Your message dated Mon, 06 Mar 2017 12:05:45 +0000
with message-id <[email protected]>
and subject line Bug#856879: fixed in imagemagick 8:6.9.7.4+dfsg-2
has caused the Debian Bug report #856879,
regarding CVE-2017-6500: sun file heap-based buffer over-read
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
856879: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856879
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:imagemagick
Version: 8:6.6.0.4-3
Severity: serious
Tags: security
X-Debbugs-CC: [email protected]
control: found -1 8:6.7.7.10-5
control: found -1 8:6.8.9.9-5
forwarded: https://github.com/ImageMagick/ImageMagick/issues/375
See also https://github.com/ImageMagick/ImageMagick/issues/376
Fixed in 3007531bfd326c5c1e29cd41d2cd80c166de8528
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-2
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated
imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Mar 2017 23:21:36 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy
package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines
-- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics
routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header
files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files
(Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth
Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra
codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development
files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum
depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra
codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library -
development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files
(Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 856878 856879 856880 856881 856882
Changes:
imagemagick (8:6.9.7.4+dfsg-2) unstable; urgency=high
.
* Fix a few security bugs:
+ Assertion failure in TGA coder (Closes: #856878).
Fix CVE-2017-6498.
+ Out of bound in sun file coder (Closes: #856879).
Fix CVE-2017-6500.
+ Memory leak in libmagick++ library (Closes: #856880).
Fix CVE-2017-6499.
+ Missing null pointer check in xcf coder (Closes: #856881)
and psd coder (Closes: #856882).
Fix CVE-2017-6501 and CVE-2017-6497.
Checksums-Sha1:
e579cb2fc7b64e51641383988d524c2e11fec752 5151 imagemagick_6.9.7.4+dfsg-2.dsc
982c025dd9024e72aa2d42c5908ff7d320336839 204576
imagemagick_6.9.7.4+dfsg-2.debian.tar.xz
bf9d03ceb177e444d6258a966b573a02e178f5ee 27080
imagemagick_6.9.7.4+dfsg-2_amd64.buildinfo
Checksums-Sha256:
fd2d0533eb7ae3a02166dc0b5e36f7a62edd391c7be1bc0b14c7ff3e3c64d1dc 5151
imagemagick_6.9.7.4+dfsg-2.dsc
91e916e8b5e70339d8b694400582cd104582e8a7da169f280f6c2b5bfa1946ca 204576
imagemagick_6.9.7.4+dfsg-2.debian.tar.xz
80fc59b52260846ea9d78c280cbea6a73e6e5ee01e485758a9f26a1c276ddb06 27080
imagemagick_6.9.7.4+dfsg-2_amd64.buildinfo
Files:
c1f4da51e8e6332f613c94ae2aa95381 5151 graphics optional
imagemagick_6.9.7.4+dfsg-2.dsc
861797f7fa334ff7f5ec52bd1a269de1 204576 graphics optional
imagemagick_6.9.7.4+dfsg-2.debian.tar.xz
7ec31d80b26451405b86b4a1a13170e3 27080 graphics optional
imagemagick_6.9.7.4+dfsg-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAli9TFUACgkQADoaLapB
CF9/4A//fXCDJXfauhxdNHOdJPUEY619B5G4e+R9paffd+9FCcO/qRd5bxl2lCZ7
1tqgQAeSZpEhgrhZayijTgE6BZLvCFCji9bvG+e4D+ZCpZ1I0r/m/ONR8JDx9qb1
U4aj6jJeeb86hsnBBYEEBMr6DbSQszNBe8+J7ZTLc3JN4SiRUp96nEnSpnkTlOsx
E13QIzkO7LKOlOVh1i1woIN1ERzYCBbGqCNzAJ3JqmsWqIZxykRiv5hbMrH6F7uO
UC0h6FKxe3p8IJjfu2er9MclLYtmZ1zjo1qW5+D8ZvH1j6aakyQrGdfTAmXccxqJ
iXknMHZqvBCzAiWL2flx5YrvM1GcmIUF9gy2PzRMLYcP0YSNOpo3IUGCp8rZP5TH
0hObypET+Bdxc/BwpdThf/Qyedsjj11chMvLGOa1pBEHDWmYwpfTS1Befz9vRXHt
6GLHIWXRW/x4GeQiM5jd9k/Vo/zHOk0MfoZKjFlg7PLzHUJJ/MLxGAHLB2LcFQbB
GgtX/dh2mIEUjTjqpfIxkmoXRtgGEnkRDYfC08Qk/52FABj9SbaIBEToAHYxv2HB
2tDFCghnS59cmaYdUVP69RmBF+zjTbTA8e/PQc5kGGkpp7vdWqHhmAob6yAszllH
1ygQZ3peQG5koxVrHN/n64F8pZ6hnu2RXOFHqGkpnwJqH5pFbJM=
=nOfZ
-----END PGP SIGNATURE-----
--- End Message ---
