Your message dated Sat, 15 Nov 2014 15:21:03 +0000 with message-id <e1xpf9r-0002xl...@franck.debian.org> and subject line Bug#768494: fixed in imagemagick 8:6.8.9.9-3 has caused the Debian Bug report #768494, regarding [imagemagick] Some special crafted jpeg file could lead to DOS to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 768494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768494 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: imagemagick Version: 8:6.8.9.9-2 Severity: normal Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: tags -1 + fixed-upstream control: forwarded -1 http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456 Some special crafted jpeg file lead to crash of imagemagick (SEGV) and thus DOS (remotly trigerable through imagick). I have asked for CVE Bastien
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.8.9.9-3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 768...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 07 Nov 2014 21:16:20 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-3 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 768494 Changes: imagemagick (8:6.8.9.9-3) unstable; urgency=high . * Fix a security bug (DOS). Some special crafted JPEG files could create a dos due to missing check in embeded EXIF properties (EXIF directory offsets must be greater than 0). Fix CVE-2014-8716 (Closes: #768494). Checksums-Sha1: 075b028b5073d0ce25db6df02ad97ca35467e438 4198 imagemagick_6.8.9.9-3.dsc ccf3ba074c6d2a8eab412db9485c2f4e9901ea4e 176312 imagemagick_6.8.9.9-3.debian.tar.xz ec8054321c95e1e6b5f7052870f549962b53262c 147880 imagemagick-common_6.8.9.9-3_all.deb 5e5074a57fb63de9c43f68262eca5898b13183fc 7660336 imagemagick-doc_6.8.9.9-3_all.deb 5c7089c13f22456615df2963907992e1cf73e9a9 166356 libmagickcore-6-headers_6.8.9.9-3_all.deb 043c66b25b8a1a94c1e2537c1f69bc70b5e7d59e 129300 libmagickwand-6-headers_6.8.9.9-3_all.deb 7e44a3f879442c8bfe258d611cc93e0b23424298 165092 libmagick++-6-headers_6.8.9.9-3_all.deb fa3097aa41c6c6d76293203441ac4cf39a8d72da 154046 imagemagick_6.8.9.9-3_amd64.deb 9cf36507d993ba2116507ff60f4890e76d6b3a7a 171966 libimage-magick-perl_6.8.9.9-3_all.deb 0c77552bff0d5f60813412d97d505656599926e3 128116 libmagickcore-6-arch-config_6.8.9.9-3_amd64.deb d8573ce274a3489dd27f32ae5dbe66382b1467be 510346 imagemagick-6.q16_6.8.9.9-3_amd64.deb 18db826a28d4cecda61d315ba9889f362edc6ba2 1678676 libmagickcore-6.q16-2_6.8.9.9-3_amd64.deb 51ab75b6711012e1625cc6954a9a8829d7e7d960 167130 libmagickcore-6.q16-2-extra_6.8.9.9-3_amd64.deb 4bacaa9815a632bac261054d16ed30e34f5fa001 1024316 libmagickcore-6.q16-dev_6.8.9.9-3_amd64.deb bf7e918ef86c3015bdf758933a181df1506fa99c 404194 libmagickwand-6.q16-2_6.8.9.9-3_amd64.deb 137965c8159cc6e4c0016a9da0a3ed3bcfc979df 390150 libmagickwand-6.q16-dev_6.8.9.9-3_amd64.deb 059535137a8022e626719e8dd1f776cb6bc747c2 252178 libmagick++-6.q16-5_6.8.9.9-3_amd64.deb 15d1c040059de46e50dec390bf1b8608562a52dd 219700 libmagick++-6.q16-dev_6.8.9.9-3_amd64.deb 91c9a2cee474aa352f0c522964a2b23ae0a3d669 4999418 imagemagick-dbg_6.8.9.9-3_amd64.deb 276ca9c7a0b833081d40819f1bc83eabaa7ec530 219200 libimage-magick-q16-perl_6.8.9.9-3_amd64.deb 1928e344c00522483494bea86dc0821dc4f172f1 120534 perlmagick_6.8.9.9-3_all.deb df9354aeeaee4c6898bdf3fe5c783992cce38715 120520 libmagickcore-dev_6.8.9.9-3_all.deb d432a827c16902c573a680f95caf438440ae420d 120506 libmagickwand-dev_6.8.9.9-3_all.deb fbcfc406e9e8053897e086b8ae0c34491f2eb6d9 120548 libmagick++-dev_6.8.9.9-3_all.deb Checksums-Sha256: 5a64097916a6fdf55a6ff2dcbd3a5cf344fe69d48ca81554c1f2ef932e8c178c 4198 imagemagick_6.8.9.9-3.dsc e046aa5adfc88986f47681e3a2a0c42d80db185394a9e062c702f56ff9c51210 176312 imagemagick_6.8.9.9-3.debian.tar.xz ea5b57293b5807ba78ee8df9e4e7b10186256a401ed150c4c50588d748a01261 147880 imagemagick-common_6.8.9.9-3_all.deb 42ea2d8338dc3b5ea7141a6afa493a25336f7bfe17fae6d4d640a1ad71337065 7660336 imagemagick-doc_6.8.9.9-3_all.deb 17912d4683e322c6bdd27e909a46898ceb9cc3f0dc063e4d6029534c0af51064 166356 libmagickcore-6-headers_6.8.9.9-3_all.deb 5bb7a16303ec85478387f9f66bf63624b485b8214fd7b2132bf6cda90a5a5b55 129300 libmagickwand-6-headers_6.8.9.9-3_all.deb ccd2569cc62dfd42b267f2ec4d1e7c8417739774c82eeee0fee5ded62934e8e3 165092 libmagick++-6-headers_6.8.9.9-3_all.deb dd449d2414c51f462df314fe759fde68f90c70478c7933844abad4c4539e9b2f 154046 imagemagick_6.8.9.9-3_amd64.deb 1ed21dd60ce01d2f58020391098f5ebd98e63a4ace6411c03fc7ae1841fcee72 171966 libimage-magick-perl_6.8.9.9-3_all.deb 95769d5f662fbc31f3d471dc87a06d7910cf1525a0f30984314d178207243b0e 128116 libmagickcore-6-arch-config_6.8.9.9-3_amd64.deb 7f3429e5ce36367b613e982b9e558c85694259ff9cdd8293c953002e8b232bc3 510346 imagemagick-6.q16_6.8.9.9-3_amd64.deb 701e993f45811a1fa826e36b8f523d794d5eb85b727bd83c42a340f0c47e92d3 1678676 libmagickcore-6.q16-2_6.8.9.9-3_amd64.deb e279f1c69b3ae9ba3cb810ba308ff606b3d58d0191dffc88aa8a32ba32affeb0 167130 libmagickcore-6.q16-2-extra_6.8.9.9-3_amd64.deb 0e3cc45a55f164392fc8584ca93b1b4a693314cea7577d46b6aff0c733494659 1024316 libmagickcore-6.q16-dev_6.8.9.9-3_amd64.deb 59f750dbeed1f605ae422dbab7c2ee554cfabb8c0d9d9fa3a86faa934930303e 404194 libmagickwand-6.q16-2_6.8.9.9-3_amd64.deb 5acdcc742bc753ead0b9db237d5c6bf89089ffc6862736aa38d5c0f76a749605 390150 libmagickwand-6.q16-dev_6.8.9.9-3_amd64.deb f18436e6a70a7bb5a80111807bd6828d5de14b6015b717b4d447625b4d6abbb3 252178 libmagick++-6.q16-5_6.8.9.9-3_amd64.deb 64deec8fbb07f79d6d78f052829d9e96f67281c408cb0d33ceba1e19506f2ae5 219700 libmagick++-6.q16-dev_6.8.9.9-3_amd64.deb 747d6dabf6627f63f0962893e813f3c2f593b2b4d367038a991b44aca5f150de 4999418 imagemagick-dbg_6.8.9.9-3_amd64.deb 4e79acff973c10447d03af33c4af8ae0339c47837dbaabb126e3c91bf7cdd431 219200 libimage-magick-q16-perl_6.8.9.9-3_amd64.deb ae8c70321cad60c7e8c09eea1d5017052ee072992e7ae2a7c1e3ec654cbcda47 120534 perlmagick_6.8.9.9-3_all.deb 944a61cd834a404e44c511c5ca001b9af8fb43c97a24d65da3f09e2564a9d2c0 120520 libmagickcore-dev_6.8.9.9-3_all.deb 96714ba264d97d79b2bbbc54c2f4d69f9dc6a492da03c0c0a5bc6807f4ccbcb5 120506 libmagickwand-dev_6.8.9.9-3_all.deb 006d58afc379db06556367413b14e0bd59e2eedd3f937018cca0936eae681b0e 120548 libmagick++-dev_6.8.9.9-3_all.deb Files: 3de5a0103ea7eb9c009d8e1975466399 4198 graphics optional imagemagick_6.8.9.9-3.dsc 3697ad26c47b0521b2532c0b102e594e 176312 graphics optional imagemagick_6.8.9.9-3.debian.tar.xz 95f14872e9b8dbc54d67c20a8754a4fe 147880 graphics optional imagemagick-common_6.8.9.9-3_all.deb 99bde73337c97cab4e2a822cbf97745f 7660336 doc optional imagemagick-doc_6.8.9.9-3_all.deb c55fbe6d3629f674303880cc85dc1d85 166356 libdevel optional libmagickcore-6-headers_6.8.9.9-3_all.deb af590797574e927568387cca59825be0 129300 libdevel optional libmagickwand-6-headers_6.8.9.9-3_all.deb 2d995c7948b4f43d9f7167ac5d6f24c2 165092 libdevel optional libmagick++-6-headers_6.8.9.9-3_all.deb f3aaf038c86f4a2e8717e34d1e9ae25f 154046 graphics optional imagemagick_6.8.9.9-3_amd64.deb 870d2b5080e030ce47bd1cf72d1ed0f5 171966 perl optional libimage-magick-perl_6.8.9.9-3_all.deb fc506719417783ee15b240b35383e097 128116 libdevel optional libmagickcore-6-arch-config_6.8.9.9-3_amd64.deb 58b6ff1a7c36f7f09a226d1c2956db68 510346 graphics optional imagemagick-6.q16_6.8.9.9-3_amd64.deb 5663bdef21f35350f2932a181bcddd91 1678676 libs optional libmagickcore-6.q16-2_6.8.9.9-3_amd64.deb 4e0bbca4944e32db0a24ec51e87982a3 167130 libs optional libmagickcore-6.q16-2-extra_6.8.9.9-3_amd64.deb 12d1374efefb902698810cf701d7711b 1024316 libdevel optional libmagickcore-6.q16-dev_6.8.9.9-3_amd64.deb c7e3f6c2abe8dd72c6f88fc00eb6fc6d 404194 libs optional libmagickwand-6.q16-2_6.8.9.9-3_amd64.deb beb5047d9f062727b11eddbacc11a0ea 390150 libdevel optional libmagickwand-6.q16-dev_6.8.9.9-3_amd64.deb 1aa0aad1939448a60264baffe9113419 252178 libs optional libmagick++-6.q16-5_6.8.9.9-3_amd64.deb 34bd804dc406d7cc1f476a2c6d8e28b9 219700 libdevel optional libmagick++-6.q16-dev_6.8.9.9-3_amd64.deb 718782286b128c3d9d7d2623bf1eb626 4999418 debug extra imagemagick-dbg_6.8.9.9-3_amd64.deb 3a0ec2216bc6cb703f98c5b6900435ed 219200 perl optional libimage-magick-q16-perl_6.8.9.9-3_amd64.deb 1eeeed6d9cef28a4088bc519551e49ad 120534 oldlibs extra perlmagick_6.8.9.9-3_all.deb c5ed33737cfbb9f5cb3409c1e0e02eae 120520 oldlibs extra libmagickcore-dev_6.8.9.9-3_all.deb 5f4b4ab105238dcfb54047ae548056d1 120506 oldlibs extra libmagickwand-dev_6.8.9.9-3_all.deb 904eaa742e924444cc489dc07ae04abf 120548 oldlibs extra libmagick++-dev_6.8.9.9-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUZ2XmAAoJEPUTxBnkudCsO/8P/04L4QMWLHdx/P4Ef4Vp4pwf XKbN+uqCdvxC/Bu/ogZTx6ZqiwdRUfBNLHSrz9+Ho18NVVDlyo/vlvF8xmrKsUy/ bIhKc4/rrhXw6+iMbhM8x6C8cL09J2vyzjAjT2XsyO/DBw2ww28yn/HCYgb6bJbV U+gfWTTsOvuCPsBUydq+M3iqUsogP6m1riMvP2SEq2aqx1YRcGQY+6wlbk+ABXP/ 7uEtliUDhHub57HR7BbH+NexEfcUAoWC6Y00bGx6R546NJRSzBHynt1kLn/gIIyu TYfHpGNBl24XJGpuQF+mjgMeR5A/+TBjbXaPmJd06mJSskLfmzOXlwWOTMDkN0WW KSvYP5hQaN8W0CdH+sxGSHwxR52rwpzKIE2CvepYj1nIOn3TXweATiecjiLUrsTT YPOyq751tt6NptQnq9BntagXr4gHanzUrOroNpu2/zuocwCN5YGe+HyuFhjNxPOH nJGUO77OOBfBXYOsqIx49qdLXXxAMdbC0wHCB4Y6k3AAAtMvnU3MUNJscrJ4qozs xE8TWKE/3niTSbUXoTPRMrmuAKHZiLhZZsa0lkufdvjRnaTQRydspiY1lYYy0eBg 99RyzYyu60yPAY7z3bVIgGzCOvTFBrUMm7A95gdPgxfcPq8KfagrbT8AJdDOJiNZ yztJK/Kp2YqgveCerJ7L =LebK -----END PGP SIGNATURE-----
--- End Message ---
