Your message dated Wed, 04 Sep 2013 21:02:22 +0000
with message-id <e1vhkdw-0001tx...@franck.debian.org>
and subject line Bug#721273: fixed in imagemagick 8:6.7.7.10-5+deb7u2
has caused the Debian Bug report #721273,
regarding imagemagick: CVE-2013-4298: DoS: Memory corruption while processing
GIF comments
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
721273: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721273
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ImageMagick
Control: severity -1 serious
Control: tags -1 + security
Control: tags -1 + patch
Control: tags -1 + fixed-upstream
Control: tags -1 + fixed-in-experimental
Control: tag -1 confirmed
>
> ---------- Message transféré ----------
> De : "Bastien ROUCARIES" <roucaries.bast...@gmail.com>
> Date : 29 août 2013 21:05
> Objet : Fwd: [Bug 1218248] Re: DoS: memory corruption while processing
GIF comments.
> À : <secur...@debian.org>
> Cc :
>
>> Will take care asap for stable and latter old stable testing and
unstable.
>>
>> Bastien
>>
>> ---------- Message transféré ----------
>> De : "Seth Arnold" <1218...@bugs.launchpad.net>
>> Date : 29 août 2013 20:25
>> Objet : [Bug 1218248] Re: DoS: memory corruption while processing GIF
comments.
>> À : <roucaries.bastien+b...@gmail.com>
>> Cc :
>>
>> ** Information type changed from Private Security to Public Security
>>
>> --
>> You received this bug notification because you are subscribed to
>> imagemagick in Ubuntu.
>> https://bugs.launchpad.net/bugs/1218248
>>
>> Title:
>> DoS: memory corruption while processing GIF comments.
>>
>> Status in “imagemagick” package in Ubuntu:
>> New
>>
>> Bug description:
>> Memory corruption while processing GIF comments. As the result
>> malloc's private stuctures are corrupted and it causes SIGABRT and
>> application crashes.
>>
>> Here is a topic on imagemagick forum: http://www.imagemagick.org
>> /discourse-server/viewtopic.php?f=3&t=23921 . You can easily reproduce
>> problem with images from this topic.
>>
>>
>> It was a problem with handling comments. '\0' symbol was places after
allocated memory buffer.
>> To fix this problem raw memory handling functions was replaced with
ConcatenateString.
>> Original code that solves this problem:
http://trac.imagemagick.org/changeset/8770/ImageMagick/trunk/coders/gif.c
>>
>> Patch that solves problem is attached to this bug report and tested in
>> Yandex.
>>
>> To manage notifications about this bug go to:
>>
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1218248/+subscriptions
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.7.7.10-5+deb7u2
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 721...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Fourmond <fourm...@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 01 Sep 2013 23:18:27 +0200
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc
libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5
libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.7.7.10-5+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Vincent Fourmond <fourm...@debian.org>
Description:
imagemagick - image manipulation programs
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development
files
libmagick++5 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore5 - low-level image manipulation library
libmagickcore5-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand5 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 721273
Changes:
imagemagick (8:6.7.7.10-5+deb7u2) wheezy-security; urgency=high
.
* Bump version to get on the right side of dak
.
imagemagick (8:6.7.7.10-5+deb7u1) wheezy-security; urgency=high
.
[ Bastien Roucariès ]
* Security Fix: Buffer overflow "Memory corruption while processing
GIF comments.", (Closes: #721273).
.
[ Vincent Fourmond ]
* Upload to wheezy-security
Checksums-Sha1:
70fdb7212d076edff5d7f3a9dea07bafaef72935 2533 imagemagick_6.7.7.10-5+deb7u2.dsc
acb4f2647a19895abb2af5bd1379b0cca151c58a 10473522
imagemagick_6.7.7.10.orig.tar.bz2
c32805b87117027ce5f20820d48dba6e3501cf5f 138234
imagemagick_6.7.7.10-5+deb7u2.debian.tar.bz2
84eb49119f77229b766f4d33a7616cc5b33ce1d4 285014
imagemagick_6.7.7.10-5+deb7u2_amd64.deb
143fefe20621476d80511eea1212eea069d976ac 6274334
imagemagick-dbg_6.7.7.10-5+deb7u2_amd64.deb
8232c1fdced3684cc92261005dd5c8426602be34 128236
imagemagick-common_6.7.7.10-5+deb7u2_all.deb
57b6d75c77826dd5195f3a5e2913c3c4729fcf3a 5628110
imagemagick-doc_6.7.7.10-5+deb7u2_all.deb
e05732e93ac919c4da9753f8c17f9b4857b0f179 2083380
libmagickcore5_6.7.7.10-5+deb7u2_amd64.deb
61c8659eb9ae6a88142e7c9ff1d64a59758c3f94 163678
libmagickcore5-extra_6.7.7.10-5+deb7u2_amd64.deb
191a5b4a2e6ea4a180fcf7ab2155c37783fe9394 1386300
libmagickcore-dev_6.7.7.10-5+deb7u2_amd64.deb
3e48fcac26fcd24912e528165c6b5c42a7d4d2cd 462178
libmagickwand5_6.7.7.10-5+deb7u2_amd64.deb
c2899a275c17405c7f1ed155af4f944e904fa33d 544286
libmagickwand-dev_6.7.7.10-5+deb7u2_amd64.deb
6a63e172e2d59556eaca183ffff88401e33eb573 236480
libmagick++5_6.7.7.10-5+deb7u2_amd64.deb
38b91c4cf50f7b99967ebab97d616579e50e302d 284968
libmagick++-dev_6.7.7.10-5+deb7u2_amd64.deb
b0a4ed2041d02e3ba719a81b0abdce433b303631 255654
perlmagick_6.7.7.10-5+deb7u2_amd64.deb
Checksums-Sha256:
3add8e04c40eca7a436b1acee59c84405d214da472e183953236342d391b214c 2533
imagemagick_6.7.7.10-5+deb7u2.dsc
05fb23824b1c90ac35259715c94c65fb5cda6969eb597a7637762d8cf3998fda 10473522
imagemagick_6.7.7.10.orig.tar.bz2
e210f8e5359180202896403d87571f71108d7e4c9658954d0ff3b334891ede27 138234
imagemagick_6.7.7.10-5+deb7u2.debian.tar.bz2
02d324cc30f13b8f95b3d3a9cebf5e2eb4156feba97823a167602a39a9660040 285014
imagemagick_6.7.7.10-5+deb7u2_amd64.deb
455230732bd467aeeb6fd147be809fd78d98c261fc3517f9c368183957b96a00 6274334
imagemagick-dbg_6.7.7.10-5+deb7u2_amd64.deb
323f6ff2a86639de43b5c56c085e73d13ccd0985e1ba9e6eace7b55ace281e47 128236
imagemagick-common_6.7.7.10-5+deb7u2_all.deb
ce2cc51742d0766a6362c6d09638e3663b2768598870f3e41be58ba5ede77dd8 5628110
imagemagick-doc_6.7.7.10-5+deb7u2_all.deb
516283e6f9b8d10940f4c9983e5ec77c7740afb943e36d9f2d9bc2fa4d35e5cd 2083380
libmagickcore5_6.7.7.10-5+deb7u2_amd64.deb
3340a399fab9be3531fdc38c46f0c98ea27865876071ea81e685e90b8e508c45 163678
libmagickcore5-extra_6.7.7.10-5+deb7u2_amd64.deb
a2ea13b0e0d8e9320dd6e5d9cfbfb250d2b527ac3856887de67260237d702b20 1386300
libmagickcore-dev_6.7.7.10-5+deb7u2_amd64.deb
5532e59d488f246b1191bfb89766fb1f6fee44b36fa3be773f505799311ce25f 462178
libmagickwand5_6.7.7.10-5+deb7u2_amd64.deb
c97e39d788b2ce5a4f3fc8f70ef3e81540ee634873aec05212813a856c529639 544286
libmagickwand-dev_6.7.7.10-5+deb7u2_amd64.deb
92f72a3d5e3f2b309100e122aa99cf04dad75d50a63f0ed2c2eb727935e82146 236480
libmagick++5_6.7.7.10-5+deb7u2_amd64.deb
75318b22245ce995e3f742bd16ea9961d879d916c0012b1b60991a276ff3ac68 284968
libmagick++-dev_6.7.7.10-5+deb7u2_amd64.deb
ee9ce3bf46d24bf270901624a7c2f851f7bbb1fb97918dda9cb890ffd5a7230a 255654
perlmagick_6.7.7.10-5+deb7u2_amd64.deb
Files:
f1d8faeb667036cd963857fdba35edac 2533 graphics optional
imagemagick_6.7.7.10-5+deb7u2.dsc
fb64a68853b7dd279075c7f2e17a8302 10473522 graphics optional
imagemagick_6.7.7.10.orig.tar.bz2
7eaf9370191b796fe73476c68638619e 138234 graphics optional
imagemagick_6.7.7.10-5+deb7u2.debian.tar.bz2
2b00272fc961116f9d5366c938ad9ed0 285014 graphics optional
imagemagick_6.7.7.10-5+deb7u2_amd64.deb
34b94ee578340e2f284e8582df3b3f07 6274334 debug extra
imagemagick-dbg_6.7.7.10-5+deb7u2_amd64.deb
b2062f813877ab7460db669bcd87b00f 128236 graphics optional
imagemagick-common_6.7.7.10-5+deb7u2_all.deb
54250ee23d95371d683c74e611d45a0e 5628110 doc optional
imagemagick-doc_6.7.7.10-5+deb7u2_all.deb
3d57a3814697bdd467e33180c644ed5c 2083380 libs optional
libmagickcore5_6.7.7.10-5+deb7u2_amd64.deb
cde5662b650407a5e2d9a093b802984b 163678 libs optional
libmagickcore5-extra_6.7.7.10-5+deb7u2_amd64.deb
ce30bea871b9957b33ce0e8793226ddf 1386300 libdevel optional
libmagickcore-dev_6.7.7.10-5+deb7u2_amd64.deb
6b2d71fb049be405eec3f4069642a14d 462178 libs optional
libmagickwand5_6.7.7.10-5+deb7u2_amd64.deb
37bc946a6a9c1632d0e543d14aa4d90e 544286 libdevel optional
libmagickwand-dev_6.7.7.10-5+deb7u2_amd64.deb
d218a04b20196f384a1c9e36e6aabc49 236480 libs optional
libmagick++5_6.7.7.10-5+deb7u2_amd64.deb
735d9aa59351ab259aaf712069e38a17 284968 libdevel optional
libmagick++-dev_6.7.7.10-5+deb7u2_amd64.deb
538bed796bf20e8a0ca8a8f8412ea9eb 255654 perl optional
perlmagick_6.7.7.10-5+deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlIjtjQACgkQx/UhwSKygsqLwACeM+GUfPwZlK1iOWORa+uvUpOB
HXUAnjuV9MNpiBgnF20o5+me7eUtkxrO
=k8iS
-----END PGP SIGNATURE-----
--- End Message ---