Your message dated Sat, 22 Nov 2014 19:04:35 +0000
with message-id <[email protected]>
and subject line Bug#768494: fixed in imagemagick 8:6.6.0.4-3+squeeze5
has caused the Debian Bug report #768494,
regarding [imagemagick] Some special crafted jpeg file could lead to DOS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
768494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768494
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: imagemagick
Version: 8:6.8.9.9-2
Severity: normal
Tags: security
X-Debbugs-CC: [email protected]
control: tags -1 + fixed-upstream
control: forwarded -1
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456
Some special crafted jpeg file lead to crash of imagemagick (SEGV) and thus DOS
(remotly trigerable through imagick).
I have asked for CVE
Bastien
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.6.0.4-3+squeeze5
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Nov 2014 18:54:04 +0100
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-doc libmagickcore3
libmagickcore3-extra libmagickcore-dev libmagickwand3 libmagickwand-dev
libmagick++3 libmagick++-dev perlmagick
Architecture: source i386 all
Version: 8:6.6.0.4-3+squeeze5
Distribution: squeeze-lts
Urgency: high
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description:
imagemagick - image manipulation programs
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development
files
libmagick++3 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore3 - low-level image manipulation library
libmagickcore3-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand3 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 768494
Changes:
imagemagick (8:6.6.0.4-3+squeeze5) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* Add 0008-CVE-2014-8716-crafted-jpeg-file-could-lead-to-DOS.patch
to fix CVE-2014-8716 (Closes: #768494)
Checksums-Sha1:
0248949c9587edaa458463b9f3097d110729ab53 2667
imagemagick_6.6.0.4-3+squeeze5.dsc
598de8cf7d988634762d400ec25b41699f4868a2 8779677
imagemagick_6.6.0.4.orig.tar.bz2
a29a00d146b105069c7f4e1543e5fc0aa605d299 41254
imagemagick_6.6.0.4-3+squeeze5.debian.tar.bz2
c757352e51797fc034873e5c93983a14c5f795e1 105066
imagemagick_6.6.0.4-3+squeeze5_i386.deb
3331c00a65f15f0faa47b59ccb54354f06f3aa35 3384218
imagemagick-dbg_6.6.0.4-3+squeeze5_i386.deb
9cb803625e97b9062c7e02eaf2c29857ac0915cf 4351124
imagemagick-doc_6.6.0.4-3+squeeze5_all.deb
fbd56a6b1bef3c1a7f368cf0d82d4c590c8ec10f 1679104
libmagickcore3_6.6.0.4-3+squeeze5_i386.deb
53baad2073afdfb8eb71ba48ca0c582df1f859c5 117072
libmagickcore3-extra_6.6.0.4-3+squeeze5_i386.deb
42c7927d492370f3c10b4a4fb9ff4331053f5463 1097682
libmagickcore-dev_6.6.0.4-3+squeeze5_i386.deb
382bbb683b5d45eb0bc427c073f5abc7dc5b57b0 359702
libmagickwand3_6.6.0.4-3+squeeze5_i386.deb
6ef9509c613534782b89bb292f3959c5222d0bc8 447130
libmagickwand-dev_6.6.0.4-3+squeeze5_i386.deb
365701c0121745ee6c311cfd770e6bf72461854b 215222
libmagick++3_6.6.0.4-3+squeeze5_i386.deb
dd22d95adb29f89f82f95ebf96907cc37a588103 250602
libmagick++-dev_6.6.0.4-3+squeeze5_i386.deb
fde165c8c1e7ed668adb2f507ca9f6f5783083ff 220194
perlmagick_6.6.0.4-3+squeeze5_i386.deb
Checksums-Sha256:
0bbe64b9399de754e84da28be2019e9af8e52c9c379c4c599aecf0b6121f98c9 2667
imagemagick_6.6.0.4-3+squeeze5.dsc
55285b81c5e3bfb537cc6ce404a490b54b4d67b33c7f64990acc4f3c6008880b 8779677
imagemagick_6.6.0.4.orig.tar.bz2
48fe71680004f90e2b0c851de390d8a2a24f3291ca2a255d7379419146422451 41254
imagemagick_6.6.0.4-3+squeeze5.debian.tar.bz2
a5bbede9ea2f71160ba723dd49c78051f03e13c7f9ecb0a4373a52c7ab579536 105066
imagemagick_6.6.0.4-3+squeeze5_i386.deb
59d92c79f7532d49b43ec3e67ea218fb2aee185b6c5dfeb766dcd6c00e6386a4 3384218
imagemagick-dbg_6.6.0.4-3+squeeze5_i386.deb
9df4758d32c4a7089cd76d63704117d1cc9008102824c48d40c177bc4aac0953 4351124
imagemagick-doc_6.6.0.4-3+squeeze5_all.deb
9833171120462933a4c9e8f15e9e5a5766cc5d6637acf68d93fdb56e0fa200d9 1679104
libmagickcore3_6.6.0.4-3+squeeze5_i386.deb
b2258b7f4f15b65deac69a6769abece4c5c7e4e2ba92d463e29a41ab92e3f23d 117072
libmagickcore3-extra_6.6.0.4-3+squeeze5_i386.deb
7c98fd17b459a101d46e2b3f46bd3d341afaa39d9663019bde9f9b86ceea4cdf 1097682
libmagickcore-dev_6.6.0.4-3+squeeze5_i386.deb
c68358c672a1aebd0e9072bc972aea9ebe5235a67c979062a558e3dde85da2d7 359702
libmagickwand3_6.6.0.4-3+squeeze5_i386.deb
d3fd10b6db8774cd1f6701dbb251ebee6d21fe2dd5038e6809eb0e51e6c07851 447130
libmagickwand-dev_6.6.0.4-3+squeeze5_i386.deb
4778cead86731b05502c75ea9615edd22a222a07684b37a813a716f024a1e5e9 215222
libmagick++3_6.6.0.4-3+squeeze5_i386.deb
1b0c0700f66def4971c5a64d480e0d5ba0475a748247a6fd0da931a73150fbd5 250602
libmagick++-dev_6.6.0.4-3+squeeze5_i386.deb
733025d2c39e322d3687e402ec4c0f696b9930c7a959e8f7a84a3f8dd5ac45a9 220194
perlmagick_6.6.0.4-3+squeeze5_i386.deb
Files:
23da3b39db25eaf970fc9496f0f47b26 2667 graphics optional
imagemagick_6.6.0.4-3+squeeze5.dsc
de43e699cee7c672d1ef70108984b2e5 8779677 graphics optional
imagemagick_6.6.0.4.orig.tar.bz2
f8dbb76d31d5714796d814ea5b74502e 41254 graphics optional
imagemagick_6.6.0.4-3+squeeze5.debian.tar.bz2
c1bab355116739d92c48746a29be875b 105066 graphics optional
imagemagick_6.6.0.4-3+squeeze5_i386.deb
74e8aeed2a82858c6db9e3da5a92ef42 3384218 debug extra
imagemagick-dbg_6.6.0.4-3+squeeze5_i386.deb
f81e8c8330f74179a90c3cec45d19074 4351124 doc optional
imagemagick-doc_6.6.0.4-3+squeeze5_all.deb
5f1ee9c88976651fe7fa85e76437aefe 1679104 libs optional
libmagickcore3_6.6.0.4-3+squeeze5_i386.deb
08cd5a0ecaa9431555aa301a73f7df9b 117072 libs optional
libmagickcore3-extra_6.6.0.4-3+squeeze5_i386.deb
a72a5c284a506eda8fde53cdff9ade3f 1097682 libdevel optional
libmagickcore-dev_6.6.0.4-3+squeeze5_i386.deb
f05cdf0b0c9e929e17e38c718b7e4ad1 359702 libs optional
libmagickwand3_6.6.0.4-3+squeeze5_i386.deb
75719167e082d2cb2400e14b96a661b2 447130 libdevel optional
libmagickwand-dev_6.6.0.4-3+squeeze5_i386.deb
e606d59c0ef7c40b7409d81201784246 215222 libs optional
libmagick++3_6.6.0.4-3+squeeze5_i386.deb
c29dc3f1fbb62e9fb364ba52baa04c9c 250602 libdevel optional
libmagick++-dev_6.6.0.4-3+squeeze5_i386.deb
6b3b045d8a77a053630459ba1ff4f010 220194 perl optional
perlmagick_6.6.0.4-3+squeeze5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJUcNuHXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH5MwQAJYWtW6sIxehDPrx/yhs8rzg
f3579hCc+Lvu2w/aq12bECbgJDdv88JhGg3RTDQ+h301060QGIzFMggcoTc7qjBc
uYtHBtKW57EGZytfX1l7H4kRETI+6HGzI3gFmSvychNeGVIYzHzUkzrmjFq4oYj+
iJphnyA5WyRSOy0HMYHQp1tN4Iw9bMzaIES5f3ijd3kjftyK1wykp6fmAPIBSaRF
y+9qJM4505Sot1me4xO/EfsMDRBON7NfyrWakFPDHlJ+mM/CwHEIVYhicC/OIOmN
Zk6wRiqgxqswWHWXcbYAJQaLrzdO1w9IsIf1XQKqha2+Q5MKVEVCC8exCtVHI9gw
P8lNRYiXmqsDGYmPIZRqK1CiqtyVph14NMPZ4cN+SzE/+fhVWZe/h4PGcYBt5udO
V8Tt76nmFltHZCw0oL5PpCB40ITB9l3PAX5s3AM8IPtnJsCVd0a6L/55uXII2zBr
KVowSOMqhbXDkCTwRlULBGLWU0o3iCcmS5cqCv9GkpIV5JG/9cBBaxu0OfcLi8sb
L33YhXOztRR4cl118MsmIg352PryNYcm8LErTZPSVrRbqfiR1vFzzm9C/8WyxzsV
gCVMWecBOp7Fe/PuFg0JRi+NHxlZpiGZZZQ9RUoVhsH7DPB3+/1n0YZ8HaQo3waw
fbeeejmzyFDxP0cC+gFS
=mbkO
-----END PGP SIGNATURE-----
--- End Message ---
