Debian Bug report logs - #878511
graphicsmagick: CVE-2017-13737

version graph

Package: src:graphicsmagick; Maintainer for src:graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 14 Oct 2017 09:24:01 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in version graphicsmagick/1.3.26-1

Fixed in version graphicsmagick/1.3.26-15

Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#878511; Package src:graphicsmagick. (Sat, 14 Oct 2017 09:24:03 GMT) (full text, mbox, link).


Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Sat, 14 Oct 2017 09:24:03 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: graphicsmagick: CVE-2017-13737
Date: Sat, 14 Oct 2017 11:20:50 +0200
Source: graphicsmagick
Version: 1.3.26-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for graphicsmagick.

CVE-2017-13737[0]:
| There is an invalid free in the MagickFree function in magick/memory.c
| in GraphicsMagick 1.3.26 that will lead to a remote denial of service
| attack.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13737
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13737
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1484196

In [1] there was raised the question if this is actually a tiff bug,
and fixed already in 4.0.8. But I tried on an unstable system, with

graphicsmagick 1.3.26-14
libtiff5 4.0.8-5

----cut---------cut---------cut---------cut---------cut---------cut-----
$ gdb --args gm montage ./POC1 /dev/null
GNU gdb (Debian 7.12-6+b1) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from gm...Reading symbols from /usr/lib/debug/.build-id/aa/32c79ad494cd49bec1714fd719b635a8701413.debug...done.
done.
(gdb) r
Starting program: /usr/bin/gm montage ./POC1 /dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
*** Error in `/usr/bin/gm': free(): invalid next size (fast): 0x000055555576ce90 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7ffff7115bfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7ffff711bfc6]
/lib/x86_64-linux-gnu/libc.so.6(+0x7780e)[0x7ffff711c80e]
/usr/lib/libGraphicsMagick-Q16.so.3(+0x22915b)[0x7ffff7ab715b]
/usr/lib/libGraphicsMagick-Q16.so.3(ReadImage+0x1c8)[0x7ffff79475d8]
/usr/lib/libGraphicsMagick-Q16.so.3(MontageImageCommand+0xa44)[0x7ffff7933ad4]
/usr/lib/libGraphicsMagick-Q16.so.3(MagickCommand+0x194)[0x7ffff7916a94]
/usr/lib/libGraphicsMagick-Q16.so.3(+0x89ae6)[0x7ffff7917ae6]
/usr/lib/libGraphicsMagick-Q16.so.3(GMCommand+0x2e)[0x7ffff793a45e]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7ffff70c52e1]
/usr/bin/gm(+0x66a)[0x55555555466a]
======= Memory map: ========
555555554000-555555555000 r-xp 00000000 fd:00 269963                     /usr/bin/gm
555555754000-555555755000 r--p 00000000 fd:00 269963                     /usr/bin/gm
555555755000-555555756000 rw-p 00001000 fd:00 269963                     /usr/bin/gm
555555756000-555555788000 rw-p 00000000 00:00 0                          [heap]
7fffe8000000-7fffe8021000 rw-p 00000000 00:00 0
7fffe8021000-7fffec000000 ---p 00000000 00:00 0
7fffefbe5000-7ffff10d3000 rw-p 00000000 00:00 0
7ffff10d3000-7ffff10e9000 r-xp 00000000 fd:00 524299                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff10e9000-7ffff12e8000 ---p 00016000 fd:00 524299                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff12e8000-7ffff12e9000 r--p 00015000 fd:00 524299                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff12e9000-7ffff12ea000 rw-p 00016000 fd:00 524299                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff12ea000-7ffff145a000 r-xp 00000000 fd:00 262666                     /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.24
7ffff145a000-7ffff165a000 ---p 00170000 fd:00 262666                     /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.24
7ffff165a000-7ffff1664000 r--p 00170000 fd:00 262666                     /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.24
7ffff1664000-7ffff1666000 rw-p 0017a000 fd:00 262666                     /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.24
7ffff1666000-7ffff1669000 rw-p 00000000 00:00 0
7ffff1669000-7ffff166e000 r-xp 00000000 fd:00 264024                     /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7ffff166e000-7ffff186d000 ---p 00005000 fd:00 264024                     /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7ffff186d000-7ffff186e000 r--p 00004000 fd:00 264024                     /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7ffff186e000-7ffff186f000 rw-p 00005000 fd:00 264024                     /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7ffff186f000-7ffff1871000 r-xp 00000000 fd:00 273208                     /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7ffff1871000-7ffff1a71000 ---p 00002000 fd:00 273208                     /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7ffff1a71000-7ffff1a72000 r--p 00002000 fd:00 273208                     /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7ffff1a72000-7ffff1a73000 rw-p 00003000 fd:00 273208                     /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7ffff1a73000-7ffff1a7a000 r-xp 00000000 fd:00 525221                     /lib/x86_64-linux-gnu/librt-2.24.so
7ffff1a7a000-7ffff1c79000 ---p 00007000 fd:00 525221                     /lib/x86_64-linux-gnu/librt-2.24.so
7ffff1c79000-7ffff1c7a000 r--p 00006000 fd:00 525221                     /lib/x86_64-linux-gnu/librt-2.24.so
7ffff1c7a000-7ffff1c7b000 rw-p 00007000 fd:00 525221                     /lib/x86_64-linux-gnu/librt-2.24.so
7ffff1c7b000-7ffff34f7000 r-xp 00000000 fd:00 271415                     /usr/lib/x86_64-linux-gnu/libicudata.so.57.1
7ffff34f7000-7ffff36f6000 ---p 0187c000 fd:00 271415                     /usr/lib/x86_64-linux-gnu/libicudata.so.57.1
7ffff36f6000-7ffff36f7000 r--p 0187b000 fd:00 271415                     /usr/lib/x86_64-linux-gnu/libicudata.so.57.1
7ffff36f7000-7ffff36f8000 rw-p 0187c000 fd:00 271415                     /usr/lib/x86_64-linux-gnu/libicudata.so.57.1
7ffff36f8000-7ffff388c000 r-xp 00000000 fd:00 271422                     /usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
7ffff388c000-7ffff3a8b000 ---p 00194000 fd:00 271422                     /usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
7ffff3a8b000-7ffff3a9d000 r--p 00193000 fd:00 271422                     /usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
7ffff3a9d000-7ffff3a9e000 rw-p 001a5000 fd:00 271422                     /usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
7ffff3a9e000-7ffff3aa0000 rw-p 00000000 00:00 0
7ffff3aa0000-7ffff3d0b000 r-xp 00000000 fd:00 271416                     /usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
7ffff3d0b000-7ffff3f0a000 ---p 0026b000 fd:00 271416                     /usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
7ffff3f0a000-7ffff3f17000 r--p 0026a000 fd:00 271416                     /usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
7ffff3f17000-7ffff3f19000 rw-p 00277000 fd:00 271416                     /usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
7ffff3f19000-7ffff3f1a000 rw-p 00000000 00:00 0
7ffff3f1a000-7ffff3f41000 r-xp 00000000 fd:00 262444                     /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7ffff3f41000-7ffff4140000 ---p 00027000 fd:00 262444                     /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7ffff4140000-7ffff4141000 r--p 00026000 fd:00 262444                     /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7ffff4141000-7ffff4142000 rw-p 00027000 fd:00 262444                     /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7ffff4142000-7ffff4155000 r-xp 00000000 fd:00 524388                     /lib/x86_64-linux-gnu/libbsd.so.0.8.6
7ffff4155000-7ffff4354000 ---p 00013000 fd:00 524388                     /lib/x86_64-linux-gnu/libbsd.so.0.8.6
7ffff4354000-7ffff4355000 r--p 00012000 fd:00 524388                     /lib/x86_64-linux-gnu/libbsd.so.0.8.6
7ffff4355000-7ffff4356000 rw-p 00013000 fd:00 524388                     /lib/x86_64-linux-gnu/libbsd.so.0.8.6
7ffff4356000-7ffff4357000 rw-p 00000000 00:00 0
7ffff4357000-7ffff435b000 r-xp 00000000 fd:00 528520                     /lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff435b000-7ffff455a000 ---p 00004000 fd:00 528520                     /lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff455a000-7ffff455b000 r--p 00003000 fd:00 528520                     /lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff455b000-7ffff455c000 rw-p 00004000 fd:00 528520                     /lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff455c000-7ffff455e000 r-xp 00000000 fd:00 524418                     /lib/x86_64-linux-gnu/libdl-2.24.so
7ffff455e000-7ffff475e000 ---p 00002000 fd:00 524418                     /lib/x86_64-linux-gnu/libdl-2.24.so
7ffff475e000-7ffff475f000 r--p 00002000 fd:00 524418                     /lib/x86_64-linux-gnu/libdl-2.24.so
7ffff475f000-7ffff4760000 rw-p 00003000 fd:00 524418                     /lib/x86_64-linux-gnu/libdl-2.24.so
7ffff4760000-7ffff4863000 r-xp 00000000 fd:00 524422                     /lib/x86_64-linux-gnu/libm-2.24.so
7ffff4863000-7ffff4a62000 ---p 00103000 fd:00 524422                     /lib/x86_64-linux-gnu/libm-2.24.so
7ffff4a62000-7ffff4a63000 r--p 00102000 fd:00 524422                     /lib/x86_64-linux-gnu/libm-2.24.so
7ffff4a63000-7ffff4a64000 rw-p 00103000 fd:00 524422                     /lib/x86_64-linux-gnu/libm-2.24.so
7ffff4a64000-7ffff4a7d000 r-xp 00000000 fd:00 524383                     /lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff4a7d000-7ffff4c7c000 ---p 00019000 fd:00 524383                     /lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff4c7c000-7ffff4c7d000 r--p 00018000 fd:00 524383                     /lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff4c7d000-7ffff4c7e000 rw-p 00019000 fd:00 524383                     /lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff4c7e000-7ffff4e35000 r-xp 00000000 fd:00 262792                     /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
7ffff4e35000-7ffff5035000 ---p 001b7000 fd:00 262792                     /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
7ffff5035000-7ffff503d000 r--p 001b7000 fd:00 262792                     /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
7ffff503d000-7ffff503f000 rw-p 001bf000 fd:00 262792                     /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
7ffff503f000-7ffff5040000 rw-p 00000000 00:00 0
7ffff5040000-7ffff504f000 r-xp 00000000 fd:00 524598                     /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff504f000-7ffff524e000 ---p 0000f000 fd:00 524598                     /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff524e000-7ffff524f000 r--p 0000e000 fd:00 524598                     /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff524f000-7ffff5250000 rw-p 0000f000 fd:00 524598                     /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff5250000-7ffff5275000 r-xp 00000000 fd:00 524413                     /lib/x86_64-linux-gnu/liblzma.so.5.2.2
7ffff5275000-7ffff5474000 ---p 00025000 fd:00 524413                     /lib/x86_64-linux-gnu/liblzma.so.5.2.2
7ffff5474000-7ffff5475000 r--p 00024000 fd:00 524413                     /lib/x86_64-linux-gnu/liblzma.so.5.2.2
7ffff5475000-7ffff5476000 rw-p 00025000 fd:00 524413                     /lib/x86_64-linux-gnu/liblzma.so.5.2.2
7ffff5476000-7ffff55b0000 r-xp 00000000 fd:00 262209                     /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7ffff55b0000-7ffff57b0000 ---p 0013a000 fd:00 262209                     /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7ffff57b0000-7ffff57b1000 r--p 0013a000 fd:00 262209                     /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7ffff57b1000-7ffff57b6000 rw-p 0013b000 fd:00 262209                     /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7ffff57b6000-7ffff57cd000 r-xp 00000000 fd:00 283799                     /usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7ffff57cd000-7ffff59cd000 ---p 00017000 fd:00 283799                     /usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7ffff59cd000-7ffff59ce000 r--p 00017000 fd:00 283799                     /usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7ffff59ce000-7ffff59cf000 rw-p 00018000 fd:00 283799                     /usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7ffff59cf000-7ffff59d3000 rw-p 00000000 00:00 0
7ffff59d3000-7ffff59da000 r-xp 00000000 fd:00 283801                     /usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7ffff59da000-7ffff5bd9000 ---p 00007000 fd:00 283801                     /usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7ffff5bd9000-7ffff5bda000 r--p 00006000 fd:00 283801                     /usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7ffff5bda000-7ffff5bdb000 rw-p 00007000 fd:00 283801                     /usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7ffff5bdb000-7ffff5bec000 r-xp 00000000 fd:00 262622                     /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7ffff5bec000-7ffff5deb000 ---p 00011000 fd:00 262622                     /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7ffff5deb000-7ffff5dec000 r--p 00010000 fd:00 262622                     /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7ffff5dec000-7ffff5ded000 rw-p 00011000 fd:00 262622                     /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7ffff5ded000-7ffff5e0b000 r-xp 00000000 fd:00 292288                     /usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7.0.1
7ffff5e0b000-7ffff600a000 ---p 0001e000 fd:00 292288                     /usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7.0.1
7ffff600a000-7ffff600b000 r--p 0001d000 fd:00 292288                     /usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7.0.1
7ffff600b000-7ffff600c000 rw-p 0001e000 fd:00 292288                     /usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7.0.1
7ffff600c000-7ffff603e000 r-xp 00000000 fd:00 265762                     /usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0
7ffff603e000-7ffff623d000 ---p 00032000 fd:00 265762                     /usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0
7ffff623d000-7ffff623e000 r--p 00031000 fd:00 265762                     /usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0
7ffff623e000-7ffff623f000 rw-p 00032000 fd:00 265762                     /usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0
7ffff623f000-7ffff62a6000 r-xp 00000000 fd:00 268837                     /usr/lib/x86_64-linux-gnu/libjpeg.so.62.2.0
7ffff62a6000-7ffff64a6000 ---p 00067000 fd:00 268837                     /usr/lib/x86_64-linux-gnu/libjpeg.so.62.2.0
7ffff64a6000-7ffff64a7000 r--p 00067000 fd:00 268837                     /usr/lib/x86_64-linux-gnu/libjpeg.so.62.2.0
7ffff64a7000-7ffff64a8000 rw-p 00068000 fd:00 268837                     /usr/lib/x86_64-linux-gnu/libjpeg.so.62.2.0
7ffff64a8000-7ffff6556000 r-xp 00000000 fd:00 280816                     /usr/lib/x86_64-linux-gnu/libfreetype.so.6.14.0
7ffff6556000-7ffff6755000 ---p 000ae000 fd:00 280816                     /usr/lib/x86_64-linux-gnu/libfreetype.so.6.14.0
7ffff6755000-7ffff675c000 r--p 000ad000 fd:00 280816                     /usr/lib/x86_64-linux-gnu/libfreetype.so.6.14.0
7ffff675c000-7ffff675d000 rw-p 000b4000 fd:00 280816                     /usr/lib/x86_64-linux-gnu/libfreetype.so.6.14.0
7ffff675d000-7ffff67d0000 r-xp 00000000 fd:00 278111                     /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
7ffff67d0000-7ffff69cf000 ---p 00073000 fd:00 278111                     /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
7ffff69cf000-7ffff69d3000 r--p 00072000 fd:00 278111                     /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
7ffff69d3000-7ffff69d4000 rw-p 00076000 fd:00 278111                     /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
7ffff69d4000-7ffff6a2a000 r-xp 00000000 fd:00 285298                     /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8
7ffff6a2a000-7ffff6c29000 ---p 00056000 fd:00 285298                     /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8
7ffff6c29000-7ffff6c2b000 r--p 00055000 fd:00 285298                     /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8
7ffff6c2b000-7ffff6c2f000 rw-p 00057000 fd:00 285298                     /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8
7ffff6c2f000-7ffff6c30000 rw-p 00000000 00:00 0
7ffff6c30000-7ffff6c94000 r-xp 00000000 fd:00 273346                     /usr/lib/x86_64-linux-gnu/libwebp.so.6.0.1
7ffff6c94000-7ffff6e93000 ---p 00064000 fd:00 273346                     /usr/lib/x86_64-linux-gnu/libwebp.so.6.0.1
7ffff6e93000-7ffff6e94000 r--p 00063000 fd:00 273346                     /usr/lib/x86_64-linux-gnu/libwebp.so.6.0.1
7ffff6e94000-7ffff6e95000 rw-p 00064000 fd:00 273346                     /usr/lib/x86_64-linux-gnu/libwebp.so.6.0.1
7ffff6e95000-7ffff6e97000 rw-p 00000000 00:00 0
7ffff6e97000-7ffff6ea2000 r-xp 00000000 fd:00 285632                     /usr/lib/x86_64-linux-gnu/libjbig.so.0
7ffff6ea2000-7ffff70a1000 ---p 0000b000 fd:00 285632                     /usr/lib/x86_64-linux-gnu/libjbig.so.0
7ffff70a1000-7ffff70a2000 r--p 0000a000 fd:00 285632                     /usr/lib/x86_64-linux-gnu/libjbig.so.0
7ffff70a2000-7ffff70a5000 rw-p 0000b000 fd:00 285632                     /usr/lib/x86_64-linux-gnu/libjbig.so.0
7ffff70a5000-7ffff7238000 r-xp 00000000 fd:00 524379                     /lib/x86_64-linux-gnu/libc-2.24.so
7ffff7238000-7ffff7438000 ---p 00193000 fd:00 524379                     /lib/x86_64-linux-gnu/libc-2.24.so
7ffff7438000-7ffff743c000 r--p 00193000 fd:00 524379                     /lib/x86_64-linux-gnu/libc-2.24.so
7ffff743c000-7ffff743e000 rw-p 00197000 fd:00 524379                     /lib/x86_64-linux-gnu/libc-2.24.so
7ffff743e000-7ffff7442000 rw-p 00000000 00:00 0
7ffff7442000-7ffff745a000 r-xp 00000000 fd:00 525210                     /lib/x86_64-linux-gnu/libpthread-2.24.so
7ffff745a000-7ffff7659000 ---p 00018000 fd:00 525210                     /lib/x86_64-linux-gnu/libpthread-2.24.so
7ffff7659000-7ffff765a000 r--p 00017000 fd:00 525210                     /lib/x86_64-linux-gnu/libpthread-2.24.so
7ffff765a000-7ffff765b000 rw-p 00018000 fd:00 525210                     /lib/x86_64-linux-gnu/libpthread-2.24.so
7ffff765b000-7ffff765f000 rw-p 00000000 00:00 0
7ffff765f000-7ffff768c000 r-xp 00000000 fd:00 262814                     /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7ffff768c000-7ffff788c000 ---p 0002d000 fd:00 262814                     /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7ffff788c000-7ffff788d000 r--p 0002d000 fd:00 262814                     /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7ffff788d000-7ffff788e000 rw-p 0002e000 fd:00 262814                     /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7ffff788e000-7ffff7b45000 r-xp 00000000 fd:00 299164                     /usr/lib/libGraphicsMagick-Q16.so.3.16.0
7ffff7b45000-7ffff7d45000 ---p 002b7000 fd:00 299164                     /usr/lib/libGraphicsMagick-Q16.so.3.16.0
7ffff7d45000-7ffff7d9d000 r--p 002b7000 fd:00 299164                     /usr/lib/libGraphicsMagick-Q16.so.3.16.0
7ffff7d9d000-7ffff7dc0000 rw-p 0030f000 fd:00 299164                     /usr/lib/libGraphicsMagick-Q16.so.3.16.0
7ffff7dc0000-7ffff7dd9000 rw-p 00000000 00:00 0
7ffff7dd9000-7ffff7dfc000 r-xp 00000000 fd:00 524317                     /lib/x86_64-linux-gnu/ld-2.24.so
7ffff7e4a000-7ffff7e9b000 r--p 00000000 fd:00 265503                     /usr/lib/locale/aa_DJ.utf8/LC_CTYPE
7ffff7e9b000-7ffff7fcb000 r--p 00000000 fd:00 265502                     /usr/lib/locale/aa_DJ.utf8/LC_COLLATE
7ffff7fcb000-7ffff7fdc000 rw-p 00000000 00:00 0
7ffff7fe2000-7ffff7fe3000 rw-p 00000000 00:00 0
7ffff7fe3000-7ffff7fe4000 r--p 00000000 fd:00 265740                     /usr/lib/locale/aa_ET/LC_NUMERIC
7ffff7fe4000-7ffff7fe5000 r--p 00000000 fd:00 310047                     /usr/lib/locale/en_US.utf8/LC_TIME
7ffff7fe5000-7ffff7fe6000 r--p 00000000 fd:00 309676                     /usr/lib/locale/chr_US/LC_MONETARY
7ffff7fe6000-7ffff7fe7000 r--p 00000000 fd:00 309892                     /usr/lib/locale/en_AG/LC_MESSAGES/SYS_LC_MESSAGES
7ffff7fe7000-7ffff7fe8000 r--p 00000000 fd:00 309678                     /usr/lib/locale/chr_US/LC_PAPER
7ffff7fe8000-7ffff7fe9000 r--p 00000000 fd:00 309677                     /usr/lib/locale/chr_US/LC_NAME
7ffff7fe9000-7ffff7fea000 r--p 00000000 fd:00 310045                     /usr/lib/locale/en_US.utf8/LC_ADDRESS
7ffff7fea000-7ffff7feb000 r--p 00000000 fd:00 309679                     /usr/lib/locale/chr_US/LC_TELEPHONE
7ffff7feb000-7ffff7fec000 r--p 00000000 fd:00 309674                     /usr/lib/locale/chr_US/LC_MEASUREMENT
7ffff7fec000-7ffff7ff3000 r--s 00000000 fd:00 338332                     /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7ffff7ff3000-7ffff7ff4000 r--p 00000000 fd:00 310046                     /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
7ffff7ff4000-7ffff7ff7000 rw-p 00000000 00:00 0
7ffff7ff7000-7ffff7ffa000 r--p 00000000 00:00 0                          [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00023000 fd:00 524317                     /lib/x86_64-linux-gnu/ld-2.24.so
7ffff7ffd000-7ffff7ffe000 rw-p 00024000 fd:00 524317                     /lib/x86_64-linux-gnu/ld-2.24.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff70d942a in __GI_abort () at abort.c:89
#2  0x00007ffff7115c00 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff720ad78 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff711bfc6 in malloc_printerr (action=3, str=0x7ffff720ae88 "free(): invalid next size (fast)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5049
#4  0x00007ffff711c80e in _int_free (av=0x7ffff743cb00 <main_arena>, p=0x55555576ce80, have_lock=0) at malloc.c:3905
#5  0x00007ffff7ab715b in ReadTIFFImage (image_info=<optimized out>, exception=<optimized out>) at coders/tiff.c:2375
#6  0x00007ffff79475d8 in ReadImage (image_info=image_info@entry=0x555555774850, exception=exception@entry=0x7fffffffe2c0) at magick/constitute.c:1607
#7  0x00007ffff7933ad4 in MontageImageCommand (image_info=0x555555774850, argc=<optimized out>, argv=<optimized out>, metadata=0x0, exception=0x7fffffffe2c0) at magick/command.c:14064
#8  0x00007ffff7916a94 in MagickCommand (image_info=image_info@entry=0x555555774850, argc=argc@entry=3, argv=argv@entry=0x7fffffffec40, metadata=metadata@entry=0x7fffffffe2b8,
    exception=exception@entry=0x7fffffffe2c0) at magick/command.c:8869
#9  0x00007ffff7917ae6 in GMCommandSingle (argc=3, argc@entry=4, argv=0x7fffffffec40, argv@entry=0x7fffffffec38) at magick/command.c:17396
#10 0x00007ffff793a45e in GMCommand (argc=4, argv=0x7fffffffec38) at magick/command.c:17449
#11 0x00007ffff70c52e1 in __libc_start_main (main=0x555555554630 <main>, argc=4, argv=0x7fffffffec38, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffec28) at ../csu/libc-start.c:291
#12 0x000055555555466a in _start ()
(gdb)
----cut---------cut---------cut---------cut---------cut---------cut-----

I'm filling this to the Debian BTS (but actually better is at
upstream) and able to keep track of progress/finding.

Regards,
Salvatore



Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#878511; Package src:graphicsmagick. (Sat, 14 Oct 2017 14:03:02 GMT) (full text, mbox, link).


Acknowledgement sent to Bob Friesenhahn <bfriesen@simple.dallas.tx.us>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Sat, 14 Oct 2017 14:03:02 GMT) (full text, mbox, link).


Message #10 received at 878511@bugs.debian.org (full text, mbox, reply):

From: Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
To: Salvatore Bonaccorso <carnil@debian.org>, 878511@bugs.debian.org
Subject: Re: Bug#878511: graphicsmagick: CVE-2017-13737
Date: Sat, 14 Oct 2017 08:52:08 -0500 (CDT)
I tried to access https://bugzilla.redhat.com/show_bug.cgi?id=1484196 
on two computers but the browsers refused to allow me to access it 
because it said that the connection was reset and it was not able to 
authenticate the system.  Perhaps there is a problem on the server.

How may I receive a copy of 'POC1' so I can reproduce the issue?

I see that 'montage' is involved.  This could be factor since it is 
less well tested than some other sub-commands.

Bob
-- 
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#878511; Package src:graphicsmagick. (Sat, 14 Oct 2017 15:18:04 GMT) (full text, mbox, link).


Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Sat, 14 Oct 2017 15:18:04 GMT) (full text, mbox, link).


Message #15 received at 878511@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
Cc: 878511@bugs.debian.org
Subject: Re: Bug#878511: graphicsmagick: CVE-2017-13737
Date: Sat, 14 Oct 2017 17:16:18 +0200
Hi!

On Sat, Oct 14, 2017 at 08:52:08AM -0500, Bob Friesenhahn wrote:
> I tried to access https://bugzilla.redhat.com/show_bug.cgi?id=1484196 on two
> computers but the browsers refused to allow me to access it because it said
> that the connection was reset and it was not able to authenticate the
> system.  Perhaps there is a problem on the server.
> 
> How may I receive a copy of 'POC1' so I can reproduce the issue?
> 
> I see that 'montage' is involved.  This could be factor since it is less
> well tested than some other sub-commands.

Seem there is some accessing problem right now to the Red Hat bugzilla.

The base64-encoded POC1 file is:

SUkqAKAAAACAP+BQOCQJhsCCv8KD+BvABgAqv+GP95v9+FAAROKvwolEnwKNx2PxSBDwAyOKwJig
+QQ1ny2Bwn//9/sOBg+aDN4QOaRs/v+aTJfvwBwJ+RqixaWTWCMAAAAeQQeE94k+UvwYlNik+lvN
glUqlOJv9i2ApwN52Www0C2ArwS1W+YlUKgCCS8fvy7xKC3iUwJ4ABgUuEwKAhIAAAEDAAEAAAAi
AAAAAQEDAAEAAAAg/AAAAgEDAAEAAAAYAAAAAwEDAAEAAAAFgAAABgEDAAEAAAADAAAACgEDAAEA
AAABAAAADQECAA0AAAB+AQAAEQEEAAEAAAAIAAAAEgEDAAEAAAABAAAAFQEDAAEAAAABAAAAFvED
AAEAAAAABAAAFwEEAAEAAACYAAAAGmgFAAEAAACGAQAAGwEFAAEAAACOAQAAHAEDAAEAAAABAAAA
KAEDAAEAAAABAAAAKQEDAAIAAAAAAAEAQAEDAAwAAACWAQAAAAAAAGZvAEgAAAABAAAASAAAAAEA
AP///////wAA

Does this helps?

Regards,
Salvatore



Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#878511; Package src:graphicsmagick. (Sat, 14 Oct 2017 16:27:03 GMT) (full text, mbox, link).


Acknowledgement sent to Bob Friesenhahn <bfriesen@simple.dallas.tx.us>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Sat, 14 Oct 2017 16:27:03 GMT) (full text, mbox, link).


Message #20 received at 878511@bugs.debian.org (full text, mbox, reply):

From: Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
To: Salvatore Bonaccorso <carnil@debian.org>, 878511@bugs.debian.org
Subject: Re: Bug#878511: graphicsmagick: CVE-2017-13737
Date: Sat, 14 Oct 2017 11:25:53 -0500 (CDT)
On Sat, 14 Oct 2017, Salvatore Bonaccorso wrote:
>
> Does this helps?

Yes.  I am able to reproduce the problem and see the root cause of it.

Bob
-- 
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#878511; Package src:graphicsmagick. (Sat, 14 Oct 2017 17:39:03 GMT) (full text, mbox, link).


Acknowledgement sent to Bob Friesenhahn <bfriesen@simple.dallas.tx.us>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Sat, 14 Oct 2017 17:39:03 GMT) (full text, mbox, link).


Message #25 received at 878511@bugs.debian.org (full text, mbox, reply):

From: Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
To: Salvatore Bonaccorso <carnil@debian.org>, 878511@bugs.debian.org
Subject: Re: Bug#878511: graphicsmagick: CVE-2017-13737
Date: Sat, 14 Oct 2017 12:36:37 -0500 (CDT)
This issue is resolved by changeset 15230:3db9449e3d6a in the 
GraphicsMagick repository.  A one line change to magick/studio.h:

diff -r ed4b51e57673 -r 3db9449e3d6a magick/studio.h
--- a/magick/studio.h	Wed Oct 11 08:18:56 2017 -0500
+++ b/magick/studio.h	Sat Oct 14 12:34:14 2017 -0500
@@ -1,5 +1,5 @@
 /*
-  Copyright (C) 2003 - 2016 GraphicsMagick Group
+  Copyright (C) 2003 - 2017 GraphicsMagick Group
   Copyright (C) 2002 ImageMagick Studio

   This program is covered by multiple licenses, which are described in
@@ -356,7 +356,7 @@
 #endif
 #define Max(x,y)  (((x) > (y)) ? (x) : (y))
 #define Min(x,y)  (((x) < (y)) ? (x) : (y))
-#define NumberOfObjectsInArray(octets,size) ((octets+size-1)/size)
+#define NumberOfObjectsInArray(octets,size) (octets/size) /* rounds down */
 #define QuantumTick(i,span) \
   ((((i) % ((Max(101,span)-1)/100)) == 0) || \
     ((magick_int64_t) (i) == ((magick_int64_t) (span)-1)))

-- 
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/



Added tag(s) fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 14 Oct 2017 18:33:06 GMT) (full text, mbox, link).


Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility. (Sun, 15 Oct 2017 21:21:07 GMT) (full text, mbox, link).


Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sun, 15 Oct 2017 21:21:07 GMT) (full text, mbox, link).


Message #32 received at 878511-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: 878511-close@bugs.debian.org
Subject: Bug#878511: fixed in graphicsmagick 1.3.26-15
Date: Sun, 15 Oct 2017 21:19:32 +0000
Source: graphicsmagick
Source-Version: 1.3.26-15

We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878511@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 15 Oct 2017 20:03:26 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.26-15
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick-q16-3 - format-independent image processing - C shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 878511
Changes:
 graphicsmagick (1.3.26-15) unstable; urgency=high
 .
   * Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511).
Checksums-Sha1:
 a630c0330891a53f508b0488517575c5e90b4b1e 2801 graphicsmagick_1.3.26-15.dsc
 91c07073575e08d4ea2257d35dbef15f6c3219d7 161252 graphicsmagick_1.3.26-15.debian.tar.xz
 2641039a2201734b44b0698af81f7263bc72a24a 3176612 graphicsmagick-dbg_1.3.26-15_amd64.deb
 fda9be0cdf273bf729dd270951f6789976639554 25608 graphicsmagick-imagemagick-compat_1.3.26-15_all.deb
 f263a23fc563378cbb6a0c503b69fe11c32b75a3 29004 graphicsmagick-libmagick-dev-compat_1.3.26-15_all.deb
 0aaeb0b2f8d16511f224f47408bab3dd2e048959 11593 graphicsmagick_1.3.26-15_amd64.buildinfo
 f70d26dac796b5fa880e37a8be9931044258f274 867500 graphicsmagick_1.3.26-15_amd64.deb
 d6f29e786baff2a2fdabdc66bc8743ca51aaf400 72252 libgraphics-magick-perl_1.3.26-15_amd64.deb
 72e8566a6f803564269fa5d864e52069798c2450 119838 libgraphicsmagick++-q16-12_1.3.26-15_amd64.deb
 17b974cdf1701a6b31bef014bb19369c420ea0bc 304734 libgraphicsmagick++1-dev_1.3.26-15_amd64.deb
 5cc4c24c1cc1c684e7607320f99c9af58c269d04 1115806 libgraphicsmagick-q16-3_1.3.26-15_amd64.deb
 b5381b587fb73209b6efe689cc9b2d5865f366c8 1338030 libgraphicsmagick1-dev_1.3.26-15_amd64.deb
Checksums-Sha256:
 4341114fbb18cc0db5e48ed2caa38a95f411dbbc40f7c2ba7f732f4fa8ebc401 2801 graphicsmagick_1.3.26-15.dsc
 ed20b7beea399e389e40d8850670e8c37b7d301e4b0e08dc32d5869502cb3aab 161252 graphicsmagick_1.3.26-15.debian.tar.xz
 e0028a956df732ffcd5b62a3f4f3d71160a6e78f2c5ef475606e4f4a9058ce68 3176612 graphicsmagick-dbg_1.3.26-15_amd64.deb
 567225e992ee43c84f49189a3794bcd9147cf30f11c3a9bb37cee65d6c6bbabb 25608 graphicsmagick-imagemagick-compat_1.3.26-15_all.deb
 7a64c4325e930af1ca121f5699297afff5bbacaea8aebf473f917f799096caa2 29004 graphicsmagick-libmagick-dev-compat_1.3.26-15_all.deb
 666778ae588397817d4aa8d139b346f04d8735bd5ffab685191dd96d6c30fbe8 11593 graphicsmagick_1.3.26-15_amd64.buildinfo
 21ca3727b02dbf1c9b363e6af08d5eb0cd1ac556fb5f54112194efacde093ca0 867500 graphicsmagick_1.3.26-15_amd64.deb
 63b04e0bdc32643ace2ed98345a3359bd7843f34e09085c01c4110087733933c 72252 libgraphics-magick-perl_1.3.26-15_amd64.deb
 bb1e8e767f4b859842d72554569a5220e46640921a4a7881f07e59fe0edc4274 119838 libgraphicsmagick++-q16-12_1.3.26-15_amd64.deb
 73f407ebad40f4b5e15810acc9bd6fda3d0d0efc2219a3223c9683ebd69d338f 304734 libgraphicsmagick++1-dev_1.3.26-15_amd64.deb
 a59641cc62fc8172ae93b63de494c7e04d829fcba92abd779c28d5698e178caa 1115806 libgraphicsmagick-q16-3_1.3.26-15_amd64.deb
 72088d295fe94934ce4abf9cd3f9a1feb3a3eac3816dd2ab59af2d78bd13892c 1338030 libgraphicsmagick1-dev_1.3.26-15_amd64.deb
Files:
 23f80ff936dfc8aaa076ba9915e65e08 2801 graphics optional graphicsmagick_1.3.26-15.dsc
 453aed2643b779e52c71727b0a123232 161252 graphics optional graphicsmagick_1.3.26-15.debian.tar.xz
 b9d7fd1f55f98fcfe6e93da33e7403ad 3176612 debug optional graphicsmagick-dbg_1.3.26-15_amd64.deb
 a60c8dc2374721bae5e8b564cd9d2d2b 25608 graphics optional graphicsmagick-imagemagick-compat_1.3.26-15_all.deb
 0c64fe943cfda9ff9987f725994d19a1 29004 graphics optional graphicsmagick-libmagick-dev-compat_1.3.26-15_all.deb
 41807020dccb2dc3445ba3f7158c2b1f 11593 graphics optional graphicsmagick_1.3.26-15_amd64.buildinfo
 ebc3b09c575ac809acf4908437ec544c 867500 graphics optional graphicsmagick_1.3.26-15_amd64.deb
 057b021b76a7e49d561ab5581e35cf13 72252 perl optional libgraphics-magick-perl_1.3.26-15_amd64.deb
 f5ff7ea54df7b854a343c4c8a71a4b2a 119838 libs optional libgraphicsmagick++-q16-12_1.3.26-15_amd64.deb
 18c2acd1439cab270c7c702d2d3ea182 304734 libdevel optional libgraphicsmagick++1-dev_1.3.26-15_amd64.deb
 4ba6821ceb7a2a35ea435efa4645c6fb 1115806 libs optional libgraphicsmagick-q16-3_1.3.26-15_amd64.deb
 00c7507fc97521892210483f6e0d1c3e 1338030 libdevel optional libgraphicsmagick1-dev_1.3.26-15_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlnjyEMACgkQ3OMQ54ZM
yL/WUxAAqe+Tz5zK4lN7eAmQp29/4WAlEGIs16Wp8tvHvhEujJvLcc1jWnOvVK9a
s1X7RLs47vawGghqKLOjE3ynD1AaeTxAloAdL8hkRk4gM7FLnEIAK1DRKa0jPIon
X26LDSBCJH49OXOovmO51fXzOdbDnij5zSnKe/HJdmbsiN2Oe0HwTEKqEGvRkG4U
4JOUFyXUdYcCxtpkz3U5xsAuiwg8aT45440eq5uCI6omwPnRPC7EExGloLJ6A5gq
3Uip4EweF6b/dPq6HcOrqbpPnbjfvVsuVAksoKejOIkDPHNe1AEd5GCmkwIfow7U
lMgSWd0uXu6+bnDenZgEDScR/VTzJhF3lbSDySGODHhSg8jPDq9M7VCp4YSQSoOK
YcAUEP2se6OPIdZW3p4SZz2xltVctiyn3ltRBJNmidX+6hh7xFqBFD0BkAnW4f9l
Kzov4oZr21xpaQ9eCP52mKEhraThFvpUSAEtnd6l1UCTvOOkWjaGbFMXfrqFxLi+
2gJ0kq4OlYcWufA/KieWkOZ0gO9tYwagQTpnxYECf34PlwNB+8VmVcVsz3/oyVTh
PZSXC2tu3hVvFq+rO37RIHlylOnXJYqLZScc5YxeGsJD/YEq8C/qNNDn83vUOR0u
HU+UtlUSPa8BiYZurkV7jFR77UOiGScrbleeMHmcwnguLfgqcAc=
=2WTN
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 13 Dec 2017 07:25:28 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 02:24:58 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.