Your message dated Wed, 26 Jul 2017 22:19:22 +0000
with message-id <e1dauei-000fg7...@fasolo.debian.org>
and subject line Bug#869210: fixed in imagemagick 8:6.9.7.4+dfsg-13
has caused the Debian Bug report #869210,
regarding imagemagick: CVE-2017-11523: endless loop in ReadTXTImage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
869210: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869210
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso <car...@debian.org>
control: found -1  8:6.9.7.4+dfsg-11+deb9u1
control: found -1 8:6.8.9.9-5+deb8u10
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/591

original reported will open a bug

fixed by:
https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078

--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-13

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 869...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Jul 2017 22:13:44 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-13
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum 
depth Q16HDRI
 libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra 
codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - 
development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files 
(Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 867778 868950 869210 869711 869712 869715 869721 869722 869725 869726 
869727 869728 869769 869791 869796 869827 869830 869831 869834
Changes:
 imagemagick (8:6.9.7.4+dfsg-13) unstable; urgency=high
 .
   * Fix a typo in changelog about CVE numbers
   * Security fixes:
     + Really Fix CVE-2017-9500 (Closes: #867778)
       An assertion failure was found in the function
       ResetImageProfileIterator, which allows attackers to cause a denial
       of service via a crafted file.
     + Fix CVE-2017-11446 (Closes: #868950)
       The ReadPESImage function in coders\pes.c has an infinite
       loop vulnerability that can cause CPU exhaustion via a crafted
       PES file.
     + CVE-2017-11523: endless loop in ReadTXTImage
       If text image file only contains "MagickID..." line,
       it will cause ReadTXTImage to infinite loop.
       (Closes: #869210).
     + Use after free in ReadWMFImage
       When identify WMF file, a crafted file revealed a use-after-free
       vulnerability. (Closes: #869715).
     + CVE-2017-11534:  Memory-Leak in lite_font_map()
       In coders/wmf.c a memory leak is triggered by a crafted file.
       (Closes: #869711).
     + CVE-2017-11537: palm coder FPE
       When ImageMagick processes a crafted file in convert, it can
       lead to a Floating Point Exception (FPE) in the WritePALMImage()
       function in coders/palm.c, related to an incorrect bits-per-pixel
       calculation.
       (Closes: #869712)
     + Memory leak in WritePALMImage
       Fix memory leak due to crafted file in palm coder.
       (Closes: #869721)
     + Fix another memory leak in quantize.c
       (Closes: #869722)
     + CVE-2017-11531 Memory-Leak in WriteHISTOGRAMImage()
       A crafted file could trigger a
       Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c
       (Closes: #869725)
     + Avoid a crash in mpc coder
       A crafted file could trigger a crash in the mpc coder.
       (Closes: #869728).
     + Fix a memory  leak in enhance.c
       Fix a potential memory leak if memory could not be allocated for one
       of histogram or stretch_map.
       If both cannot be allocated, there is no memory leak. If only one is
       allocated and the other fails,
       there is a memory leak of the one that could not be allocated. There
       is very little chance the allocations would fail.
       (Closes: #869769).
     + Fix a memory leak in jpeg and mpc coder
       A leak due to exception handling exist in MPC and JPEG coder.
       This could be triggerd by a crafted file.
       (Closes: #869791).
     + Fix memory exhaustion in mpc coder
       When identify MPC file , imagemagick will allocate memory to store the
       data.
       The function StringToUnsignedLong convert string to unsigned long
       type, but the return value was not checked.
       Here is my policy.xml to limit memory usage,but 256MB limit
       can be bypassed.
       (Closes: #869727).
     + Fix a leak in mpc file due to corrupted profiles
       (Closes: #869796).
     + CVE-2017-11532: memory leak
       When Imagemagick processes a crafted file in convert,
       it can lead to a Memory Leak in the WriteMPCImage() function in 
coders/mpc.c.
       (Closes: #869726)
     + CVE-2017-11535: heap based overflow in ps.c
       When ImageMagick processes a crafted file in
       convert, it can lead to a heap-based buffer over-read in the
       WritePSImage() function in coders/ps.c.
       (Closes: #869827)
     + CVE-2017-11536 memory leak in jp2 coder
       When ImageMagick processes a crafted file in convert, it
       can lead to a Memory Leak in the WriteJP2Image() function in
       coders/jp2.c.
       (Closes: #869831)
     + Fix a crash in jp2 codec
       Lack of validation of jp2 could lead to a crash
       (Closes: #869830)
     + CVE-2017-11533: heap buffer overflow in uil coder
       When ImageMagick processes a crafted file in convert, it can
       lead to a heap-based buffer over-read in the WriteUILImage() function
       in coders/uil.c.
       (Closes: #869834)
Checksums-Sha1:
 778f9350b0904b4d1d3989ec0a7529b47f0ff86e 5137 imagemagick_6.9.7.4+dfsg-13.dsc
 862210be9fa1899ed69b0362cb308c3cf6fc3ac4 241188 
imagemagick_6.9.7.4+dfsg-13.debian.tar.xz
 e3fe9dcd6b8eaddb334518c0f071e70b8f2568ff 12823 
imagemagick_6.9.7.4+dfsg-13_source.buildinfo
Checksums-Sha256:
 826e105fe04aac90ed33b43cc3254db8b26b37ba43cc6dfabce983fa3babe116 5137 
imagemagick_6.9.7.4+dfsg-13.dsc
 379caf7627e27e65bd05dabc97a4cec5f4061a7833506ee18dacfdde20359c5a 241188 
imagemagick_6.9.7.4+dfsg-13.debian.tar.xz
 44deea041655075166508cdf3c7f17bd7beae577cbc3c1e2769f8380f63b9297 12823 
imagemagick_6.9.7.4+dfsg-13_source.buildinfo
Files:
 6c0488b2f6b84e5239af8b0d92dc0b12 5137 graphics optional 
imagemagick_6.9.7.4+dfsg-13.dsc
 679553ecd05d814548f4c26f06826509 241188 graphics optional 
imagemagick_6.9.7.4+dfsg-13.debian.tar.xz
 c20ca342a1b71726bf015e83c67258a1 12823 graphics optional 
imagemagick_6.9.7.4+dfsg-13_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAll5DykACgkQADoaLapB
CF/I0RAAmgxjI/+a1oRL0GxVFIhWZ3MUL9El96dmX6unc3GGLE/PD/mVe8Ua4Q2g
kGC8UrK65LgD8+nuvUFSp/uWX6OLRGRQckepfI3IxNvKSzBZmMqlGHeezF/JbMn3
8h4wuw80QydRzPeHtrEV3r5AgWA5v4smUNOeCwAFgT0J9uahGaSN6HgCqbxetUQv
bWk3FrayyXdnt+650m27zfxUslsBp8wtjmPrHrsBD5j/eozIPjFgZOImj8kGPTYI
x+soXitfahYpnILvxpHFv5qtT49uMRVALSsB6Q265voruJkJUGXYYscCaikkFxyO
WO0IqusG/2bDNb1vfpsZs0vu2WDDy6PFwM+0y/+CyGaQFRNFW+hKRsbY0ZxmZD+l
BxX3M0BZ89QxmJWfjOHc8zMzxmaBTeHnlO5EWt6hbDpaPIAO3TKr0DTx3pt0QjCx
X8Jrnr4+/VLSwtUpIXsmmRG7sDjDmiHNGI5aM0BJbc+aA49mefEs2mBVzb/RMBuP
mGag4HLisiIRf1nURr8aMzZ7kbNmPdbJSrfh2VpzfRPSVupu0dCELMzeQ1YVGwYK
lDlDQCu6+sVHl8YGupv27Yg2PJ6ywXRw+A87plD2ic6Rv+MI9T2vVYdD7S713NDv
2wYwcqAz6fLQlje0tTR9da0huGPpPbUzvU5qtDvMMyPfeoRsXLA=
=/pWP
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to