Your message dated Sat, 09 Sep 2017 15:08:52 +0000
with message-id <[email protected]>
and subject line Bug#874724: fixed in graphicsmagick 1.3.26-9
has caused the Debian Bug report #874724,
regarding graphicsmagick: CVE-2017-14165
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
874724: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874724
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: graphicsmagick
Version: 1.3.26-1
Severity: normal
Tags: security patch upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/442/
Hi,
the following vulnerability was published for graphicsmagick.
CVE-2017-14165[0]:
| The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has
| an issue where memory allocation is excessive because it depends only
| on a length field in a header. This may lead to remote denial of
| service in the MagickMalloc function in magick/memory.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14165
[1] https://sourceforge.net/p/graphicsmagick/bugs/442/
[2] http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.3.26-9
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated graphicsmagick
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Sep 2017 12:45:00 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev
libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl
graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat
graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.26-9
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing
ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing
ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared
library
libgraphicsmagick++1-dev - format-independent image processing - C++
development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared
library
libgraphicsmagick1-dev - format-independent image processing - C development
files
Closes: 873538 874724
Changes:
graphicsmagick (1.3.26-9) unstable; urgency=high
.
* Fix CVE-2017-14165: remote denial of service due to memory allocation
failure in magickmalloc (closes: #874724).
* Fix CVE-2017-14042: memory allocation failure in MagickRealloc()
(closes: #873538).
Checksums-Sha1:
e9d1fcb7aed0084f42bfc61d487974a0028a4189 2794 graphicsmagick_1.3.26-9.dsc
30d7c3259267b0f6e642493f24757779e8322981 155144
graphicsmagick_1.3.26-9.debian.tar.xz
7ce499d99d6e83a15e7bb0b27b0f59254cc9e09c 3172770
graphicsmagick-dbg_1.3.26-9_amd64.deb
70143ef53fd5b9f7a3406de884091aa3d102e57e 24556
graphicsmagick-imagemagick-compat_1.3.26-9_all.deb
d59b357e24bf9cf05fef644e225cd85043360a83 27968
graphicsmagick-libmagick-dev-compat_1.3.26-9_all.deb
cc563f33475d1d3589c96461baeeac981e3f9c9b 11558
graphicsmagick_1.3.26-9_amd64.buildinfo
bdfba86186d80a8ab8625cc9473ff6f183941f4f 866312
graphicsmagick_1.3.26-9_amd64.deb
9a15630c815e54f34b09715b03c8e14f05368ec5 71394
libgraphics-magick-perl_1.3.26-9_amd64.deb
ba870c15be390000bee54257d043ef87491ed264 119118
libgraphicsmagick++-q16-12_1.3.26-9_amd64.deb
5ca82f9f27ec57c7fe82c5e95525cf79ae7237e5 303880
libgraphicsmagick++1-dev_1.3.26-9_amd64.deb
9b072d89e060aeeb726df0712aeaab2784c5cb40 1116776
libgraphicsmagick-q16-3_1.3.26-9_amd64.deb
68cc21495c699899ddc57947bd52572a74200e2d 1337668
libgraphicsmagick1-dev_1.3.26-9_amd64.deb
Checksums-Sha256:
489d19d8387244a6d2d8d66664bf3732a710f417dce9304482c4befb5f552d58 2794
graphicsmagick_1.3.26-9.dsc
637e703c7f342ebb5c31812810e9a75df7d35c85d61fd5b09bc4746efc492a70 155144
graphicsmagick_1.3.26-9.debian.tar.xz
d832477226f8b5aff9b786fc217f970d18eff28b7da2868c254cf498e936047f 3172770
graphicsmagick-dbg_1.3.26-9_amd64.deb
4061413ddd985ed267e1273f10b6dea7daea038b82bb7a459fa525e8ac4ed292 24556
graphicsmagick-imagemagick-compat_1.3.26-9_all.deb
2068bb5f3ea38d3c5254eccba3aaf186556593a2132de0a038058c3c7517d152 27968
graphicsmagick-libmagick-dev-compat_1.3.26-9_all.deb
d06a45f113d7aab95a60a70f656966998d37896c39362cf5624448b2d5a4f427 11558
graphicsmagick_1.3.26-9_amd64.buildinfo
c37539d323019b67fb21526a8a2ceb46e8c5cd8acaa94b2677cd885411b1fab4 866312
graphicsmagick_1.3.26-9_amd64.deb
6c5d4f1afbeec39e6c1f8f4d4e054ee0338241c0ca39bd290b71cfeb00b7ae31 71394
libgraphics-magick-perl_1.3.26-9_amd64.deb
b5aa48251faabf0215af7a82a0b28c0e7243e382491bbf462916d6ebac51547e 119118
libgraphicsmagick++-q16-12_1.3.26-9_amd64.deb
30d8b817147435a427ad1d7c10cc398ba977cf37fb2fd0592971a1ee2c4b7dc9 303880
libgraphicsmagick++1-dev_1.3.26-9_amd64.deb
e9515a29a772849b9722e9e3b22a2cb93ad33497252ebdad0da18a47559e609a 1116776
libgraphicsmagick-q16-3_1.3.26-9_amd64.deb
148dc1c4c506b0348fcb783785faf1997817204ebcde787c343ff4baf46dfbbd 1337668
libgraphicsmagick1-dev_1.3.26-9_amd64.deb
Files:
610083dd0afee7d170717f5b1e389430 2794 graphics optional
graphicsmagick_1.3.26-9.dsc
acc6a46a6ef3b3e5b62a5935a18fa4ac 155144 graphics optional
graphicsmagick_1.3.26-9.debian.tar.xz
1000324adcb17203a68721ddbc862f38 3172770 debug extra
graphicsmagick-dbg_1.3.26-9_amd64.deb
ea3640a5617beeb51c997b2e37ea3fd4 24556 graphics optional
graphicsmagick-imagemagick-compat_1.3.26-9_all.deb
05d7adc20865380590ffa40fbfa08d2e 27968 graphics optional
graphicsmagick-libmagick-dev-compat_1.3.26-9_all.deb
d0c025e584b83dc5ffc56a76a49887ba 11558 graphics optional
graphicsmagick_1.3.26-9_amd64.buildinfo
c02403cf193ca23015b7d10424068317 866312 graphics optional
graphicsmagick_1.3.26-9_amd64.deb
8d71b4efd96b8ae543c2cf7430147f3f 71394 perl optional
libgraphics-magick-perl_1.3.26-9_amd64.deb
a3565f3c5186154ac0333a16a05d86c9 119118 libs optional
libgraphicsmagick++-q16-12_1.3.26-9_amd64.deb
b0803b326f248e908d18e78a84a31eda 303880 libdevel optional
libgraphicsmagick++1-dev_1.3.26-9_amd64.deb
bad3418fe45a38a2dc4d9ca4408b8b2c 1116776 libs optional
libgraphicsmagick-q16-3_1.3.26-9_amd64.deb
13c172c99fc02c5d2de0e2d5d3083977 1337668 libdevel optional
libgraphicsmagick1-dev_1.3.26-9_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlmz85kACgkQ3OMQ54ZM
yL8HLg/6A8HrNwqpbEqSxx5+FialJtvllDB3NDMGUQZVDvbx/aQw8XO10eFOEgQE
E5nQDu87RwTiu9p2p/y9McFuqI+XHhdjD2DMt6liYOxQ3p1GH8Rv9DST4UwiAKju
FWhoGYwBEuBPNowQYvts+A9K1eoyk7cDNmcTcweu6RSOdYi9mjHQydpZmpTBbtfV
IzCY41GXsHK5Jif0Y4XmPURBuBXgm1DN6A1JC/so+1Y4JnzBW/iojFuxYIfYQKu7
6A6hn9xEL3e58K4eOFuXOTP7YQNx8ktAjiTlZVor1Aao1ZF6cXI1cjs1/chuicvt
Ke0c0h2xjQ34CMt23/epAn+85wsQQtbkXTnVFy6PYcXPUCe/EcVCd8klQN1n1+gH
d52XPhiS61nRIRqCDXX78zUetqlw7SCAS8lSca3c19OC/UIXB1BQN+3j9M+l7Rh7
Alfh4XVccN+g/OW4bYnWEwqJbNsrPwqxsNYcX25sWjAIG6aQG0vAZB86IdvZyiD0
k2NCnn9pWW+xq6sJScu8X9EwZNxV+o4EEak4/d1QDxBe1txKmP0ISPAnibrYU+k0
STtWRJpZaJ8lCA8mD7cs4NBaY/Q1AWh5dQWuK2zpVhlqiYXF960+Ro/LL7thjJE2
YYEWmhS0G0OvDVTfISDWIJhDA20pvR6DKyYa/2gvLbctqn9iTkQ=
=Y2Kv
-----END PGP SIGNATURE-----
--- End Message ---