Bug#291118: marked as done (vulnerable to CAN-2005-0005, buffer overflow in PSD decoder)

Wed, 03 Aug 2005 22:54:17 -0700 

Your message dated Wed, 03 Aug 2005 22:32:09 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291033: fixed in imagemagick 6:6.2.3.6-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Jan 2005 21:22:25 +0000
>From [EMAIL PROTECTED] Tue Jan 18 13:22:25 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1Cr0nx-0001zG-00; Tue, 18 Jan 2005 13:22:25 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
        by kitenet.net (Postfix) with ESMTP id C7D7817E25
        for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 21:22:24 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
        id 7A8B86F23C; Tue, 18 Jan 2005 16:24:29 -0500 (EST)
Date: Tue, 18 Jan 2005 16:24:28 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="0ntfKIWw70PvrIHh"
Content-Disposition: inline
X-Reportbug-Version: 3.5
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--0ntfKIWw70PvrIHh
Content-Type: multipart/mixed; boundary="+HP7ph2BbKc20aGI"
Content-Disposition: inline


--+HP7ph2BbKc20aGI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: imagemagick
Version: 6:6.0.6.2-1.6
Severity: grave
Tags: security patch

Our imagemagick package has a buffer overflow security hole, as
described here:

http://www.idefense.com/application/poi/display?id=3D184&type=3Dvulnerabili=
ties

I've attached a patch sideported from Ubuntu.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages imagemagick depends on:
ii  libmagick6                 6:6.0.6.2-1.6 Image manipulation library

-- no debconf information

--=20
see shy jo

--+HP7ph2BbKc20aGI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="imagepacgick.patch"

--- imagemagick-6.0.2.5.orig/coders/psd.c
+++ imagemagick-6.0.2.5/coders/psd.c
@@ -672,6 +672,8 @@
   }
   (void) ReadBlob(image,6,psd_info.reserved);
   psd_info.channels=ReadBlobMSBShort(image);
+  if (psd_info.channels > 24)
+    ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded");
   psd_info.rows=ReadBlobMSBLong(image);
   psd_info.columns=ReadBlobMSBLong(image);
   psd_info.depth=ReadBlobMSBShort(image);
@@ -853,6 +855,8 @@
             
layer_info[i].page.height=(ReadBlobMSBLong(image)-layer_info[i].page.y);
             
layer_info[i].page.width=(ReadBlobMSBLong(image)-layer_info[i].page.x);
             layer_info[i].channels=ReadBlobMSBShort(image);
+            if (layer_info[i].channels > 24)
+              
ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded");
           if (image->debug != MagickFalse)
             (void) LogMagickEvent(CoderEvent,GetMagickModule(),"    
offset(%ld,%ld), size(%ld,%ld), channels=%d",
               layer_info[i].page.x, layer_info[i].page.y,

--+HP7ph2BbKc20aGI--

--0ntfKIWw70PvrIHh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB7X6Kd8HHehbQuO8RAjA6AKCaaSdvpzOoGx56wz2HNwlw03PFyQCeMwxI
aIlC8cDn/5WdG1YrvOY08zg=
=M6CH
-----END PGP SIGNATURE-----

--0ntfKIWw70PvrIHh--

---------------------------------------
Received: (at 291033-close) by bugs.debian.org; 4 Aug 2005 05:39:14 +0000
>From [EMAIL PROTECTED] Wed Aug 03 22:39:14 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1E0YKv-0001iL-00; Wed, 03 Aug 2005 22:32:09 -0700
From: Ryuichi Arafune <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#291033: fixed in imagemagick 6:6.2.3.6-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 03 Aug 2005 22:32:09 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 6

Source: imagemagick
Source-Version: 6:6.2.3.6-1

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive:

imagemagick_6.2.3.6-1.diff.gz
  to pool/main/i/imagemagick/imagemagick_6.2.3.6-1.diff.gz
imagemagick_6.2.3.6-1.dsc
  to pool/main/i/imagemagick/imagemagick_6.2.3.6-1.dsc
imagemagick_6.2.3.6-1_i386.deb
  to pool/main/i/imagemagick/imagemagick_6.2.3.6-1_i386.deb
imagemagick_6.2.3.6.orig.tar.gz
  to pool/main/i/imagemagick/imagemagick_6.2.3.6.orig.tar.gz
libmagick++6-dev_6.2.3.6-1_i386.deb
  to pool/main/i/imagemagick/libmagick++6-dev_6.2.3.6-1_i386.deb
libmagick++6c2_6.2.3.6-1_i386.deb
  to pool/main/i/imagemagick/libmagick++6c2_6.2.3.6-1_i386.deb
libmagick6-dev_6.2.3.6-1_i386.deb
  to pool/main/i/imagemagick/libmagick6-dev_6.2.3.6-1_i386.deb
libmagick6_6.2.3.6-1_i386.deb
  to pool/main/i/imagemagick/libmagick6_6.2.3.6-1_i386.deb
perlmagick_6.2.3.6-1_i386.deb
  to pool/main/i/imagemagick/perlmagick_6.2.3.6-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryuichi Arafune <[EMAIL PROTECTED]> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  4 Aug 2005 12:39:54 +0900
Source: imagemagick
Binary: perlmagick libmagick++6c2 libmagick++6-dev libmagick6-dev libmagick6 
imagemagick
Architecture: source i386
Version: 6:6.2.3.6-1
Distribution: unstable
Urgency: low
Maintainer: Ryuichi Arafune <[EMAIL PROTECTED]>
Changed-By: Ryuichi Arafune <[EMAIL PROTECTED]>
Description: 
 imagemagick - Image manipulation programs
 libmagick++6-dev - The object-oriented C++ API to the ImageMagick 
library--developme
 libmagick++6c2 - The object-oriented C++ API to the ImageMagick library
 libmagick6 - Image manipulation library
 libmagick6-dev - Image manipulation library -- development
 perlmagick - A perl interface to the libMagick graphics routines
Closes: 264033 265540 266146 268357 269085 270882 277775 277795 278401 282173 
291033 291118 296084 297990 302093 303765 306424 310690 310812 315629 316475 
317299 317628 318255 321208
Changes: 
 imagemagick (6:6.2.3.6-1) unstable; urgency=low
 .
   * New upstream release
   * upstream fixes:
      - fix typo in mogrify manpage: closes: #317628, #321208
      - update config.sub/config.guess closes: #317299
      - fix " configure.ac takes wrong assumptions" closes: #303765
   * point to the correct URL in manpages. closes: #318255, #315629
   * man pages are rerwrited.    closes: #264033, #316475
   * closing bugs fixed by NMs. closes: #310690, #310812, #268357, #269085, 
#278401, #291033, #291118, #297990, #302093, #265540, #296084, #277775, 
#306424, #266146, #270882, #282173, #277795,
Files: 
 68c8b4eef9526747860294dda2296b94 893 graphics optional 
imagemagick_6.2.3.6-1.dsc
 8133ec8c3982b98dfe9400826c8b43b9 6042512 graphics optional 
imagemagick_6.2.3.6.orig.tar.gz
 dfdd09c3d9900a164515d2bfd224cdbf 144396 graphics optional 
imagemagick_6.2.3.6-1.diff.gz
 fa79dd2052b1506b9768178b1bc67fe5 1595076 graphics optional 
imagemagick_6.2.3.6-1_i386.deb
 cc98d30ede8b3fb531b7518d4b76ee05 1222826 libs optional 
libmagick6_6.2.3.6-1_i386.deb
 02220a6dc6796ec3560327be0e49b8d5 1544892 libdevel optional 
libmagick6-dev_6.2.3.6-1_i386.deb
 1798b84752a9d8ca0c7fb40df6f53a43 165838 libs optional 
libmagick++6c2_6.2.3.6-1_i386.deb
 c736d860c412f430d62506b1d0e4d79f 238030 libdevel optional 
libmagick++6-dev_6.2.3.6-1_i386.deb
 d5d3eefcb0aac5b73b7fc3afe64c13dd 165516 perl optional 
perlmagick_6.2.3.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC8aRvNfYaRw9fFnYRAkz7AJ9FLAubNszUliSR2q+78VGTGSKREgCgsGjJ
rBRUNjtfZZEFYnSfEvD5IK0=
=kSdL
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to