Report forwarded
to debian-bugs-dist@lists.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>: Bug#856880; Package src:imagemagick.
(Sun, 05 Mar 2017 19:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>:
New Bug report received and forwarded. Copy sent to secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Sun, 05 Mar 2017 19:48:04 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.7.7.10-5.
Request was from Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
to submit@bugs.debian.org.
(Sun, 05 Mar 2017 19:48:04 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.8.9.9-5.
Request was from Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
to submit@bugs.debian.org.
(Sun, 05 Mar 2017 19:48:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>: Bug#856880; Package src:imagemagick.
(Mon, 06 Mar 2017 10:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Mon, 06 Mar 2017 10:03:06 GMT) (full text, mbox, link).
From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
To: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
Cc: 856878@bugs.debian.org, 856879@bugs.debian.org, 856880@bugs.debian.org,
856881@bugs.debian.org, 856882@bugs.debian.org,
ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Subject: Re: Multiple imagemagick RC bugs
Date: Mon, 6 Mar 2017 11:00:25 +0100
Hi Bastien!
Since all these aforementioned issues have already a patch available, these
bug reports should be tagged as "patch" so they don't show up in the list
of RC bugs anymore for which a patch doesn't exist yet [1].
This reduces the noise on the list and helps anyone who wants to work on
fixing RC bugs for the upcoming Debian Stretch release.
Thanks,
Adrian
> [1]
https://udd.debian.org/bugs/bugs/?release=stretch_and_sid&patch=ign&merged=ign&done=ign&fnewerval=7&rc=1&sortby=id&sorto=asc&ctags=1&ctags=1&cdeferred=1#results
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Information forwarded
to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>: Bug#856880; Package src:imagemagick.
(Mon, 06 Mar 2017 10:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Mon, 06 Mar 2017 10:15:05 GMT) (full text, mbox, link).
Added tag(s) patch.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to 856880-submit@bugs.debian.org.
(Mon, 06 Mar 2017 10:15:05 GMT) (full text, mbox, link).
Changed Bug title to 'CVE-2017-6499: Magick++ memory leak' from '[src:imagemagick] Fixed memory leak when creating nested exceptions in Magick++'.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to 856880-submit@bugs.debian.org.
(Mon, 06 Mar 2017 10:15:06 GMT) (full text, mbox, link).
Reply sent
to Bastien Roucariès <roucaries.bastien+debian@gmail.com>:
You have taken responsibility.
(Mon, 06 Mar 2017 12:09:09 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>:
Bug acknowledged by developer.
(Mon, 06 Mar 2017 12:09:09 GMT) (full text, mbox, link).
Subject: Bug#856880: fixed in imagemagick 8:6.9.7.4+dfsg-2
Date: Mon, 06 Mar 2017 12:05:45 +0000
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-2
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 856880@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+debian@gmail.com> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Mar 2017 23:21:36 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+debian@gmail.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 856878856879856880856881856882
Changes:
imagemagick (8:6.9.7.4+dfsg-2) unstable; urgency=high
.
* Fix a few security bugs:
+ Assertion failure in TGA coder (Closes: #856878).
Fix CVE-2017-6498.
+ Out of bound in sun file coder (Closes: #856879).
Fix CVE-2017-6500.
+ Memory leak in libmagick++ library (Closes: #856880).
Fix CVE-2017-6499.
+ Missing null pointer check in xcf coder (Closes: #856881)
and psd coder (Closes: #856882).
Fix CVE-2017-6501 and CVE-2017-6497.
Checksums-Sha1:
e579cb2fc7b64e51641383988d524c2e11fec752 5151 imagemagick_6.9.7.4+dfsg-2.dsc
982c025dd9024e72aa2d42c5908ff7d320336839 204576 imagemagick_6.9.7.4+dfsg-2.debian.tar.xz
bf9d03ceb177e444d6258a966b573a02e178f5ee 27080 imagemagick_6.9.7.4+dfsg-2_amd64.buildinfo
Checksums-Sha256:
fd2d0533eb7ae3a02166dc0b5e36f7a62edd391c7be1bc0b14c7ff3e3c64d1dc 5151 imagemagick_6.9.7.4+dfsg-2.dsc
91e916e8b5e70339d8b694400582cd104582e8a7da169f280f6c2b5bfa1946ca 204576 imagemagick_6.9.7.4+dfsg-2.debian.tar.xz
80fc59b52260846ea9d78c280cbea6a73e6e5ee01e485758a9f26a1c276ddb06 27080 imagemagick_6.9.7.4+dfsg-2_amd64.buildinfo
Files:
c1f4da51e8e6332f613c94ae2aa95381 5151 graphics optional imagemagick_6.9.7.4+dfsg-2.dsc
861797f7fa334ff7f5ec52bd1a269de1 204576 graphics optional imagemagick_6.9.7.4+dfsg-2.debian.tar.xz
7ec31d80b26451405b86b4a1a13170e3 27080 graphics optional imagemagick_6.9.7.4+dfsg-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAli9TFUACgkQADoaLapB
CF9/4A//fXCDJXfauhxdNHOdJPUEY619B5G4e+R9paffd+9FCcO/qRd5bxl2lCZ7
1tqgQAeSZpEhgrhZayijTgE6BZLvCFCji9bvG+e4D+ZCpZ1I0r/m/ONR8JDx9qb1
U4aj6jJeeb86hsnBBYEEBMr6DbSQszNBe8+J7ZTLc3JN4SiRUp96nEnSpnkTlOsx
E13QIzkO7LKOlOVh1i1woIN1ERzYCBbGqCNzAJ3JqmsWqIZxykRiv5hbMrH6F7uO
UC0h6FKxe3p8IJjfu2er9MclLYtmZ1zjo1qW5+D8ZvH1j6aakyQrGdfTAmXccxqJ
iXknMHZqvBCzAiWL2flx5YrvM1GcmIUF9gy2PzRMLYcP0YSNOpo3IUGCp8rZP5TH
0hObypET+Bdxc/BwpdThf/Qyedsjj11chMvLGOa1pBEHDWmYwpfTS1Befz9vRXHt
6GLHIWXRW/x4GeQiM5jd9k/Vo/zHOk0MfoZKjFlg7PLzHUJJ/MLxGAHLB2LcFQbB
GgtX/dh2mIEUjTjqpfIxkmoXRtgGEnkRDYfC08Qk/52FABj9SbaIBEToAHYxv2HB
2tDFCghnS59cmaYdUVP69RmBF+zjTbTA8e/PQc5kGGkpp7vdWqHhmAob6yAszllH
1ygQZ3peQG5koxVrHN/n64F8pZ6hnu2RXOFHqGkpnwJqH5pFbJM=
=nOfZ
-----END PGP SIGNATURE-----
Reply sent
to Bastien Roucariès <roucaries.bastien+debian@gmail.com>:
You have taken responsibility.
(Fri, 24 Mar 2017 12:36:14 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>:
Bug acknowledged by developer.
(Fri, 24 Mar 2017 12:36:14 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.