_t) (pixel & 0x7f);
> >          i+=count;
> 
> BTW, this hunk looks wrong: You removed the initialization 'i=0'
> without adding a replacement. I'm not intimately familiar with the C
> specification, is a 'register long i' guaranteed to be initialized to
> 0? It would surprise me if that was true. For being on the safe side,
> the 'i=0' should be put back.

D'oh! You're right, of course. I'll prepare an update.

Thanks,

Daniel.




Bug marked as fixed in version 7:6.2.4.5.dfsg1-0.10, send any further explanations to Martin Pitt <martin.pitt@ubuntu.com> Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Martin Pitt <martin.pitt@ubuntu.com>:
Bug#383314. Full text and rfc822 format available.

Message #48 received at 383314-submitter@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 380056-submitter@bugs.debian.org, 380123-submitter@bugs.debian.org, 380147-submitter@bugs.debian.org, 380466-submitter@bugs.debian.org, 380581-submitter@bugs.debian.org, 380589-submitter@bugs.debian.org, 380723-submitter@bugs.debian.org, 380728-submitter@bugs.debian.org, 380801-submitter@bugs.debian.org, 380872-submitter@bugs.debian.org, 380915-submitter@bugs.debian.org, 380993-submitter@bugs.debian.org, 381005-submitter@bugs.debian.org, 381068-submitter@bugs.debian.org, 381110-submitter@bugs.debian.org, 381225-submitter@bugs.debian.org, 381338-submitter@bugs.debian.org, 381390-submitter@bugs.debian.org, 381452-submitter@bugs.debian.org, 381456-submitter@bugs.debian.org, 381624-submitter@bugs.debian.org, 381646-submitter@bugs.debian.org, 381816-submitter@bugs.debian.org, 382096-submitter@bugs.debian.org, 382114-submitter@bugs.debian.org, 382131-submitter@bugs.debian.org, 382214-submitter@bugs.debian.org, 382260-submitter@bugs.debian.org, 382400-submitter@bugs.debian.org, 382491-submitter@bugs.debian.org, 382512-submitter@bugs.debian.org, 382642-submitter@bugs.debian.org, 382769-submitter@bugs.debian.org, 382783-submitter@bugs.debian.org, 382807-submitter@bugs.debian.org, 382867-submitter@bugs.debian.org, 382951-submitter@bugs.debian.org, 382958-submitter@bugs.debian.org, 383175-submitter@bugs.debian.org, 383314-submitter@bugs.debian.org, 383426-submitter@bugs.debian.org, 383565-submitter@bugs.debian.org, 383569-submitter@bugs.debian.org, 383616-submitter@bugs.debian.org, 383823-submitter@bugs.debian.org, 384057-submitter@bugs.debian.org, 384081-submitter@bugs.debian.org, 384223-submitter@bugs.debian.org, 384282-submitter@bugs.debian.org, 384356-submitter@bugs.debian.org, 384358-submitter@bugs.debian.org, 384489-submitter@bugs.debian.org, 384507-submitter@bugs.debian.org, 384566-submitter@bugs.debian.org, 384593-submitter@bugs.debian.org, 384725-submitter@bugs.debian.org, 384750-submitter@bugs.debian.org, 384756-submitter@bugs.debian.org, 384772-submitter@bugs.debian.org, 384825-submitter@bugs.debian.org, 384826-submitter@bugs.debian.org, 384937-submitter@bugs.debian.org, 384995-submitter@bugs.debian.org, 385062-submitter@bugs.debian.org, 385080-submitter@bugs.debian.org, 385177-submitter@bugs.debian.org, 385378-submitter@bugs.debian.org, 385643-submitter@bugs.debian.org, 385696-submitter@bugs.debian.org, 385800-submitter@bugs.debian.org, 385819-submitter@bugs.debian.org, 385820-submitter@bugs.debian.org, 385827-submitter@bugs.debian.org, 385828-submitter@bugs.debian.org, 385829-submitter@bugs.debian.org, 385830-submitter@bugs.debian.org, 385831-submitter@bugs.debian.org, 385835-submitter@bugs.debian.org, 385837-submitter@bugs.debian.org, 385839-submitter@bugs.debian.org, 385841-submitter@bugs.debian.org, 385943-submitter@bugs.debian.org, 378525-submitter@bugs.debian.org, 378699-submitter@bugs.debian, org@mauritius.dodds.net, 379208-submitter@bugs.debian.org, 374601-submitter@bugs.debian.org, 388193-submiter@bugs.debian.org, 366090-submitter@bugs.debian.org, 343015-submitter@bugs.debian.org, 342963-submitter@bugs.debian.org, 342962-submitter@bugs.debian.org, 342966-submitter@bugs.debian.org, 342997-submitter@bugs.debian.org, 343000-submitter@bugs.debian.org
Subject: Bugs fixed in NMU, documenting versions
Date: Sun, 22 Oct 2006 01:59:27 -0700
# Hi folks,
#
# All of these bugs have been fixed in NMU, but not acknowledged by the
# maintainers.  With version tracking in the Debian BTS, it is important to
# know which version of a package fixes each bug so that they can be tracked
# for release status in the BTS, so I'm closing these bugs with the relevant
# version number information now.

close 380056 0.4.2-3.2
close 380123 1.1.3-5.3
close 380147 0.4.14-1.1
close 380466 0.3.9-1.1
close 380581 0.3.7-1.1
close 380589 1:1.0.0-rel-3.1
close 380723 0.0.43-0.3
close 380728 0.3.2-7.1
close 380801 3.0.3-3.1
close 380872 0.4-1.1
close 380915 0.8-1.1
close 380993 2.4.0-3.1
close 381005 1:1.0-3.1
close 381068 0.4.7-1.1
close 381110 2.6.3.2.1.2
close 381225 1:1.0.1-4.1
close 381338 2.3.4-3.1
close 381390 2.1.1-5.2
close 381452 21.4a-6.2
close 381456 0.3.4.cvs.20050813-2.2
close 381624 3.6.13-3.6
close 381646 7.4-3.1
close 381816 6.2.10-4.1
close 382096 1.3.29-2.1
close 382114 1:1.2.4.1-6.1
close 382131 1.9.6-3.1
close 382214 0.4.7-1.1
close 382260 1.13-1.1
close 382400 0.87.5-2
close 382491 0.2.1-1.1
close 382512 1.0.0-9.2
close 382642 2.2.3-1.1
close 382769 0.2.12-1.2
close 382783 1.0.57-2.3
close 382807 0.5.4-0.1
close 382867 0.10-1.1
close 382951 2.6.3.2.1.5
close 382958 1.0.5-1.1
close 383175 0.1.8.1-3.1
close 383314 7:6.2.4.5.dfsg1-0.10
close 383426 4.0.6-2.1
close 383565 0.1.6.9-1.1
close 383569 0.95-2.1
close 383616 1.0.5-1.1
close 383823 2.2.0-2.1
close 384057 6.5.0.cvs.20060524-1.1
close 384081 1:5.22-1.1
close 384223 0.80+dfsg-1
close 384282 6.5.0.cvs.20060524-1.1
close 384356 0.9.10-3.1
close 384358 0.88-3.1
close 384489 0.4.2-7.1
close 384507 0.4.20-12.1
close 384566 0.13-3.3
close 384593 210-3.1
close 384725 2.8.5-2sarge1.2
close 384750 0.9.2+cvs.1.0.dev.2004.07.28-4.1
close 384756 0.15.0-1.1
close 384772 0.9.6-1.1
close 384825 0.0.43-0.4
close 384937 0.03-1.1
close 384995 0.5-1.1
close 385062 7:6.2.4.5.dfsg1-0.10
close 385080 1.3.29-2.1
close 385177 1.1.3-1.2
close 385378 0.33.3-1.1
close 385643 0.07-1.1
close 385696 2.5.3-4.1
close 385800 3.4.2-1.1
close 385819 0.6.6-6.1
close 385820 0.6.6-4.1
close 385827 3.5-9.1
close 385828 1.3.2-3.3
close 385829 1.4.3-17.2
close 385830 0.5-8.1
close 385831 2.0.9-1.2
close 385835 3.0.9-2.1
close 385837 0.3-5.2
close 385839 2.3.0-1
close 385841 1.1pre14-2.1
close 385943 2.8.5-1.1
thanks

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Tags added: pending Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Daniel Kobras <kobras@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Martin Pitt <martin.pitt@ubuntu.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #55 received at 383314-close@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: 383314-close@bugs.debian.org
Subject: Bug#383314: fixed in imagemagick 7:6.2.4.5.dfsg1-0.11
Date: Tue, 24 Oct 2006 11:17:30 -0700
Source: imagemagick
Source-Version: 7:6.2.4.5.dfsg1-0.11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:

imagemagick_6.2.4.5.dfsg1-0.11.diff.gz
  to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.11.diff.gz
imagemagick_6.2.4.5.dfsg1-0.11.dsc
  to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.11.dsc
imagemagick_6.2.4.5.dfsg1-0.11_i386.deb
  to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.11_i386.deb
libmagick++9-dev_6.2.4.5.dfsg1-0.11_i386.deb
  to pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.11_i386.deb
libmagick++9c2a_6.2.4.5.dfsg1-0.11_i386.deb
  to pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.11_i386.deb
libmagick9-dev_6.2.4.5.dfsg1-0.11_i386.deb
  to pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.11_i386.deb
libmagick9_6.2.4.5.dfsg1-0.11_i386.deb
  to pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.11_i386.deb
perlmagick_6.2.4.5.dfsg1-0.11_i386.deb
  to pool/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.11_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 383314@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Kobras <kobras@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 23 Oct 2006 20:52:25 +0200
Source: imagemagick
Binary: perlmagick libmagick9 libmagick9-dev imagemagick libmagick++9-dev libmagick++9c2a
Architecture: source i386
Version: 7:6.2.4.5.dfsg1-0.11
Distribution: unstable
Urgency: high
Maintainer: Daniel Kobras <kobras@debian.org>
Changed-By: Daniel Kobras <kobras@debian.org>
Description: 
 imagemagick - Image manipulation programs
 libmagick++9-dev - The object-oriented C++ API to the ImageMagick library--developme
 libmagick++9c2a - The object-oriented C++ API to the ImageMagick library
 libmagick9 - Image manipulation library
 libmagick9-dev - Image manipulation library -- development
 perlmagick - A perl interface to the libMagick graphics routines
Closes: 317083 340401 358148 360400 383314 393025
Changes: 
 imagemagick (7:6.2.4.5.dfsg1-0.11) unstable; urgency=high
 .
   * Non-maintainer upload.
   * coders/dcm.c, coders/palm.c: Fix buffer overflows in DCM and Palm coders.
     Patches thanks to M Joonas Pihlaja. Closes: #393025
   * coders/sgi.c: Put back missing initialisation of loop variable that
     was erroneously removed in fix for CVE-2006-4144. Spotted by
     Martin Pitt. Closes: #383314
   * coders/sgi.c: Fix off-by-one error in boundary check causing slightly
     garbled image output. Also introduced in fix for for CVE-2006-4144.
   * coders/xpm.c: Do not gratuitously limit the allowed number of
     bytes per pixel. Patch thanks to Jens Seidel. Closes: #358148
   * magick/display.c: Fix NULL pointer dereference in display's
     "Visual Directory". Patch thanks to Frédéric Bothamy. Closes: #360400
   * utilities/ImageMagick.1.in: Replace UTF-8 encoded characters with
     latin1 equivalents to placate lintian.
   * debian/control: perlmagick provides libimage-magick-perl to comply
     with Perl policy. Closes: #317083
   * debian/control: Add gs-gpl build dependency, used in testsuite.
   * debian/control: Tries hard to comply with version 3.7.2 of Debian
     policy.
   * debian/rules: Eliminate -l entries that slipped into --ldflags output.
     They're already present in --libs anyway. Closes: #340401
   * debian/rules: Run the testsuite, but don't treat failures as fatal
     errors for now.
   * debian/rules: At configure time, change X11 search paths to X11R7
     locations.
   * debian/rules: Remove duplicate of license file from imagemagick
     package.
Files: 
 fa7a342dd7933605581497582746758f 940 graphics optional imagemagick_6.2.4.5.dfsg1-0.11.dsc
 0ec01dc713b9f55c6dcb4a0b69c81b54 87518 graphics optional imagemagick_6.2.4.5.dfsg1-0.11.diff.gz
 7f2cd1fd49109b2a8edb0c8d006abb80 738784 graphics optional imagemagick_6.2.4.5.dfsg1-0.11_i386.deb
 1c15a7e7156b55226309e345bf992087 1296034 libs optional libmagick9_6.2.4.5.dfsg1-0.11_i386.deb
 d8a9d0d8829bebc9f391b2016a0de0ef 1638156 libdevel optional libmagick9-dev_6.2.4.5.dfsg1-0.11_i386.deb
 589890ec32b4c75af734805f710d2c85 178500 libs optional libmagick++9c2a_6.2.4.5.dfsg1-0.11_i386.deb
 3a33e323b85c5e89fa7f8ced8c362f59 227830 libdevel optional libmagick++9-dev_6.2.4.5.dfsg1-0.11_i386.deb
 ce466baaf3f1b3d4f45a854679c7961d 169082 perl optional perlmagick_6.2.4.5.dfsg1-0.11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFPhR/pOKIA4m/fisRAs0+AKC2roHolvPxwM2QWqE0R72KKGXnGwCgqiPF
s14MlIyWNdIOMThj1/u5gOI=
=vYkE
-----END PGP SIGNATURE-----




Reply sent to Daniel Kobras <kobras@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Martin Pitt <martin.pitt@ubuntu.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #60 received at 383314-close@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: 383314-close@bugs.debian.org
Subject: Bug#383314: fixed in imagemagick 7:6.2.4.5.dfsg1-1
Date: Mon, 30 Apr 2007 18:17:04 +0000
Source: imagemagick
Source-Version: 7:6.2.4.5.dfsg1-1

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:

imagemagick_6.2.4.5.dfsg1-1.diff.gz
  to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1.diff.gz
imagemagick_6.2.4.5.dfsg1-1.dsc
  to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1.dsc
imagemagick_6.2.4.5.dfsg1-1_i386.deb
  to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1_i386.deb
libmagick++9-dev_6.2.4.5.dfsg1-1_i386.deb
  to pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-1_i386.deb
libmagick++9c2a_6.2.4.5.dfsg1-1_i386.deb
  to pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-1_i386.deb
libmagick9-dev_6.2.4.5.dfsg1-1_i386.deb
  to pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-1_i386.deb
libmagick9_6.2.4.5.dfsg1-1_i386.deb
  to pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-1_i386.deb
perlmagick_6.2.4.5.dfsg1-1_i386.deb
  to pool/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 383314@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Kobras <kobras@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 28 Apr 2007 18:00:10 +0200
Source: imagemagick
Binary: perlmagick libmagick9 libmagick9-dev imagemagick libmagick++9-dev libmagick++9c2a
Architecture: source i386
Version: 7:6.2.4.5.dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Luciano Bello <luciano@linux.org.ar>
Changed-By: Daniel Kobras <kobras@debian.org>
Description: 
 imagemagick - Image manipulation programs
 libmagick++9-dev - The object-oriented C++ API to the ImageMagick library--developme
 libmagick++9c2a - The object-oriented C++ API to the ImageMagick library
 libmagick9 - Image manipulation library
 libmagick9-dev - Image manipulation library -- development
 perlmagick - A perl interface to the libMagick graphics routines
Closes: 214623 317083 318176 325651 325720 330666 333616 335111 339548 340401 344997 345238 345595 345876 347486 349264 351498 352575 358148 360362 360400 364826 381831 383314 383314 385062 386964 393025 395830 398183 401047 404477 410435 412945 417237 418057 419274 420353
Changes: 
 imagemagick (7:6.2.4.5.dfsg1-1) unstable; urgency=high
 .
   * New maintainers.
   * debian/compat: Splice debhelper version out of debian/rules into
     separate file (but don't bump version).
   * debian/control: Adjust jasper dependencies to current package names.
     Closes: #419274, #420353
   * Documentation minors improvements:
     - Manpages says SEE ALSO, not SEE-ALSO. Closes: #333616
     - Escaped specials chars in manpages. Closes: #381831
     - External reference in convert(1). Closes: #398183
     - "isplay", "perferred", "similiar" and "morify.html" typos fixed.
       Closes: #386964, #351498, #395830
     - ImageMagick(1) indentation. Closes: #335111
     - "convert -help" duplicated line fixes. Closes: #339548
     - Typo in description of --resize command fixed. Closes: #364826
   * Magick++/lib/Image.cpp: Include cstdlib header to fix build failure
     with gcc 4.3. Patch thanks to Martin Michlmayr. Closes: #417237
   * coders/dcm.c: Fix integer overflow in DCM coder. (CVE-2007-1797)
     Closes: #418057
   * coders/icon.c: Fix segfault in ICON coder.
   * coders/pcx.c: Fix heap overflow in PCX coder.
   * coders/pict.c: Fix multiple segfaults in PICT coder.
   * coders/png.c: Fix segfault in PNG coder.
   * coders/pnm.c: Fix segfault in PNM coder.
   * coders/sgi.c: Fix segfault in SGI coder.
   * coders/sun.c: Fix segfault during conversion in SUN coder.
   * coders/viff.c: Prevent heap corruption in VIFF coder.
   * coders/xwd.c: Fix segfault during conversion in XWD coder.
   * coders/xwd.c: Fix multiple integer overflows in XWD coder.
     (CVE-2007-1667, CVE-2007-1797)
   * The above fixes collectively address the following bug report:
     Closes: #412945
   * config/delegates.xml.in: Lose obsolete option -3 to dcraw delegate
     to unbreak support for raw digital images. Closes: #404477
 .
 imagemagick (7:6.2.4.5.dfsg1-0.14) unstable; urgency=high
 .
   * Non-maintainer upload.
   * coders/palm.c: Fix regression introduced in patch for CVE-2006-5456.
     Avoid bogus second read in macro call. Patch thanks to Vladimir
     Nadvornik. (CVE-2007-0770) Closes: #410435
 .
 imagemagick (7:6.2.4.5.dfsg1-0.13) unstable; urgency=high
 .
   * Non-maintainer upload.
   * coders/png.c: Fix amd64 build failure with recent libpng versions.
     Closes: #401047
   * debian/control: Tighten libpng12-dev build-dependency to exclude versions
     that are known to fail to link even with the above fix in place.
 .
 imagemagick (7:6.2.4.5.dfsg1-0.12) unstable; urgency=high
 .
   * Non-maintainer upload.
   * debian/control: Add build dependency on libxt-dev and pkg-config to
     make dependency list deterministic.
   * debian/control: libmagick9-dev depends on libxt-dev.
 .
 imagemagick (7:6.2.4.5.dfsg1-0.11) unstable; urgency=high
 .
   * Non-maintainer upload.
   * coders/dcm.c, coders/palm.c: Fix buffer overflows in DCM and Palm coders.
     Patches thanks to M Joonas Pihlaja. Closes: #393025
   * coders/sgi.c: Put back missing initialisation of loop variable that
     was erroneously removed in fix for CVE-2006-4144. Spotted by
     Martin Pitt. Closes: #383314
   * coders/sgi.c: Fix off-by-one error in boundary check causing slightly
     garbled image output. Also introduced in fix for for CVE-2006-4144.
   * coders/xpm.c: Do not gratuitously limit the allowed number of
     bytes per pixel. Patch thanks to Jens Seidel. Closes: #358148
   * magick/display.c: Fix NULL pointer dereference in display's
     "Visual Directory". Patch thanks to Frédéric Bothamy. Closes: #360400
   * utilities/ImageMagick.1.in: Replace UTF-8 encoded characters with
     latin1 equivalents to placate lintian.
   * debian/control: perlmagick provides libimage-magick-perl to comply
     with Perl policy. Closes: #317083
   * debian/control: Add gs-gpl build dependency, used in testsuite.
   * debian/control: Tries hard to comply with version 3.7.2 of Debian
     policy.
   * debian/rules: Eliminate -l entries that slipped into --ldflags output.
     They're already present in --libs anyway. Closes: #340401
   * debian/rules: Run the testsuite, but don't treat failures as fatal
     errors for now.
   * debian/rules: At configure time, change X11 search paths to X11R7
     locations.
   * debian/rules: Remove duplicate of license file from imagemagick
     package.
 .
 imagemagick (7:6.2.4.5.dfsg1-0.10) unstable; urgency=high
 .
   * Non-Maintainer Upload
   * Fix buffer overflow in SGI parser [CVE-2006-4144] (closes: #383314)
     Thanks to Daniel Kobras
   * Fix double free in ICC profile in PerlMagick (closes: #349264)
   * Fix incomaptibility with graphviz >= 2.8 and build-depend on an
     appropriate version (closes: #360362)
   * Fix XCF and Sun Raster File buffer overflows [CVE-2006-3743/-3744]
     (closes: #385062)
 .
 imagemagick (7:6.2.4.5.dfsg1-0.9) unstable; urgency=low
 .
   * Non-Maintainer Upload
   * Remove all instances of the imagemagick logo from the original
     sourcefile and repack. (closes: #214623)
   * Add back the free logo patch
   * Add clean-tarball rule to accomplish this
   * Change the copyright file to indicate that the logo is no longer
     included, and indiciate that the included logo is actually text saying
     "imagemagick" with the Debian open use logo.
 .
 imagemagick (7:6.2.4.5-0.8) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Back to 6.2.4.5 as requested by the release team to maintain binary
     compatibility. Bumped epoch once more.
 .
 imagemagick (6:6.2.6.7-1) unstable; urgency=low
 .
   * New upstream version.
 .
 imagemagick (6:6.2.4.5-0.7) unstable; urgency=high
 .
   * Non-maintainer upload.
   * coders/url.c: Do not treat local file:// URIs as temporary files that
     are removed after reading. Closes: #352575
 .
 imagemagick (6:6.2.4.5-0.6) unstable; urgency=high
 .
   * Non-maintainer upload.
   * magick/display.c: In DisplayImageCommand(), expand command line before
     allocating ressources based on argc. Patch and analysis thanks to
     Eero Häkkinen. Closes: #345595
   * magick/{animate.c,blob.c,display.c,image.c,log.c,montage.c,string.c,
     string_.h}: Implement new utility function FormatMagickStringNumeric()
     to securely expand a user-supplied format string with a single numeric
     argument. Adjust code to use this function where appropriate.
     (CVE-2006-0082) Closes: #345876
   * coders/pdf.c,coders/ps.c,magick/delegate.c,magick/delegate.h,
     magick/methods.h: Do not call external delegates with user-supplied
     filename, but with securely named symlinks only to prevent shell command
     injection (CVE-2005-4601). Closes: #345238
   * debian/rules: Make sure to include trailing spaces in multi-line
     commands to keep recent make happy. Cures problems with ghostscript
     font path. Fix thanks to Jeff Lessem. Closes: #347486
   * debian/imagemagick.mime: Rather than autodetect the type of an image,
     derive it from the mime type. As a side effect, this change allows to
     use arbitrary filenames with the 'see' command, even if they have
     special meaning to imagemagick internally. Also clean up some typos
     and superfluous entries once we're at it. Closes: #344997
 .
 imagemagick (6:6.2.4.5-0.5) unstable; urgency=low
 .
   * Another NMU to complete the installability fixes from 6:6.2.4.5-0.4.
   * Adjust libmagick9-dev dependencies to account for the removal of
     xlibs-dev from unstable, and bring them in line with build-deps.
 .
 imagemagick (6:6.2.4.5-0.4) unstable; urgency=low
 .
   * Non-maintainer upload to resolve buildability/installability.
   * debian/{control,rules}: Disable DPS support, which is no longer shipped
     in Xorg 6.9/7.0 (and was making us both FTBFS and uninstallable in sid)
   * debian/control: explicitely build-depend on libxext-dev, since we both
     test for and use it directly, rather than indirectly.
 .
 imagemagick (6:6.2.4.5-0.3) unstable; urgency=low
 .
   * Non-maintainer upload.
   * debian/control: Rename libmagick++9 to libmagick++9c2a, following a
     C++ ABI transition. Conflicts with and Replaces old version.
   * debian/*: Rename various debhelper support files due to above name
     change.
 .
 imagemagick (6:6.2.4.5-0.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * debian/control: libmagick9-dev Conflicts/Replaces libmagick6-dev.
     Likewise for libmagick++9-dev. Closes: #330666
   * debian/control: Provide unversioned libmagick-dev and libmagick++-dev
     and conflict/replace them for future-proof handling of soname bumps.
 .
 imagemagick (6:6.2.4.5-0.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * New upstream version.
     + Yet another bump of the soname version, this time going from
       7 to 9.
   * debian/*: Cater for soname change and corresponding change of
     library packages names in multiple places.
 .
 imagemagick (6:6.2.4.4-0.1) experimental; urgency=low
 .
   * Non-maintainer upload.
   * New upstream version.
     + Version in library soname was increased from 6 to 7 due to
       changes in binary interface starting with 6.0.7. (Yes, this
       should have happened earlier.) Closes: #318176, #325651, #325720
   * debian/*: Rename packages from libmagick6 to libmagick7, and similar.
     Adjust version in various places accordingly. Drop c2 suffix from
     C++ library package.
   * debian/control: Use shlibs information to generate Depends line for
     imagemagick binary package.
   * debian/control: Remove Pre-Depends on prehistoric version of dpkg.
   * debian/control: Package complies with policy version 3.6.2. Bump
     Standards-Version accordingly.
   * Patches to upstream sources:
     + [bin/Magick++-config.1.debdiff]
       Stray file that seems to have slipped into the previous Debian
       diffs by mistake. Removed now.
     + [magick/blob.c]
       Originally a patch from upstream, now mostly merged. Retaining a
       single hunk that upstream reverted later on, though it still looks
       correct.
     + [configure.ac, configure]
       Override location of documentation files to Debian's default
       /usr/share/doc/imagemagick. Patch to configure was present before.
       This release promotes it back to configure.ac as well. (No ill
       effects because AM_MAINTAINER_MODE is used.)
     + [coders/magick.c]
       Drop patch that exchanges upstream's logo for a DFSG-free version.
       This attempt to address #214623 (distribution of non-free logo)
       missed several other instances of the logo, must be applied to
       the orig.tar.gz rather than the Debian diff, and should have
       some input from upstream, so no point in carrying it around still.
Files: 
 289dcca20cabdc8279e324acfbd5739e 1047 graphics optional imagemagick_6.2.4.5.dfsg1-1.dsc
 2c5d3723d25c4119cf003efce2161c56 5203463 graphics optional imagemagick_6.2.4.5.dfsg1.orig.tar.gz
 f7f59b4cd2bd6292c84cc1a922cb3191 98891 graphics optional imagemagick_6.2.4.5.dfsg1-1.diff.gz
 ed785393f73321c39045a2cfca3c4bcc 739222 graphics optional imagemagick_6.2.4.5.dfsg1-1_i386.deb
 03fcdd0be6ac45461187f443c2cdee30 1270866 libs optional libmagick9_6.2.4.5.dfsg1-1_i386.deb
 8f082a61b40f4117ac245bfc24203fcf 1578224 libdevel optional libmagick9-dev_6.2.4.5.dfsg1-1_i386.deb
 be8022b4e8d154339e9e471c11f3af38 176368 libs optional libmagick++9c2a_6.2.4.5.dfsg1-1_i386.deb
 aa5279c10479f169fdd0057e2a1cba01 227988 libdevel optional libmagick++9-dev_6.2.4.5.dfsg1-1_i386.deb
 f4807e698dc13e1bb46fe5c3e48c2dbd 168080 perl optional perlmagick_6.2.4.5.dfsg1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGNiompOKIA4m/fisRAlQ5AJ4rul+sr6wTCvZzTo+azk3g0yKMfACgyGeT
uFkhOZ7y6MlMxNtiZ8wB0No=
=pe/9
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 16:30:36 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 10:52:29 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.