Your message dated Sat, 30 May 2020 16:19:16 +0000
with message-id <[email protected]>
and subject line Bug#960000: fixed in graphicsmagick 1.4+really1.3.35-2
has caused the Debian Bug report #960000,
regarding graphicsmagick: CVE-2020-12672
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
960000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960000
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: graphicsmagick
Version: 1.4+really1.3.35-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for graphicsmagick, filling
for tracking this issue in Debian BTS.
CVE-2020-12672[0]:
| GraphicsMagick through 1.3.35 has a heap-based buffer overflow in
| ReadMNGImage in coders/png.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-12672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12672
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.4+really1.3.35-2
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated graphicsmagick
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 30 May 2020 17:41:09 +0200
Source: graphicsmagick
Architecture: source
Version: 1.4+really1.3.35-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 960000
Changes:
graphicsmagick (1.4+really1.3.35-2) unstable; urgency=high
.
* Backport security fix for CVE-2020-12672, MNG: small heap overwrite or
assertion if magnifying and image to be magnified has rows or columns == 1
(closes: #960000).
Checksums-Sha1:
b4e97392425fb44c9a5e71e911e61ef5f503f01b 2896
graphicsmagick_1.4+really1.3.35-2.dsc
2a9c30b7654c7d4bf4827ff1e8a3f2cce7f7305f 146488
graphicsmagick_1.4+really1.3.35-2.debian.tar.xz
Checksums-Sha256:
ee988ba45402b06711116e4ab6a3fcebff95c829d2312c59d640c2bdc9018b54 2896
graphicsmagick_1.4+really1.3.35-2.dsc
163561a1cb36d00c2db5d1257be7817aa3a8962305ec157d63c6882d4d81a0ad 146488
graphicsmagick_1.4+really1.3.35-2.debian.tar.xz
Files:
61a56d4b7415861247ccf3888108b7e8 2896 graphics optional
graphicsmagick_1.4+really1.3.35-2.dsc
4f5b8b5e2d8e235bd61ae0c1c670fe40 146488 graphics optional
graphicsmagick_1.4+really1.3.35-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl7SguUACgkQ3OMQ54ZM
yL/dKQ/9HmqVYC3ToXAFOV6+H3fNluV8j/L72wsHB1GR7ztfz+63/AtBRNei/fBt
+exKf1QsmqEM9Lv2XpH/fM3Ra+6FMNKY+VEnE+lz7OWU3tZV6e6A63q0rfgaZb8l
Oi3LaDkrpjTh5z4se6aKV06xAWlBAFiZr+MBUDtPxzGee+FTNP9qyjfdAq2QY9oO
Y3jABLd8Db5Q2UvtfpTHYUNZ8GC9Bc8YuwwCbwumcb07zIvj8gOP2hd1VrQ3NoFX
4R0RyruQgqQXqBPJ67yEixGVnVLtkb0kGQZnSYaaK3GGXzqNTxGYt48ENjNftLI0
OWibKSnwV7H8194kvwyZhfGIab9vjlnkGUKBKs+qigZgek1lc7FNWI1SrmVwCFzO
Nq73LVQ3TKPpSV1Jvxtl3FA64w/rT19ar229D9id6P0U5/JsV6kJXl5YnTrVLmVD
7JbMo2EI1U0Hlx2g8VtGYO8fbzRn8ldse5LpK4RdCsYhpRP75uweGfDR/J4kJHqH
GcqazcggEZg7cBJ6WWsBKtwGIyahs/AymMj0sP0TwsdA3uJh7KS/r3rWdGOK2+/f
K9qGzXamVyu31CHTCQySdG+WLBOlTphdZMP330nmsKRkKsuLRNSQs5KKhFo8J3oO
FP/FMvrc5ySZg1QNC9bOCAdWeWg1AqXmXMEWnx7SbIBr2avCnGg=
=Qp8s
-----END PGP SIGNATURE-----
--- End Message ---
