Your message dated Fri, 28 Jul 2017 23:18:55 +0000
with message-id <e1dbex1-000iuj...@fasolo.debian.org>
and subject line Bug#869210: fixed in imagemagick 8:6.9.7.4+dfsg-14
has caused the Debian Bug report #869210,
regarding imagemagick: CVE-2017-11523: endless loop in ReadTXTImage
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
869210: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869210
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso <car...@debian.org>
control: found -1 8:6.9.7.4+dfsg-11+deb9u1
control: found -1 8:6.8.9.9-5+deb8u10
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/591
original reported will open a bug
fixed by:
https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-14
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 869...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Jul 2017 00:51:39 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-14
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy
package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines
-- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics
routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header
files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files
(Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth
Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra
codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development
files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum
depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra
codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library -
development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files
(Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 869210 870012 870013 870014 870015 870016 870017 870019 870020 870021
870022 870023
Changes:
imagemagick (8:6.9.7.4+dfsg-14) unstable; urgency=high
.
* Security bugs:
+ assertion failed in DestroyImageInfo
A assertion failed in DestroyImageInfo, leading to DOS
(Closes: 870014)
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Memory leak in mat coder
Fix a memory leak in mat coder triggered by a special crafted file
(Closes: #870013).
+ Use of uninitialized data in ImageMagick/coders/mat.c
The coder accesses uninitialized data
which might pose a security issue or at least a bug. The first
undefined access happens within coders/mat.c:1196 in a call to
calcMinMax(). The back part of the buffer bImgBuff is now large enough
but does seemingly not contain any sensible data.
(Closes: #870012)
+ CVE-2017-11644
A special crafted file create a memory leak in MAT file coder.
The code need to free two buffer in some exceptionnal
circonstances, instead than just one is freed
(Closes: #870016)
+ Memory leak in mat coder
A special crafted file create a memory leak in MAT coder
(Closes: #870015)
+ Memory leak in mat coder
In case of corrupted file, cloned image (temporarly image) should be
freed
(Closes: #870017)
+ assertion failed in DestroyImageInfo due to mat coder
(Closes: #870019)
+ assertion failed in DestroyImage due to mat coder
(Closes: #870020)
+ Memory leak in mat coder (upstream 617)
(Closes: #870021)
+ Memory leak in mat coder (upstream 616)
(Closes: #870022)
+ Memory leak in mat coder (upstream 616)
(Closes: #870023)
Checksums-Sha1:
75247a79b7b5eb82811ab73f0ec68908a4972d8d 5137 imagemagick_6.9.7.4+dfsg-14.dsc
c40fa968ca6680bda8ef2e322334ff200a04ada5 243764
imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
3f089382844b041b9e05e540a7ab96671080be86 12823
imagemagick_6.9.7.4+dfsg-14_source.buildinfo
Checksums-Sha256:
14c3d43d4f5d7e2ab48eeaa17ce0b1f6101e41c865d21ff67d97eccff466b343 5137
imagemagick_6.9.7.4+dfsg-14.dsc
782073edb3619f224ced0cd0996b94ce8ee89d1440cac296de034163223949f4 243764
imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
67f3fe40bd5beeedbe022e2c43d6ebc609a6a8cedeee226a0936200024244fab 12823
imagemagick_6.9.7.4+dfsg-14_source.buildinfo
Files:
6a3cd4a1a8b89dcaac1d2807d8413f0f 5137 graphics optional
imagemagick_6.9.7.4+dfsg-14.dsc
f5344e2e44a79570fa428c92f9d1d8c3 243764 graphics optional
imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
d956b5b0e374aeea902e6e42f6533d2e 12823 graphics optional
imagemagick_6.9.7.4+dfsg-14_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAll7w8kACgkQADoaLapB
CF/iQQ//V0fefamog0KyW+GQuzH9rdajUUJVI+y4vxUK+HJh1fgxlkhjzjXj3WIC
TXzglgwagy9YNuELARQ6xALs+h65F9tM/6YgjtzqFMVid7gG90HfFXn0ze+aoTpC
bnzb3w4KPaR5o0NYWw7yUtpTmXMkHGdsJDvpuFap4FEiqCu7vXMplx0gBDBDw3zT
ns0x10Th2E8naIlRMVE5HJiT+FCtS30XFb/PgUnKqoywwZ1/yXcNMZIGaKN1By9p
w2uoEAKjdIxW9vVc4BZkmpRRvO+ttnEIX4zaNrG4Z1yPYKGFcD6adG6B4ntIdHHA
pKn115s1LV0vxAQJME46Frv1YqxFDWzYrNZspGf9FAU3sNnFQq624od/ZxJidxju
UPVRtZ8JGH3vAPAHnvg8q56p5I/4h5KpPIq8CBvGhg1CAveNpvkjYyg2HOUI1mm3
Vod9GnCd3WdRbvf/PINYW44T5B3SLyqElIW9yFdpgzulM98PIhrQ57qk5AYAxFjF
7V5Zu1mmD0GVvOtszfPthT5umUjnf+UZAG7gFXoxWWNq91FtiXzmYkMJsfmrB2Wb
dIflVw65wrgAfVgh3jTa0OQRE2F7Gw+0o7Q6+UXrNBDh4uL+DTGI/36tFvACrYAb
ToEDev8hnZEv529pcznbbyLAPdeFsMy2hDgf0oH3Z6EMk6aFozM=
=br7e
-----END PGP SIGNATURE-----
--- End Message ---