Your message dated Fri, 20 Jan 2017 19:18:54 +0000 with message-id <e1cuei6-000f3i...@fasolo.debian.org> and subject line Bug#851485: fixed in imagemagick 8:6.9.7.4+dfsg-1 has caused the Debian Bug report #851485, regarding imagemagick: CVE-2016-10144: ipl file missing malloc check to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 851485: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851485 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: serious Tags: patch security fixed-upstream X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Fixed https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 851...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 15 Jan 2017 16:38:03 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.7.4+dfsg-1 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 773426 791460 793629 849439 849507 851374 851376 851377 851381 851382 851383 851483 851485 Changes: imagemagick (8:6.9.7.4+dfsg-1) unstable; urgency=high . * New upstream version: + Fix display -loop option not working/missing (Closes: #793629). + Honor $TMPDIR (Closes: #791460). + Fix inverted colors for monochrome images (Closes: #849507). + Fix imagemagick not run from menu in Mate (Closes: #773426). * Fix a few security bugs: + off-by-one string copy in wpg file handling (Closes: #851483). + check return of memory allocation in ipl file handling. (Closes: #851485) + Fix a heap overflow in psb file handling (Closes: #851374). + Fix Crash - PushQuantumPixel - Heap-Buffer-Overflow in tiff file handling (Closes: #851381). + Fix a memory corruption in psb file (Closes: #851376). + Fix an out of bound in psd file handling (Closes: #851377). + Check fwrite by using ferror (Closes: #849439). Fix CVE-2016-10062. + Avoid double free in profile.c (Closes: #851383). + Fix memory leak in MPC image format. (Closes: #851382). * update copyright years in debian/copyright. * Relax ${source:Version} depends for imagemagick-6-common. * Add more security POC Checksums-Sha1: 6b03fe7ec17ec266111f644a084123eeddadb7a2 5151 imagemagick_6.9.7.4+dfsg-1.dsc 8b59ad4ca982549cdc3910ae1312c9c7681989f8 8929800 imagemagick_6.9.7.4+dfsg.orig.tar.xz f651f106d82a713b265553ae58ab293eb60390a1 202620 imagemagick_6.9.7.4+dfsg-1.debian.tar.xz Checksums-Sha256: 65bf234b8252fc05d85bf79b7452ff3f91d68dc7140be30b824ff085cb4734f9 5151 imagemagick_6.9.7.4+dfsg-1.dsc 47fb2cdd26f5913318c4504f16ea363e04d1f400dda9ec52e461ab661d724026 8929800 imagemagick_6.9.7.4+dfsg.orig.tar.xz c911a588c6a758dfe489325d524ae70f7824f504753d352a17c027f3f0bc1c56 202620 imagemagick_6.9.7.4+dfsg-1.debian.tar.xz Files: 53dab66432c5965790676594f8b8989e 5151 graphics optional imagemagick_6.9.7.4+dfsg-1.dsc a43e39ad84d37e9ffcec5346bf12e446 8929800 graphics optional imagemagick_6.9.7.4+dfsg.orig.tar.xz e80a63af99ff999cd924526debd43f13 202620 graphics optional imagemagick_6.9.7.4+dfsg-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlh82I0ACgkQADoaLapB CF+yhw/9FXbQBD7llG1NyX04f9+lO0xQM6Ex454vMO1R61EuKV7NAJRB5lxw5XgT hk59EWeSkBumy376DUNRurhr8B3zu9FNLsSduxKY39TzwNTOwaaEkVPoC7ZQndaS dE+5bo8ARl+bXSnUtGhE96hOK66odw0Z5FU38VCi/fe7qhMhqZjYrrS/+AOAxSbw rZkGX5tObLaLOnissfVGABLoHrGVxIYYXVi3mlnD3z4D0uAAM/2KtkUhoYqzBXYT Yzb51kcmYycXImVe7iZq/CBpHM/2cZgcPgAJsoxCL93m1ZCwB5KuJKL4NLZj6GHR f0xojgckobelnf/Ix+N+0oX3ttpmZ49C7zVAUEoyJS9s3M0mx9oJtRUid5XSrGuR cK8sERxgWpTokYMxfpxmdwuX2ML0sAWZCKGqhzZYVHz14EIY740SUQr3MxZSEqO5 ecE64zT1EDtDOfhHjrsQjO1rH/1BJeLmaOzCb7jXs4s6FkDAUCuaY6Lx1TI9VrS8 OY1AptPoKxt9C69muvPj7A7Jui1zSeSGVTX3FER2wmcjIKlvLO83sfsGRTa3UJ3J ZqrW9EmtD9KMTdKMgeAcURQgm0+VK1TT6JOyhMNOJr0v9inrbUAuo2C5ms3A5a9B fCXd7WuG2vWt+BQNZY9uKgT60F333b++EAv4psWQDemN83l5bE0= =Elbq -----END PGP SIGNATURE-----
--- End Message ---
