Debian Bug report logs - #414370
graphicsmagick: Couple of segfaults in PICT coder

version graph

Package: graphicsmagick; Maintainer for graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for graphicsmagick is src:graphicsmagick.

Reported by: Sami Liedes <sliedes@cc.hut.fi>

Date: Sun, 11 Mar 2007 10:33:47 UTC

Severity: normal

Found in versions graphicsmagick/1.1.7-12, graphicsmagick/1.1.7-13

Fixed in version graphicsmagick/1.2.3-1

Done: Daniel Kobras <kobras@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Sami Liedes <sliedes@cc.hut.fi>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Sami Liedes <sliedes@cc.hut.fi>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: graphicsmagick: Couple of segfaults in PICT coder
Date: Sun, 11 Mar 2007 12:29:37 +0200
[Message part 1 (text/plain, inline)]
Package: graphicsmagick
Version: 1.1.7-12
Severity: normal

I found still a couple of PICT files that crash gm with all the
patches I've seen applied (hence unless I missed some they should be
unfixed in 1.1.7-13 too).

Attached files and their behavior on amd64:

broken.pict:
  gm identify does not crash, gm convert segfaults. Looks like a null
  pointer dereference.

broken2.pict:
  gm identify, gm convert both segfault. memcpy() to an out-of-bounds
  address.

broken3.pict:
  gm identify segfaults, gm convert aborts with glibc detected heap
  corruption. Looks like a heap buffer overflow.

	Sami


-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-amd64
Locale: LANG=C, LC_CTYPE=fi_FI@euro (charmap=ISO-8859-15)

Versions of packages graphicsmagick depends on:
ii  libbz2-1.0                1.0.3-6        high-quality block-sorting file co
ii  libc6                     2.3.6.ds1-13   GNU C Library: Shared libraries
ii  libfreetype6              2.2.1-5        FreeType 2 font engine, shared lib
ii  libgraphicsmagick1        1.1.7-12       format-independent image processin
ii  libice6                   1:1.0.1-2      X11 Inter-Client Exchange library
ii  libjasper-1.701-1         1.701.0-2      The JasPer JPEG-2000 runtime libra
ii  libjpeg62                 6b-13          The Independent JPEG Group's JPEG 
ii  liblcms1                  1.15-1         Color management library
ii  libpng12-0                1.2.15~beta5-1 PNG library - runtime
ii  libsm6                    1:1.0.1-3      X11 Session Management library
ii  libtiff4                  3.8.2-7        Tag Image File Format (TIFF) libra
ii  libwmf0.2-7               0.2.8.4-2      Windows metafile conversion librar
ii  libx11-6                  2:1.0.3-6      X11 client-side library
ii  libxext6                  1:1.0.1-2      X11 miscellaneous extension librar
ii  libxml2                   2.6.27.dfsg-1  GNOME XML library
ii  zlib1g                    1:1.2.3-13     compression library - runtime

graphicsmagick recommends no packages.

-- no debconf information
[broken.pict (application/octet-stream, attachment)]
[broken2.pict (application/octet-stream, attachment)]
[broken3.pict (application/octet-stream, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Sami Liedes <sliedes@cc.hut.fi>:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #10 received at 414370@bugs.debian.org (full text, mbox):

From: Sami Liedes <sliedes@cc.hut.fi>
To: 414370@bugs.debian.org
Subject: Summary of test cases that still break gm
Date: Sun, 11 Mar 2007 15:53:05 +0200
[Message part 1 (text/plain, inline)]
Here's a summary of my test cases so far that still crash gm
(assertion failures and memory exhaustions not included). I have here
at least one new test case (xcf).


About the PICT segfaults in this bug:
------------------------------------------------------------
With -O0:

$ gm identify samples2/broken2.pict
Segmentation fault

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47484480132192 (LWP 21608)]
0x00002b2fd5c709c2 in DecodeImage (image_info=0x5163d0, blob=0x531a70, image=0x564d50, bytes_per_line=98913, bits_per_pixel=32) at pict.c:515
515                 (void) memcpy(q,p,number_pixels);
(gdb) print q
$1 = (unsigned char *) 0x2b2fd7b9b579 <Address 0x2b2fd7b9b579 out of bounds>
(gdb) print p
$2 = (unsigned char *) 0x567921 ""
(gdb) bt
#0  0x00002b2fd5c709c2 in DecodeImage (image_info=0x5163d0, blob=0x531a70, image=0x564d50, bytes_per_line=98913, bits_per_pixel=32) at pict.c:515
#1  0x00002b2fd5c72856 in ReadPICTImage (image_info=0x5163d0, exception=0x7fffd5151ab0) at pict.c:1054
#2  0x00002b2fd5b287e1 in ReadImage (image_info=0x5131b0, exception=0x7fffd5151ab0) at constitute.c:2748
#3  0x00002b2fd5bc2602 in ReadStream (image_info=0x511060, stream=0x2b2fd5b2338e <PingStream>, exception=0x7fffd5151ab0) at stream.c:488
#4  0x00002b2fd5b23472 in PingImage (image_info=0x50aed0, exception=0x7fffd5151ab0) at constitute.c:1060
#5  0x00002b2fd5b00053 in IdentifyImageCommand (image_info=0x50aed0, argc=2, argv=0x50d020, metadata=0x7fffd5151af8, exception=0x7fffd5151ab0)
    at command.c:6791
#6  0x00002b2fd5b01e79 in MagickCommand (image_info=0x50aed0, argc=2, argv=0x7fffd5152400, metadata=0x7fffd5151af8, exception=0x7fffd5151ab0)
    at command.c:7210
#7  0x0000000000400f71 in main (argc=2, argv=0x7fffd5152400) at gm.c:150

-----

With -O1 (since this bug doesn't appear with -O0):

$ gm convert samples2/broken.pict out.jpg
Segmentation fault

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47696054408288 (LWP 25651)]
0x00002b6118881de5 in SetCacheNexus (image=0x55fe90, x=0, y=0, columns=203, rows=1, nexus=0) at cache.c:2021
2021          nexus_info=(*cache_info->nexus_info);
(gdb) print cache_info
$1 = <value optimized out>

(gdb) info registe
[...]
rax            0x0      0
[...]
rdx            0x0      0
[...]
rip            0x2b6118881de5   0x2b6118881de5 <SetCacheNexus+335>
[...]
(gdb) disas
Dump of assembler code for function SetCacheNexus:
[...]
0x00002b6118881de5 <SetCacheNexus+335>: mov    (%rax),%rdx

-> looks like cache_info is NULL.

-----

With -O1:

$ valgrind gm identify samples2/broken3.pict out.jpg
[...]
==26907== Invalid write of size 1
==26907==    at 0x4A1D62B: memcpy (mc_replace_strmem.c:406)
==26907==    by 0x4C9EEB1: DecodeImage (pict.c:515)
==26907==    by 0x4CA03B4: ReadPICTImage (pict.c:1052)
==26907==    by 0x4BBEF71: ReadImage (constitute.c:2748)
==26907==    by 0x4C23B67: ReadStream (stream.c:488)
==26907==    by 0x4BBD882: PingImage (constitute.c:1060)
==26907==    by 0x4B8F8DA: IdentifyImageCommand (command.c:6791)
==26907==    by 0x4B8EC14: MagickCommand (command.c:7210)
==26907==    by 0x400EFC: main (gm.c:150)
==26907==  Address 0x6B38DE7 is 5 bytes after a block of size 32,778 alloc'd
==26907==    at 0x4A1BA55: malloc (vg_replace_malloc.c:149)
==26907==    by 0x4C9EC62: DecodeImage (pict.c:459)
==26907==    by 0x4CA03B4: ReadPICTImage (pict.c:1052)
==26907==    by 0x4BBEF71: ReadImage (constitute.c:2748)
==26907==    by 0x4C23B67: ReadStream (stream.c:488)
==26907==    by 0x4BBD882: PingImage (constitute.c:1060)
==26907==    by 0x4B8F8DA: IdentifyImageCommand (command.c:6791)
==26907==    by 0x4B8EC14: MagickCommand (command.c:7210)
==26907==    by 0x400EFC: main (gm.c:150)
==26907==
==26907== Invalid write of size 1
==26907==    at 0x4A1D631: memcpy (mc_replace_strmem.c:406)
==26907==    by 0x4C9EEB1: DecodeImage (pict.c:515)
==26907==    by 0x4CA03B4: ReadPICTImage (pict.c:1052)
==26907==    by 0x4BBEF71: ReadImage (constitute.c:2748)
==26907==    by 0x4C23B67: ReadStream (stream.c:488)
==26907==    by 0x4BBD882: PingImage (constitute.c:1060)
==26907==    by 0x4B8F8DA: IdentifyImageCommand (command.c:6791)
==26907==    by 0x4B8EC14: MagickCommand (command.c:7210)
==26907==    by 0x400EFC: main (gm.c:150)
==26907==  Address 0x6B38DE6 is 4 bytes after a block of size 32,778 alloc'd
==26907==    at 0x4A1BA55: malloc (vg_replace_malloc.c:149)
==26907==    by 0x4C9EC62: DecodeImage (pict.c:459)
==26907==    by 0x4CA03B4: ReadPICTImage (pict.c:1052)
==26907==    by 0x4BBEF71: ReadImage (constitute.c:2748)
==26907==    by 0x4C23B67: ReadStream (stream.c:488)
==26907==    by 0x4BBD882: PingImage (constitute.c:1060)
==26907==    by 0x4B8F8DA: IdentifyImageCommand (command.c:6791)
==26907==    by 0x4B8EC14: MagickCommand (command.c:7210)
==26907==    by 0x400EFC: main (gm.c:150)
==26907==
==26907== Invalid write of size 1
==26907==    at 0x4A1D638: memcpy (mc_replace_strmem.c:406)
==26907==    by 0x4C9EEB1: DecodeImage (pict.c:515)
==26907==    by 0x4CA03B4: ReadPICTImage (pict.c:1052)
==26907==    by 0x4BBEF71: ReadImage (constitute.c:2748)
==26907==    by 0x4C23B67: ReadStream (stream.c:488)
==26907==    by 0x4BBD882: PingImage (constitute.c:1060)
==26907==    by 0x4B8F8DA: IdentifyImageCommand (command.c:6791)
==26907==    by 0x4B8EC14: MagickCommand (command.c:7210)
==26907==    by 0x400EFC: main (gm.c:150)
==26907==  Address 0x6B38DE5 is 3 bytes after a block of size 32,778 alloc'd
==26907==    at 0x4A1BA55: malloc (vg_replace_malloc.c:149)
==26907==    by 0x4C9EC62: DecodeImage (pict.c:459)
==26907==    by 0x4CA03B4: ReadPICTImage (pict.c:1052)
==26907==    by 0x4BBEF71: ReadImage (constitute.c:2748)
==26907==    by 0x4C23B67: ReadStream (stream.c:488)
==26907==    by 0x4BBD882: PingImage (constitute.c:1060)
==26907==    by 0x4B8F8DA: IdentifyImageCommand (command.c:6791)
==26907==    by 0x4B8EC14: MagickCommand (command.c:7210)
==26907==    by 0x400EFC: main (gm.c:150)
[...]
------------------------------------------------------------


Files from http://www.hut.fi/~sliedes/im-gm-samples/:
------------------------------------------------------------
*.jp[2c]: heap overflows in libjasper

-----

$ gm identify samples/segv.ptif
Segmentation fault

==20370== Invalid read of size 1
==20370==    at 0x4A1C832: strlen (mc_replace_strmem.c:246)
==20370==    by 0x52624BB: vfprintf (in /usr/lib/debug/libc-2.3.6.so)
==20370==    by 0x5282729: vsnprintf (in /usr/lib/debug/libc-2.3.6.so)
==20370==    by 0x4D74A70: TIFFErrors (tiff.c:374)
==20370==    by 0x50D76C1: TIFFErrorExt (in /usr/lib/libtiff.so.4.2.1)
==20370==    by 0x50D27B5: (within /usr/lib/libtiff.so.4.2.1)
==20370==    by 0x50D2BC7: (within /usr/lib/libtiff.so.4.2.1)
==20370==    by 0x50D2FCB: (within /usr/lib/libtiff.so.4.2.1)
==20370==    by 0x50D45A4: TIFFReadDirectory (in /usr/lib/libtiff.so.4.2.1)
==20370==    by 0x50ECC61: TIFFClientOpen (in /usr/lib/libtiff.so.4.2.1)
==20370==    by 0x4D74F5B: ReadTIFFImage (tiff.c:549)
==20370==    by 0x4BD97E0: ReadImage (constitute.c:2748)
==20370==  Address 0xFFE is not stack'd, malloc'd or (recently) free'd

-----

$ gm identify samples/segv.viff
*** glibc detected *** double free or corruption (fasttop): 0x0000000000533970 ***
- Doesn't crash with -O0 (but I do get uses of uninitialized variables
  at XYZTransformPacket (image.c:4946-4956). -O1 gives the above
  message, but does not crash under valgrind (and reports only uses of
  uninitialized mem) -> hard to debug :(

-----

$ gm identify samples/segv2.ptif
Segmentation fault
- backtrace identical to segv.ptif

-----

$ gm identify samples/segv2.viff
*** glibc detected *** double free or corruption (fasttop): 0x0000000000533970 ***
- like segv.viff
------------------------------------------------------------


Attached files (since I don't remember if I already sent these in some
other bug):
------------------------------------------------------------
$ gm convert samples2/broken2.xwd out.jpg
Segmentation fault

(with libx11-6 1.0.3-6)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47713281688672 (LWP 22392)]
_XGetPixel (ximage=0x52b5b0, x=75216, y=0) at ../../src/ImUtil.c:505
505     ../../src/ImUtil.c: No such file or directory.
        in ../../src/ImUtil.c
(gdb) bt
#0  _XGetPixel (ximage=0x52b5b0, x=75216, y=0) at ../../src/ImUtil.c:505
#1  0x00002b651b713240 in ReadXWDImage (image_info=0x527f00, exception=0x7fff8f727070) at xwd.c:388
#2  0x00002b651b5537e1 in ReadImage (image_info=0x50aed0, exception=0x7fff8f727070) at constitute.c:2748
#3  0x00002b651b51c5ec in ConvertImageCommand (image_info=0x50aed0, argc=3, argv=0x50d020, metadata=0x0, exception=0x7fff8f727070) at command.c:2800
#4  0x00002b651b52ce79 in MagickCommand (image_info=0x50aed0, argc=3, argv=0x7fff8f7279c0, metadata=0x7fff8f7270b8, exception=0x7fff8f727070)
    at command.c:7210
#5  0x0000000000400f71 in main (argc=3, argv=0x7fff8f7279c0) at gm.c:150
(gdb) fra 1
#1  0x00002b651b713240 in ReadXWDImage (image_info=0x527f00, exception=0x7fff8f727070) at xwd.c:388
388                   pixel=XGetPixel(ximage,(int) x,(int) y);
(gdb) print x
$1 = 75216
(gdb) print y
$2 = 0

-----

$ gm identify samples2/segv.palm
Segmentation fault

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47215421449312 (LWP 22963)]
0x00002af130a04049 in ReadPALMImage (image_info=0x5163d0, exception=0x7fff7a3aad10) at palm.c:604
604             indexes[x] = index;
(gdb) print indexes
$3 = (IndexPacket *) 0x0

-----

$ gm convert samples2/segv.ras out.jpg
Segmentation fault

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47686616437856 (LWP 23327)]
0x00002b5ee60e703a in ReadSUNImage (image_info=0x527f00, exception=0x7fffc4d1c670) at sun.c:477
477                       q->red=ScaleCharToQuantum(*p++);
(gdb) print p
$1 = (unsigned char *) 0x597000 <Address 0x597000 out of bounds>

-----

$ gm identify samples2/segv.xcf
Segmentation fault

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 48000813962336 (LWP 23876)]
0x00002ba80db32461 in load_tile (image=0x531a70, tile_image=0x56bd80, inDocInfo=0x7fff9d2ff730, inLayerInfo=0x564a10, data_length=8389203) at xcf.c:320
320           q->red    = ScaleCharToQuantum(xcfdata->red);
(gdb) print q
$3 = (PixelPacket *) 0x586000
(gdb) print q->red
Cannot access memory at address 0x586002
------------------------------------------------------------

	Sami
[broken2.xwd (image/x-xwindowdump, attachment)]
[segv.palm (application/octet-stream, attachment)]
[segv.ras (image/x-cmu-raster, attachment)]
[segv.xcf (application/x-xcf, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Sami Liedes <sliedes@cc.hut.fi>:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #15 received at 414370@bugs.debian.org (full text, mbox):

From: Sami Liedes <sliedes@cc.hut.fi>
To: 414370@bugs.debian.org, control@bugs.debian.org
Subject: Re: Summary of test cases that still break gm
Date: Tue, 13 Mar 2007 01:01:26 +0200
[Message part 1 (text/plain, inline)]
package graphicsmagick
found 414370 1.1.7-13
thanks

On Sun, Mar 11, 2007 at 03:53:05PM +0200, Sami Liedes wrote:
> Here's a summary of my test cases so far that still crash gm
> (assertion failures and memory exhaustions not included). I have here
> at least one new test case (xcf).

I confirm I have all these bugs with graphicsmagick 1.1.7-13, with the
exception of this one:

> $ gm convert samples2/segv.ras out.jpg
> Segmentation fault

which exits with the error "Improper image header".

	Sami
[signature.asc (application/pgp-signature, inline)]

Bug marked as found in version 1.1.7-13. Request was from Sami Liedes <sliedes@cc.hut.fi> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #22 received at 414370@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Sami Liedes <sliedes@cc.hut.fi>, 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Thu, 15 Mar 2007 19:28:39 +0100
On Tue, Mar 13, 2007 at 01:01:26AM +0200, Sami Liedes wrote:
> I confirm I have all these bugs with graphicsmagick 1.1.7-13, with the
> exception of this one:
> 
> > $ gm convert samples2/segv.ras out.jpg
> > Segmentation fault
> 
> which exits with the error "Improper image header".

I'm aware that -13 didn't fix all outstanding problems, but wanted to
have a first batch of fixes in etch in time for the release. I'll deal
with the rest as time permits, but please don't let this stop you from
filing new bug reports. Not sure how much time I can set aside for it in
the next days, though.

Regards,

Daniel.




Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Sami Liedes <sliedes@cc.hut.fi>:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #27 received at 414370@bugs.debian.org (full text, mbox):

From: Sami Liedes <sliedes@cc.hut.fi>
To: Daniel Kobras <kobras@debian.org>
Cc: 414370@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Sat, 17 Mar 2007 01:16:54 +0200
[Message part 1 (text/plain, inline)]
On Thu, Mar 15, 2007 at 07:28:39PM +0100, Daniel Kobras wrote:
> On Tue, Mar 13, 2007 at 01:01:26AM +0200, Sami Liedes wrote:
> > I confirm I have all these bugs with graphicsmagick 1.1.7-13, with the
> > exception of this one:
> > 
> > > $ gm convert samples2/segv.ras out.jpg
> > > Segmentation fault
> > 
> > which exits with the error "Improper image header".
> 
> I'm aware that -13 didn't fix all outstanding problems, but wanted to
> have a first batch of fixes in etch in time for the release. I'll deal
> with the rest as time permits, but please don't let this stop you from
> filing new bug reports. Not sure how much time I can set aside for it in
> the next days, though.

Hmm, ok. Perhaps some of these bugs (or at least the equivalent
#412945 which contains some of the same problems that were severity
grave on graphicsmagick but for imagemagick) should be severity grave
so the release manager will have to explicitly decide to etch-ignore
if he decides to release with known security issues? Not that I doubt
the ability of the RM or the security team to keep track of these,
just trying to prevent mistakes :) But I'll leave all the severity
setting to you, I'm hesitant to interfere since I'm not (yet?) a DD.

	Sami
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #32 received at 414370@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Sami Liedes <sliedes@cc.hut.fi>, Luciano Bello <luciano@linux.org.ar>
Cc: 414370@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Wed, 21 Mar 2007 20:34:46 +0100
Päivää!

On Sat, Mar 17, 2007 at 01:16:54AM +0200, Sami Liedes wrote:
> Hmm, ok. Perhaps some of these bugs (or at least the equivalent
> #412945 which contains some of the same problems that were severity
> grave on graphicsmagick but for imagemagick) should be severity grave
> so the release manager will have to explicitly decide to etch-ignore
> if he decides to release with known security issues?

I agree that some of the outstanding problems for imagemagick are of
grave severity, but I'll leave it to Luciano -- who's handling the
issues -- to adjust the bug reports as he prefers. That side, security
problems are only rarely considered release blockers as we have a
security infrastructure in place that can rapidly deploy updates after
the release date. (Of course, it puts extra load on the stable security
team, so I hope we can get the fixes into etch before the release,
still.)

Regards,

Daniel.




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #37 received at 414370@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Sami Liedes <sliedes@cc.hut.fi>, 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Sat, 24 Mar 2007 20:41:43 +0100
clone 414370 -1
retitle -1 graphicsmagick: Heap corruption in VIFF coder.
severity -1 grave
tags -1 + security
thanks

On Sun, Mar 11, 2007 at 03:53:05PM +0200, Sami Liedes wrote:
> $ gm identify samples/segv.viff
> *** glibc detected *** double free or corruption (fasttop): 0x0000000000533970 ***
> - Doesn't crash with -O0 (but I do get uses of uninitialized variables
>   at XYZTransformPacket (image.c:4946-4956). -O1 gives the above
>   message, but does not crash under valgrind (and reports only uses of
>   uninitialized mem) -> hard to debug :(

This one looks the most severe and is likely to have security impact.
Unfortunately, I couldn't reproduce it on i386 with either -O0, or -O2,
which makes debugging even harder. Can you please check whether you can
still trigger a double free with the attached patch applied? I know it
fixes the first testcase you provided, but I'm uncertain if there are
more problems hiding than the obvious one I've fixed. I don't see
corruption with your segv2.viff testcase.

Thanks,

Daniel.




Bug 414370 cloned as bug 416096. Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. (Sat, 24 Mar 2007 19:48:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Sami Liedes <sliedes@cc.hut.fi>:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #44 received at 414370@bugs.debian.org (full text, mbox):

From: Sami Liedes <sliedes@cc.hut.fi>
To: Daniel Kobras <kobras@debian.org>
Cc: 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Sun, 25 Mar 2007 19:03:35 +0300
[Message part 1 (text/plain, inline)]
On Sat, Mar 24, 2007 at 08:41:43PM +0100, Daniel Kobras wrote:
> On Sun, Mar 11, 2007 at 03:53:05PM +0200, Sami Liedes wrote:
> > $ gm identify samples/segv.viff
> > *** glibc detected *** double free or corruption (fasttop): 0x0000000000533970 ***
> > - Doesn't crash with -O0 (but I do get uses of uninitialized variables
> >   at XYZTransformPacket (image.c:4946-4956). -O1 gives the above
> >   message, but does not crash under valgrind (and reports only uses of
> >   uninitialized mem) -> hard to debug :(
> 
> This one looks the most severe and is likely to have security impact.
> Unfortunately, I couldn't reproduce it on i386 with either -O0, or -O2,
> which makes debugging even harder. Can you please check whether you can
> still trigger a double free with the attached patch applied? I know it

Hmm, sorry, but I don't see any patch attached?

	Sami
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #49 received at 414370@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Sami Liedes <sliedes@cc.hut.fi>
Cc: Daniel Kobras <kobras@debian.org>, 414370@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Sun, 25 Mar 2007 23:30:23 +0200
Sami Liedes wrote:
> Hmm, ok. Perhaps some of these bugs (or at least the equivalent
> #412945 which contains some of the same problems that were severity
> grave on graphicsmagick but for imagemagick) should be severity grave
> so the release manager will have to explicitly decide to etch-ignore
> if he decides to release with known security issues? Not that I doubt
> the ability of the RM or the security team to keep track of these,
> just trying to prevent mistakes :) But I'll leave all the severity
> setting to you, I'm hesitant to interfere since I'm not (yet?) a DD.

I disagree about the severity. The code history of graphicksmagick/
imagemagick makes it fairly obvious that they are both unsuitable
for processing images from untrusted sources. An afternoon of fuzzing
will most likely reveal another dozen ways to potentially trigger code
injection.
It might be a good idea to document this more clearly, if this isn't
done yet.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #54 received at 414370@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Sami Liedes <sliedes@cc.hut.fi>, 414370@bugs.debian.org, 416096@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Thu, 29 Mar 2007 22:41:09 +0200
severity 416096 important
thanks

On Sun, Mar 25, 2007 at 11:30:23PM +0200, Moritz Muehlenhoff wrote:
> I disagree about the severity. The code history of graphicksmagick/
> imagemagick makes it fairly obvious that they are both unsuitable
> for processing images from untrusted sources. An afternoon of fuzzing
> will most likely reveal another dozen ways to potentially trigger code
> injection.

I agree that the magicks have quite a dreadful security record, and a
glance at the code reinforces the impression. But even if we put up a
big warning sign for uses of *magicks command line utilities, the same
code paths are still touch in a number of different ways that are not
immediately obvious to the end user: Each reverse dependency of
libmagick9, libgraphicsmagick1, and perlmagick, rubymagick etc. is
affected as well, and I don't expect users to think graphicsmagick when
they start krita, or imagemagick when they run inkscape or ikiwiki. For
some of the more esoteric image formats, they're also the sole providers
of mime handlers. This makes me worried about the bugs that might allow
code injection, but ultimately it's your (the security team's) call, so
I'm lowering the severity as suggested.

I'm not aware of a more secure replacement that offers a set of features
comparable to *magick, unfortunately.

> It might be a good idea to document this more clearly, if this isn't
> done yet.

I can try to do that, but for the libraries and language bindings, it's
not obvious to me where to put that warning.

Regards,

Daniel.




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #59 received at 414370@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Sami Liedes <sliedes@cc.hut.fi>, 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Fri, 6 Apr 2007 17:34:38 +0200
clone 414370 -1
retitle -1 graphicsmagick: Heap overflow in GrayscalePseudoClassImage()
on 64bit archs.
severity -1 grave
tag -1 + security
tag -1 + pending
clone 414370 -2
retitle -2 graphicsmagick: Double free() when calling MagickReallocMemory() with zero size.
severity -2 important
tag -2 + pending
clone 414370 -3
retitle -3 graphicsmagick: Heap overflow in VIFF coder.
severity -3 grave
tag -3 + security
tag -3 + pending
thanks

On Sun, Mar 11, 2007 at 03:53:05PM +0200, Sami Liedes wrote:
> $ gm identify samples/segv.viff
> *** glibc detected *** double free or corruption (fasttop): 0x0000000000533970 ***
> - Doesn't crash with -O0 (but I do get uses of uninitialized variables
>   at XYZTransformPacket (image.c:4946-4956). -O1 gives the above
>   message, but does not crash under valgrind (and reports only uses of
>   uninitialized mem) -> hard to debug :(

The viff_pixels array can be overflown because of insufficient
validation of the number_data_bands value in the input file. Might be
exploitable.

> $ gm identify samples/segv2.viff
> *** glibc detected *** double free or corruption (fasttop): 0x0000000000533970 ***

Two issues here: The above error message is caused by a bug in
MagickReallocMemory(). When called with a size argument of 0, it calls
realloc(memory, 0), then free(memory), but--at least with the standard
glibc allocator--realloc() has already freed the memory internally.
Probably not a grave security problem in the end, but I haven't checked
all code paths. Still a nuisance as the application usually hangs after
the error message (due to what is said to be a glibc bug) until kill
-9'ed.

Trying to hunt down the above, I noticed a more severe problem, though.
In GrayscalePseudoClassImage(), the colormap_index array is an array of
int *. It is allocated as (number of items)*sizeof(int) instead of
sizeof(int *), leaving the array half the required size on 64bit archs.
This bug didn't cause the eventual crash, but looks like a security
problem and might be exploitable.

I'm currently preparing an upload fixing the three problems above, as
well as the outstanding XWD bug #417862.

Regards,

Daniel.




Bug 414370 cloned as bug 418052. Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. (Fri, 06 Apr 2007 15:36:02 GMT) Full text and rfc822 format available.

Bug 414370 cloned as bug 418053. Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. (Fri, 06 Apr 2007 15:36:11 GMT) Full text and rfc822 format available.

Bug 414370 cloned as bug 418054. Request was from Daniel Kobras <kobras@debian.org> to control@bugs.debian.org. (Fri, 06 Apr 2007 15:36:19 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #70 received at 414370@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Wed, 11 Jun 2008 12:00:20 +0200
[Message part 1 (text/plain, inline)]
Hi Daniel,
what is the current status of this bug? It's on pending for 
quite some time now.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #75 received at 414370@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Nico Golde <nion@debian.org>, 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Sun, 15 Jun 2008 20:32:26 +0200
Hi!

On Wed, Jun 11, 2008 at 12:00:20PM +0200, Nico Golde wrote:
> what is the current status of this bug? It's on pending for 
> quite some time now.

Are you referring to #414370, or rather of the bugs cloned from it?
#414370 is the catch-all for the less severe flaws Sami's testcases
uncovered. It's severity normal, not tagged security and has never been
marked as pending, as far as I can tell. (Incidentially, it's fixed in a
new upstream version released a couple of days ago which I haven't
gotten around to upload so far.)

Regards,

Daniel.





Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #80 received at 414370@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Sun, 15 Jun 2008 21:46:21 +0200
[Message part 1 (text/plain, inline)]
Hi,
* Daniel Kobras <kobras@debian.org> [2008-06-15 20:34]:
> On Wed, Jun 11, 2008 at 12:00:20PM +0200, Nico Golde wrote:
> > what is the current status of this bug? It's on pending for 
> > quite some time now.
> 
> Are you referring to #414370, or rather of the bugs cloned from it?

Ah sorry my bad, I was referring to the clones.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kobras <kobras@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #85 received at 414370@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: Nico Golde <nion@debian.org>, 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Thu, 19 Jun 2008 00:25:05 +0200
On Sun, Jun 15, 2008 at 09:46:21PM +0200, Nico Golde wrote:
> * Daniel Kobras <kobras@debian.org> [2008-06-15 20:34]:
> > Are you referring to #414370, or rather of the bugs cloned from it?
> 
> Ah sorry my bad, I was referring to the clones.

Which one? I might be looking at the wrong set of bugs, but I haven't
found pending tags on them either. Can you please clarify?

Regards,

Daniel.





Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>:
Bug#414370; Package graphicsmagick. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>. Full text and rfc822 format available.

Message #90 received at 414370@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 414370@bugs.debian.org
Subject: Re: Bug#414370: Summary of test cases that still break gm
Date: Thu, 19 Jun 2008 16:01:40 +0200
[Message part 1 (text/plain, inline)]
Hi Daniel,
* Daniel Kobras <kobras@debian.org> [2008-06-19 00:51]:
> On Sun, Jun 15, 2008 at 09:46:21PM +0200, Nico Golde wrote:
> > * Daniel Kobras <kobras@debian.org> [2008-06-15 20:34]:
> > > Are you referring to #414370, or rather of the bugs cloned from it?
> > 
> > Ah sorry my bad, I was referring to the clones.
> 
> Which one? I might be looking at the wrong set of bugs, but I haven't
> found pending tags on them either. Can you please clarify?

Misunderstanding, we track the summary bug on:
http://security-tracker.debian.net/tracker/CVE-2008-1096

and in the bugreport I saw the adding of the pending tags 
without noticing that those are the clones which are fixed.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Daniel Kobras <kobras@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Sami Liedes <sliedes@cc.hut.fi>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #95 received at 414370-close@bugs.debian.org (full text, mbox):

From: Daniel Kobras <kobras@debian.org>
To: 414370-close@bugs.debian.org
Subject: Bug#414370: fixed in graphicsmagick 1.2.3-1
Date: Sun, 22 Jun 2008 15:02:05 +0000
Source: graphicsmagick
Source-Version: 1.2.3-1

We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive:

graphicsmagick-dbg_1.2.3-1_amd64.deb
  to pool/main/g/graphicsmagick/graphicsmagick-dbg_1.2.3-1_amd64.deb
graphicsmagick-imagemagick-compat_1.2.3-1_all.deb
  to pool/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.2.3-1_all.deb
graphicsmagick-libmagick-dev-compat_1.2.3-1_all.deb
  to pool/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.2.3-1_all.deb
graphicsmagick_1.2.3-1.diff.gz
  to pool/main/g/graphicsmagick/graphicsmagick_1.2.3-1.diff.gz
graphicsmagick_1.2.3-1.dsc
  to pool/main/g/graphicsmagick/graphicsmagick_1.2.3-1.dsc
graphicsmagick_1.2.3-1_amd64.deb
  to pool/main/g/graphicsmagick/graphicsmagick_1.2.3-1_amd64.deb
graphicsmagick_1.2.3.orig.tar.gz
  to pool/main/g/graphicsmagick/graphicsmagick_1.2.3.orig.tar.gz
libgraphics-magick-perl_1.2.3-1_amd64.deb
  to pool/main/g/graphicsmagick/libgraphics-magick-perl_1.2.3-1_amd64.deb
libgraphicsmagick++1-dev_1.2.3-1_amd64.deb
  to pool/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.2.3-1_amd64.deb
libgraphicsmagick++2_1.2.3-1_amd64.deb
  to pool/main/g/graphicsmagick/libgraphicsmagick++2_1.2.3-1_amd64.deb
libgraphicsmagick1-dev_1.2.3-1_amd64.deb
  to pool/main/g/graphicsmagick/libgraphicsmagick1-dev_1.2.3-1_amd64.deb
libgraphicsmagick2_1.2.3-1_amd64.deb
  to pool/main/g/graphicsmagick/libgraphicsmagick2_1.2.3-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 414370@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Kobras <kobras@debian.org> (supplier of updated graphicsmagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 22 Jun 2008 15:06:52 +0200
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick2 libgraphicsmagick1-dev libgraphicsmagick++2 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.2.3-1
Distribution: experimental
Urgency: low
Maintainer: Daniel Kobras <kobras@debian.org>
Changed-By: Daniel Kobras <kobras@debian.org>
Description: 
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick++2 - format-independent image processing - C++ shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
 libgraphicsmagick2 - format-independent image processing - C shared library
Closes: 414370
Changes: 
 graphicsmagick (1.2.3-1) experimental; urgency=low
 .
   * New upstream version 1.2.3.
     + Includes remaining fixes for all reported lower-impact
       denial-of-service problems in several coders. Closes: #414370
   * debian/rules: Disable workaround for arm stack overflow in drawtest as
     toolchains problems appear to be fixed.
   * debian/rules: Explicitly configure desired docdir.
Checksums-Sha1: 
 b8544bc75e0366146b39489978515378eeba6fa6 1492 graphicsmagick_1.2.3-1.dsc
 682cf38701b6c8b0713d840bd78e7e213d51cbb0 6556228 graphicsmagick_1.2.3.orig.tar.gz
 2617d7356473b5c2c9a07080ca4430ec22d08810 134560 graphicsmagick_1.2.3-1.diff.gz
 6f9ec667eb3443d65afaf2756a90d0e2a6e41533 966216 graphicsmagick_1.2.3-1_amd64.deb
 dacf408a4cf04db9e85cf0050d4735ee5f42c0d6 1216204 libgraphicsmagick2_1.2.3-1_amd64.deb
 d216b1230b7ba6f4d04a1eddbae19869ff3b3782 1585690 libgraphicsmagick1-dev_1.2.3-1_amd64.deb
 4043053d16378075156c2549745a3269adfd3495 161512 libgraphicsmagick++2_1.2.3-1_amd64.deb
 76c3d8ba3e5bc199f245ff7c5645f28fd791e068 429942 libgraphicsmagick++1-dev_1.2.3-1_amd64.deb
 27cea4d5d3a035073816a83b4a5cc0f7be18db8a 88842 libgraphics-magick-perl_1.2.3-1_amd64.deb
 a0e7b83927135048611196626d0cef26a73427eb 2037744 graphicsmagick-dbg_1.2.3-1_amd64.deb
 b04516293ff06889b231a7f89b2f70cea1cac14d 13110 graphicsmagick-imagemagick-compat_1.2.3-1_all.deb
 8ef72c830c6349994264fbb353b0b0d710d9a658 16692 graphicsmagick-libmagick-dev-compat_1.2.3-1_all.deb
Checksums-Sha256: 
 2c1a0c5926bb5cc7ca0ea761e81ccb72d24cb399030f325522452f7012e47cfd 1492 graphicsmagick_1.2.3-1.dsc
 cdd952d3b355a34b02466498bc702b7e2eab8a11b80af958925e1297e344689b 6556228 graphicsmagick_1.2.3.orig.tar.gz
 4a25f08b95b8c1962b4d09505e08e0969edc2448298b065113a8ccfff634cab3 134560 graphicsmagick_1.2.3-1.diff.gz
 df4192b7003e84eda857c2bc74aff6c63e1bfc27f2eb66868e273cd0012a0110 966216 graphicsmagick_1.2.3-1_amd64.deb
 7f77bfdf19579b901a191e29877c336f710d251fa4fc3c7c48dbbc340d2d84ff 1216204 libgraphicsmagick2_1.2.3-1_amd64.deb
 50f455bcec388fad6915bea90819279fd94ed5be7344f2a3d661252aeb754460 1585690 libgraphicsmagick1-dev_1.2.3-1_amd64.deb
 1217747b34b6c119244ad27e8cb8b2985f67dcfe3e3b4a3146e4b2f9258db49d 161512 libgraphicsmagick++2_1.2.3-1_amd64.deb
 5ca49ee7947f3929cdf7e010545dc1ac4c5ae365d27559761af89ed4a632aecf 429942 libgraphicsmagick++1-dev_1.2.3-1_amd64.deb
 d6347df3430bb7850341f96613d4042935cc7a8ef93ddc981735e615e862f654 88842 libgraphics-magick-perl_1.2.3-1_amd64.deb
 3ca1f8a228c8692701f8f2b5a00b2a1a36e2c24693357b20068e4c9cf308acd3 2037744 graphicsmagick-dbg_1.2.3-1_amd64.deb
 529258d2732af2000ce45aa61d03803f45f59753ee223f58913805aeb3d3140c 13110 graphicsmagick-imagemagick-compat_1.2.3-1_all.deb
 43413aeb18a802c4fc4a0e3ccf73b05686bdab7f4483cbae7014c7f58201220e 16692 graphicsmagick-libmagick-dev-compat_1.2.3-1_all.deb
Files: 
 6d6cb803db825119043a2c83a6cc0422 1492 graphics optional graphicsmagick_1.2.3-1.dsc
 499c184ee447316241b3a9840605bc70 6556228 graphics optional graphicsmagick_1.2.3.orig.tar.gz
 9f59dd8abc8457c93ad24d9699e65156 134560 graphics optional graphicsmagick_1.2.3-1.diff.gz
 417d5ac43c19a14e6a0f2d8f2c625b86 966216 graphics optional graphicsmagick_1.2.3-1_amd64.deb
 c1e406f72e53b1765c252b81e6dfb83a 1216204 libs optional libgraphicsmagick2_1.2.3-1_amd64.deb
 c06178459998f3f445e1f3de48c9b6b9 1585690 libdevel optional libgraphicsmagick1-dev_1.2.3-1_amd64.deb
 0c9ace01e61bc813f16d794412166179 161512 libs optional libgraphicsmagick++2_1.2.3-1_amd64.deb
 8a4490ce51dfacdf70b80f08a95a3ac2 429942 libdevel optional libgraphicsmagick++1-dev_1.2.3-1_amd64.deb
 5e97bf28477ed3a76f6f4a04845d7651 88842 perl optional libgraphics-magick-perl_1.2.3-1_amd64.deb
 595fbb52ff9be4577952f6b388afee62 2037744 graphics extra graphicsmagick-dbg_1.2.3-1_amd64.deb
 f600e81740660d7e5bb4a7035b919a37 13110 graphics extra graphicsmagick-imagemagick-compat_1.2.3-1_all.deb
 f389d46ef768cd52d8c6e4bfadad1eed 16692 graphics extra graphicsmagick-libmagick-dev-compat_1.2.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkheYvMACgkQpOKIA4m/fiuRygCeM60TE0CjK72iaHD7oZqS/duV
iZwAoLR3QS7ZXaWZDoazibcZjKKT3MHM
=jhNe
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 May 2009 07:42:04 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 01:03:48 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.