Debian Bug report logs - #530838
CVE-2009-1882: ImageMagick Integer Overflow Vulnerability

version graph

Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>; Source for imagemagick is src:imagemagick.

Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>

Date: Thu, 28 May 2009 07:15:02 UTC

Severity: serious

Tags: patch, security

Fixed in versions imagemagick/7:6.5.1.0-1.1, imagemagick/7:6.3.7.9.dfsg2-1~lenny3

Done: Luciano Bello <luciano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#530838; Package imagemagick. (Thu, 28 May 2009 07:15:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Thu, 28 May 2009 07:15:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [SA35216] ImageMagick "XMakeImage()" Integer Overflow Vulnerability
Date: Thu, 28 May 2009 09:12:20 +0200
Package: imagemagick
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

The following SA (Secunia Advisory) id was published for imagemagick:

SA35216[0]:

> DESCRIPTION:
> Tielei Wang has discovered a vulnerability in ImageMagick, which can
> be exploited by malicious people to potentially compromise a user's
> system.
> 
> The vulnerability is caused due to an integer overflow error within
> the "XMakeImage()" function in magick/xwindow.c. This can be
> exploited to cause a buffer overflow via e.g. a specially crafted
> TIFF file.
> 
> Successful exploitation may allow execution of arbitrary code.
> 
> The vulnerability is confirmed in version 6.5.2-8. Prior versions may
> also be affected.
> 
> SOLUTION:
> Update to version 6.5.2-9.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
> Security, Institute of Computer Science and Technology, Peking
> University)
> 
> ORIGINAL ADVISORY:
> ImageMagick:
> http://imagemagick.org/script/changelog.php


If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.


[0]http://secunia.com/advisories/35216/




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoeOU8ACgkQNxpp46476apsTACfeXUukW4HpJRAEzEv/EuPfOHZ
8sIAn2iR9jkY0FdIPJVJ6ewcY3UB853d
=yTEV
-----END PGP SIGNATURE-----




Bug 530838 cloned as bug 530946. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Thu, 28 May 2009 22:27:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#530838; Package imagemagick. (Fri, 29 May 2009 00:12:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Nelson A. de Oliveira" <naoliv@debian.org>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Fri, 29 May 2009 00:12:02 GMT) Full text and rfc822 format available.

Message #12 received at 530838@bugs.debian.org (full text, mbox):

From: "Nelson A. de Oliveira" <naoliv@debian.org>
To: Giuseppe Iuculano <giuseppe@iuculano.it>, 530838@bugs.debian.org
Cc: control@bugs.debian.org, security@debian.org
Subject: Re: Bug#530838: [SA35216] ImageMagick "XMakeImage()" Integer Overflow Vulnerability
Date: Thu, 28 May 2009 21:08:43 -0300
tags 530838 + patch
thanks

Hi!

On Thu, May 28, 2009 at 4:12 AM, Giuseppe Iuculano <giuseppe@iuculano.it> wrote:
> The following SA (Secunia Advisory) id was published for imagemagick:
>
> SA35216[0]:

Thanks for the bug report.
Unfortunately I won't have time to update it until maybe one week from now.

A patch is available at
http://people.debian.org/~naoliv/misc/imagemagick/SA35216.diff
This is the fix applied upstream (and upstream confirmed that this is
all the necessary things that need to be patched to fix the issue).

I would be very grateful if somebody could do a NMU for this fix,
while I don't have time for it (CCed security team).

Thank you very much!

Best regards,
Nelson




Tags added: patch Request was from "Nelson A. de Oliveira" <naoliv@debian.org> to control@bugs.debian.org. (Fri, 29 May 2009 00:12:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#530838; Package imagemagick. (Fri, 29 May 2009 10:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Fri, 29 May 2009 10:57:03 GMT) Full text and rfc822 format available.

Message #19 received at 530838@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 530838@bugs.debian.org
Cc: kobras@debian.org
Subject: intent to NMU
Date: Fri, 29 May 2009 12:53:12 +0200
[Message part 1 (text/plain, inline)]
Hi,
I intent to upload a 0-day NMU to fix this bug.

Daniel, are you taking care of graphicsmagick?

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[imagemagick-6.5.1.0-1_6.5.1.0-1.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Fri, 29 May 2009 11:45:05 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Fri, 29 May 2009 11:45:05 GMT) Full text and rfc822 format available.

Message #24 received at 530838-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 530838-close@bugs.debian.org
Subject: Bug#530838: fixed in imagemagick 7:6.5.1.0-1.1
Date: Fri, 29 May 2009 11:17:13 +0000
Source: imagemagick
Source-Version: 7:6.5.1.0-1.1

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:

imagemagick-dbg_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/imagemagick-dbg_6.5.1.0-1.1_amd64.deb
imagemagick-doc_6.5.1.0-1.1_all.deb
  to pool/main/i/imagemagick/imagemagick-doc_6.5.1.0-1.1_all.deb
imagemagick_6.5.1.0-1.1.diff.gz
  to pool/main/i/imagemagick/imagemagick_6.5.1.0-1.1.diff.gz
imagemagick_6.5.1.0-1.1.dsc
  to pool/main/i/imagemagick/imagemagick_6.5.1.0-1.1.dsc
imagemagick_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/imagemagick_6.5.1.0-1.1_amd64.deb
libmagick++-dev_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/libmagick++-dev_6.5.1.0-1.1_amd64.deb
libmagick++2_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/libmagick++2_6.5.1.0-1.1_amd64.deb
libmagickcore-dev_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/libmagickcore-dev_6.5.1.0-1.1_amd64.deb
libmagickcore2_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/libmagickcore2_6.5.1.0-1.1_amd64.deb
libmagickwand-dev_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/libmagickwand-dev_6.5.1.0-1.1_amd64.deb
libmagickwand2_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/libmagickwand2_6.5.1.0-1.1_amd64.deb
perlmagick_6.5.1.0-1.1_amd64.deb
  to pool/main/i/imagemagick/perlmagick_6.5.1.0-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 530838@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 29 May 2009 12:46:08 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-doc libmagickcore2 libmagickcore-dev libmagickwand2 libmagickwand-dev libmagick++2 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 7:6.5.1.0-1.1
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 imagemagick - image manipulation programs
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++2 - object-oriented C++ interface to ImageMagick
 libmagickcore-dev - low-level image manipulation library - development files
 libmagickcore2 - low-level image manipulation library
 libmagickwand-dev - image manipulation library - development files
 libmagickwand2 - image manipulation library
 perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 530838
Changes: 
 imagemagick (7:6.5.1.0-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Apply upstream patch to fix integer overflow in XMakeImage()
     (SA35216.diff; Closes: #530838).
Checksums-Sha1: 
 9a13ee1af2cbf6d1cfb02f08e6ab71973a986516 1848 imagemagick_6.5.1.0-1.1.dsc
 094f7b40dcdd4000ec664303fa864bc3c9a98dbf 35916 imagemagick_6.5.1.0-1.1.diff.gz
 15876af99c69da289afef82f4dcecddf53e1611b 94176 imagemagick_6.5.1.0-1.1_amd64.deb
 f2ca73fd3e4eeb14d728b0dedc98d7910bad6f2c 3659120 imagemagick-dbg_6.5.1.0-1.1_amd64.deb
 edadf3ff1d267ef58ec199a95c684b160ae80458 4140176 imagemagick-doc_6.5.1.0-1.1_all.deb
 68a8e6354dd4fa3f5dcbd520489105a6399b54c2 1732660 libmagickcore2_6.5.1.0-1.1_amd64.deb
 23be3c9e3838ecf3551da692a7ea6e6e62d1f4c8 3697108 libmagickcore-dev_6.5.1.0-1.1_amd64.deb
 ce6d1f48d43d8e114b08a316931f2e9fb7c81d5a 390004 libmagickwand2_6.5.1.0-1.1_amd64.deb
 e44720842055892cd7503f7ffd12dfc13ac6c205 462904 libmagickwand-dev_6.5.1.0-1.1_amd64.deb
 2d3a3c53409fed2ef18d49bff3865a251e8a1247 195226 libmagick++2_6.5.1.0-1.1_amd64.deb
 c0be759bd1417012cdd8008edae9ebf81dc3e72a 244776 libmagick++-dev_6.5.1.0-1.1_amd64.deb
 9f1bcfbbea0f29f902d5eb22f9b5825809190385 201454 perlmagick_6.5.1.0-1.1_amd64.deb
Checksums-Sha256: 
 ba1c2c1a65614cca0cf87e4cf9af20c21c108a736bb7e969ed7b2de3c1d4d969 1848 imagemagick_6.5.1.0-1.1.dsc
 013b40dedf6730f7ebec0b66cd87f5167f9ccd2fda9af1cf4a458f84b56fd3f3 35916 imagemagick_6.5.1.0-1.1.diff.gz
 3611f0ac4f487060daf44f83269c4ab562c479e1f131f923401f4e183853204c 94176 imagemagick_6.5.1.0-1.1_amd64.deb
 931bc4d140f051f575572c0fa9fa7a42082caba2b4c2b895a6748a0252ff815e 3659120 imagemagick-dbg_6.5.1.0-1.1_amd64.deb
 b65bc7ad9579b236829d1ea0162920df6c9b750f0fa29e7d4e2470bb6f3200e7 4140176 imagemagick-doc_6.5.1.0-1.1_all.deb
 3cf0f7fa4282828dec96f565d3aa7e5dc85920857fda3f04c4f26528a243a40a 1732660 libmagickcore2_6.5.1.0-1.1_amd64.deb
 5caf298979c6073601da1d4ee23bafd0946f1991e12d43c9986e65deade21744 3697108 libmagickcore-dev_6.5.1.0-1.1_amd64.deb
 6e696e0d7016e4cf45efe66b288d11b1b1826d0dff685760a3d2eb7c936ea6d5 390004 libmagickwand2_6.5.1.0-1.1_amd64.deb
 45a36d51186d6a913a8c75ef5cf765db16d1dfa41a596c726edc65ae7a84c508 462904 libmagickwand-dev_6.5.1.0-1.1_amd64.deb
 7b615c55467dc99b93d9f0da482ecbd60811aa7889c23f28b6ed772aa4fe0eea 195226 libmagick++2_6.5.1.0-1.1_amd64.deb
 60791aef1ad63150568715f933f3333601c12ab60f3c013695fda899df470dab 244776 libmagick++-dev_6.5.1.0-1.1_amd64.deb
 81e4dd8ea8fb5f77a2fa842f67d156bfb881ff5160daba6bd7d9b60c139f26ef 201454 perlmagick_6.5.1.0-1.1_amd64.deb
Files: 
 f459c00eb241e447bb55dcb64e913a3e 1848 graphics optional imagemagick_6.5.1.0-1.1.dsc
 5e087d4a0e56a2b22fa08ec2ee89a263 35916 graphics optional imagemagick_6.5.1.0-1.1.diff.gz
 a990d7dbff23e3955b9dc11614001e54 94176 graphics optional imagemagick_6.5.1.0-1.1_amd64.deb
 4f8b62a635461fcfabc620537e2adcc9 3659120 debug extra imagemagick-dbg_6.5.1.0-1.1_amd64.deb
 af0bccdb3588240cbaae82360c0cc9c9 4140176 doc optional imagemagick-doc_6.5.1.0-1.1_all.deb
 23421318a64dd682ab5d88014e422c6c 1732660 libs optional libmagickcore2_6.5.1.0-1.1_amd64.deb
 0195d201ee4abc5ab5404c097cbf0566 3697108 libdevel optional libmagickcore-dev_6.5.1.0-1.1_amd64.deb
 56b817c29745944ccada81a361d2cf1a 390004 libs optional libmagickwand2_6.5.1.0-1.1_amd64.deb
 9b1f0b83c6e16b02c75f875d0bc370e0 462904 libdevel optional libmagickwand-dev_6.5.1.0-1.1_amd64.deb
 99c58a7ffbd66a047cf0f2c714b16030 195226 libs optional libmagick++2_6.5.1.0-1.1_amd64.deb
 ce501b45b4fa3bcf246b9bc1b151eecd 244776 libdevel optional libmagick++-dev_6.5.1.0-1.1_amd64.deb
 e503b50831b6f1f3acfb6531c1c23ad5 201454 perl optional perlmagick_6.5.1.0-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkofwVcACgkQHYflSXNkfP/UpACfYSxyMxrSPwC/zYoMxOztT6aC
DOQAn1qNt4Cjw7et6GYaMfHaooJrkJt/
=S+ZZ
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#530838; Package imagemagick. (Thu, 04 Jun 2009 06:30:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Thu, 04 Jun 2009 06:30:02 GMT) Full text and rfc822 format available.

Message #29 received at 530838@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: 530838@bugs.debian.org, 530946@bugs.debian.org
Cc: control@bugs.debian.org
Subject: CVE-2009-1882
Date: Thu, 04 Jun 2009 08:22:10 +0200
[Message part 1 (text/plain, inline)]
retitle 530946 CVE-2009-1882: ImageMagick Integer Overflow Vulnerability
retitle 530838 CVE-2009-1882: ImageMagick Integer Overflow Vulnerability
thanks


This issue got a CVE id:

CVE-2009-1882[0]:
| Integer overflow in the XMakeImage function in magick/xwindow.c in
| ImageMagick 6.5.2-8 allows remote attackers to cause a denial of
| service (crash) and possibly execute arbitrary code via a crafted TIFF
| file, which triggers a buffer overflow.  NOTE: some of these details
| are obtained from third party information.


For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882
    http://security-tracker.debian.net/tracker/CVE-2009-1882

[signature.asc (application/pgp-signature, attachment)]

Changed Bug title to `CVE-2009-1882: ImageMagick Integer Overflow Vulnerability' from `[SA35216] ImageMagick "XMakeImage()" Integer Overflow Vulnerability'. Request was from Giuseppe Iuculano <giuseppe@iuculano.it> to control@bugs.debian.org. (Thu, 04 Jun 2009 06:30:05 GMT) Full text and rfc822 format available.

Reply sent to Luciano Bello <luciano@debian.org>:
You have taken responsibility. (Wed, 12 Aug 2009 20:39:05 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Wed, 12 Aug 2009 20:39:06 GMT) Full text and rfc822 format available.

Message #36 received at 530838-close@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: 530838-close@bugs.debian.org
Subject: Bug#530838: fixed in imagemagick 7:6.3.7.9.dfsg2-1~lenny3
Date: Wed, 12 Aug 2009 19:57:16 +0000
Source: imagemagick
Source-Version: 7:6.3.7.9.dfsg2-1~lenny3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:

imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
  to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
  to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 530838@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 07 Aug 2009 19:56:02 -0300
Source: imagemagick
Binary: imagemagick libmagick10 libmagick9-dev libmagick++10 libmagick++9-dev perlmagick
Architecture: source i386
Version: 7:6.3.7.9.dfsg2-1~lenny3
Distribution: stable-security
Urgency: high
Maintainer: Luciano Bello <luciano@debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 imagemagick - image manipulation programs
 libmagick++10 - C++ API to the ImageMagick library
 libmagick++9-dev - C++ API to the ImageMagick library - development files
 libmagick10 - image manipulation library
 libmagick9-dev - image manipulation library - development files
 perlmagick - Perl interface to the libMagick graphics routines
Closes: 530838
Changes: 
 imagemagick (7:6.3.7.9.dfsg2-1~lenny3) stable-security; urgency=high
 .
   * Apply upstream patch to fix integer overflow in XMakeImage()
   (CVE-2009-1882). Closes: #530838
Checksums-Sha1: 
 70f5f44cddfdee775781d91a641e4db0707fd44a 1714 imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
 1acad213a7ec314dddf017e2c459fea8d4a6076b 8227844 imagemagick_6.3.7.9.dfsg2.orig.tar.gz
 ca45e53c666a3a81c8126b4b94d1e53ce2e3353c 88277 imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
 762a20a70af76068c2177ff5da8f4b8cafca6f9e 1428358 imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
 ae5ca7b58cb93b0eb5633456cc4bdf2a4f774d47 4027048 libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 2b9ea1fbcc4a2dd85d235c3ce8bf0d4a3f92fd9b 1195668 libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 820afb04382a18de6f063e3e1109e65e3af4caa9 174864 libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 7ea40976d8c4d18776a390fb5f312923ae5c4cd7 202288 libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 ba219b7906114f3a5f8f32d32e790d096cc81bef 170000 perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
Checksums-Sha256: 
 d4f3d8c15616f34ed0c2bdd9c78f98399a441505a6d9b6c3d4aea7e7cdb6a569 1714 imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
 681fe3dc1ff9671e38c4409396baaa03dc5331df2c6fc16648c139db24fcd813 8227844 imagemagick_6.3.7.9.dfsg2.orig.tar.gz
 c25ac73dd33252de7c610b9fc742329554df4f8297401ccf9524ba4943d3b714 88277 imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
 b06491a0b71666ece8a6f2f084b917638a1aeeab74bd7289d537a514d6c02530 1428358 imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
 b52b9a47a7abe0466f3a6b81e2e7bf0e76123971c6ec4bbf86ca373f83002b90 4027048 libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 a58ef321d5ff681b2ef143297e434752e5c66577574dff58a646520f6403c5f3 1195668 libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 b90119c925b65f2a40fe6a0bd03b42c6f0b117c3722afe6b285551ec5d533a88 174864 libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 ede1961e9fd89c12f9ff075e901999fa8941a08b1038422287a2bdb4afa65f3a 202288 libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 80a9fbcc0cd2a9ca602e68c6b6bf42d2f4f30239abb6be11e7a2ed74a4b368bb 170000 perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
Files: 
 22f4afd84d6362ebceb44ceaead527b9 1714 graphics optional imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
 14425de4d5d78b7726973af967e1f9e6 8227844 graphics optional imagemagick_6.3.7.9.dfsg2.orig.tar.gz
 49ac2394a701ce7bf273dfa76d27b24d 88277 graphics optional imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
 b6770fe23b426f787145f155ecc96cbf 1428358 graphics optional imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
 3dac656cd42811ff7c57e39a37992f28 4027048 libs optional libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 70bc31bb80ec24755d3ee398db3599d8 1195668 libdevel optional libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 ef32b51ff99d7b2f2b1948710024349f 174864 libs optional libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 c70896121f72ba54e6cde6fe39a880e9 202288 libdevel optional libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 9246afbdf5752af72e1ae72fb2cef44b 170000 perl optional perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp+5y0ACgkQQWTRs4lLtHmq+ACeJIgb22kUAlAvaYyHr0ChwBSu
m+EAnj/jOzuaKxff2dnDUzmKYKjsZQhf
=VxID
-----END PGP SIGNATURE-----





Reply sent to Luciano Bello <luciano@debian.org>:
You have taken responsibility. (Fri, 04 Sep 2009 19:18:04 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Fri, 04 Sep 2009 19:18:04 GMT) Full text and rfc822 format available.

Message #41 received at 530838-close@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: 530838-close@bugs.debian.org
Subject: Bug#530838: fixed in imagemagick 7:6.3.7.9.dfsg2-1~lenny3
Date: Fri, 04 Sep 2009 18:32:06 +0000
Source: imagemagick
Source-Version: 7:6.3.7.9.dfsg2-1~lenny3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:

imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
  to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
  to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
  to pool/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 530838@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 07 Aug 2009 19:56:02 -0300
Source: imagemagick
Binary: imagemagick libmagick10 libmagick9-dev libmagick++10 libmagick++9-dev perlmagick
Architecture: source i386
Version: 7:6.3.7.9.dfsg2-1~lenny3
Distribution: stable-security
Urgency: high
Maintainer: Luciano Bello <luciano@debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 imagemagick - image manipulation programs
 libmagick++10 - C++ API to the ImageMagick library
 libmagick++9-dev - C++ API to the ImageMagick library - development files
 libmagick10 - image manipulation library
 libmagick9-dev - image manipulation library - development files
 perlmagick - Perl interface to the libMagick graphics routines
Closes: 530838
Changes: 
 imagemagick (7:6.3.7.9.dfsg2-1~lenny3) stable-security; urgency=high
 .
   * Apply upstream patch to fix integer overflow in XMakeImage()
   (CVE-2009-1882). Closes: #530838
Checksums-Sha1: 
 70f5f44cddfdee775781d91a641e4db0707fd44a 1714 imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
 1acad213a7ec314dddf017e2c459fea8d4a6076b 8227844 imagemagick_6.3.7.9.dfsg2.orig.tar.gz
 ca45e53c666a3a81c8126b4b94d1e53ce2e3353c 88277 imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
 762a20a70af76068c2177ff5da8f4b8cafca6f9e 1428358 imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
 ae5ca7b58cb93b0eb5633456cc4bdf2a4f774d47 4027048 libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 2b9ea1fbcc4a2dd85d235c3ce8bf0d4a3f92fd9b 1195668 libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 820afb04382a18de6f063e3e1109e65e3af4caa9 174864 libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 7ea40976d8c4d18776a390fb5f312923ae5c4cd7 202288 libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 ba219b7906114f3a5f8f32d32e790d096cc81bef 170000 perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
Checksums-Sha256: 
 d4f3d8c15616f34ed0c2bdd9c78f98399a441505a6d9b6c3d4aea7e7cdb6a569 1714 imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
 681fe3dc1ff9671e38c4409396baaa03dc5331df2c6fc16648c139db24fcd813 8227844 imagemagick_6.3.7.9.dfsg2.orig.tar.gz
 c25ac73dd33252de7c610b9fc742329554df4f8297401ccf9524ba4943d3b714 88277 imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
 b06491a0b71666ece8a6f2f084b917638a1aeeab74bd7289d537a514d6c02530 1428358 imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
 b52b9a47a7abe0466f3a6b81e2e7bf0e76123971c6ec4bbf86ca373f83002b90 4027048 libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 a58ef321d5ff681b2ef143297e434752e5c66577574dff58a646520f6403c5f3 1195668 libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 b90119c925b65f2a40fe6a0bd03b42c6f0b117c3722afe6b285551ec5d533a88 174864 libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 ede1961e9fd89c12f9ff075e901999fa8941a08b1038422287a2bdb4afa65f3a 202288 libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 80a9fbcc0cd2a9ca602e68c6b6bf42d2f4f30239abb6be11e7a2ed74a4b368bb 170000 perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
Files: 
 22f4afd84d6362ebceb44ceaead527b9 1714 graphics optional imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
 14425de4d5d78b7726973af967e1f9e6 8227844 graphics optional imagemagick_6.3.7.9.dfsg2.orig.tar.gz
 49ac2394a701ce7bf273dfa76d27b24d 88277 graphics optional imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
 b6770fe23b426f787145f155ecc96cbf 1428358 graphics optional imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
 3dac656cd42811ff7c57e39a37992f28 4027048 libs optional libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 70bc31bb80ec24755d3ee398db3599d8 1195668 libdevel optional libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 ef32b51ff99d7b2f2b1948710024349f 174864 libs optional libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
 c70896121f72ba54e6cde6fe39a880e9 202288 libdevel optional libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
 9246afbdf5752af72e1ae72fb2cef44b 170000 perl optional perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp+5y0ACgkQQWTRs4lLtHmq+ACeJIgb22kUAlAvaYyHr0ChwBSu
m+EAnj/jOzuaKxff2dnDUzmKYKjsZQhf
=VxID
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Nov 2009 07:38:11 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 23:47:36 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.