Bug#869210: marked as done (imagemagick: CVE-2017-11523: endless loop in ReadTXTImage)

Fri, 28 Jul 2017 16:21:28 -0700 

Your message dated Fri, 28 Jul 2017 23:18:55 +0000
with message-id <e1dbex1-000iuj...@fasolo.debian.org>
and subject line Bug#869210: fixed in imagemagick 8:6.9.7.4+dfsg-14
has caused the Debian Bug report #869210,
regarding imagemagick: CVE-2017-11523: endless loop in ReadTXTImage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
869210: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869210
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso <car...@debian.org>
control: found -1  8:6.9.7.4+dfsg-11+deb9u1
control: found -1 8:6.8.9.9-5+deb8u10
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/591

original reported will open a bug

fixed by:
https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078

--- End Message ---
--- Begin Message --- 
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-14

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 869...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 29 Jul 2017 00:51:39 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-14
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum 
depth Q16HDRI
 libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra 
codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - 
development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files 
(Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 869210 870012 870013 870014 870015 870016 870017 870019 870020 870021 
870022 870023
Changes:
 imagemagick (8:6.9.7.4+dfsg-14) unstable; urgency=high
 .
   * Security bugs:
     + assertion failed in DestroyImageInfo
       A assertion failed in DestroyImageInfo, leading to DOS
       (Closes: 870014)
     + CVE-2017-11523: endless loop in ReadTXTImage
       If text image file only contains "MagickID..." line,
       it will cause ReadTXTImage to infinite loop.
       (Closes: #869210).
     + Memory leak in mat coder
       Fix a memory leak in mat coder triggered by a special crafted file
       (Closes: #870013).
     + Use of uninitialized data in ImageMagick/coders/mat.c
       The coder accesses uninitialized data
       which might pose a security issue or at least a bug. The first
       undefined access happens within coders/mat.c:1196 in a call to
       calcMinMax(). The back part of the buffer bImgBuff is now large enough
       but does seemingly not contain any sensible data.
       (Closes: #870012)
     + CVE-2017-11644
       A special crafted file create a memory leak in MAT file coder.
       The code need to free two buffer in some exceptionnal
       circonstances, instead than just one is freed
       (Closes: #870016)
     + Memory leak in mat coder
       A special crafted file create a memory leak in MAT coder
       (Closes: #870015)
     + Memory leak in mat coder
       In case of corrupted file, cloned image (temporarly image) should be 
freed
       (Closes: #870017)
     + assertion failed in DestroyImageInfo due to mat coder
       (Closes: #870019)
     + assertion failed in DestroyImage due to mat coder
       (Closes: #870020)
     + Memory leak in mat coder (upstream 617)
       (Closes: #870021)
     + Memory leak in mat coder (upstream 616)
       (Closes: #870022)
     + Memory leak in mat coder (upstream 616)
       (Closes: #870023)
Checksums-Sha1:
 75247a79b7b5eb82811ab73f0ec68908a4972d8d 5137 imagemagick_6.9.7.4+dfsg-14.dsc
 c40fa968ca6680bda8ef2e322334ff200a04ada5 243764 
imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
 3f089382844b041b9e05e540a7ab96671080be86 12823 
imagemagick_6.9.7.4+dfsg-14_source.buildinfo
Checksums-Sha256:
 14c3d43d4f5d7e2ab48eeaa17ce0b1f6101e41c865d21ff67d97eccff466b343 5137 
imagemagick_6.9.7.4+dfsg-14.dsc
 782073edb3619f224ced0cd0996b94ce8ee89d1440cac296de034163223949f4 243764 
imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
 67f3fe40bd5beeedbe022e2c43d6ebc609a6a8cedeee226a0936200024244fab 12823 
imagemagick_6.9.7.4+dfsg-14_source.buildinfo
Files:
 6a3cd4a1a8b89dcaac1d2807d8413f0f 5137 graphics optional 
imagemagick_6.9.7.4+dfsg-14.dsc
 f5344e2e44a79570fa428c92f9d1d8c3 243764 graphics optional 
imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
 d956b5b0e374aeea902e6e42f6533d2e 12823 graphics optional 
imagemagick_6.9.7.4+dfsg-14_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAll7w8kACgkQADoaLapB
CF/iQQ//V0fefamog0KyW+GQuzH9rdajUUJVI+y4vxUK+HJh1fgxlkhjzjXj3WIC
TXzglgwagy9YNuELARQ6xALs+h65F9tM/6YgjtzqFMVid7gG90HfFXn0ze+aoTpC
bnzb3w4KPaR5o0NYWw7yUtpTmXMkHGdsJDvpuFap4FEiqCu7vXMplx0gBDBDw3zT
ns0x10Th2E8naIlRMVE5HJiT+FCtS30XFb/PgUnKqoywwZ1/yXcNMZIGaKN1By9p
w2uoEAKjdIxW9vVc4BZkmpRRvO+ttnEIX4zaNrG4Z1yPYKGFcD6adG6B4ntIdHHA
pKn115s1LV0vxAQJME46Frv1YqxFDWzYrNZspGf9FAU3sNnFQq624od/ZxJidxju
UPVRtZ8JGH3vAPAHnvg8q56p5I/4h5KpPIq8CBvGhg1CAveNpvkjYyg2HOUI1mm3
Vod9GnCd3WdRbvf/PINYW44T5B3SLyqElIW9yFdpgzulM98PIhrQ57qk5AYAxFjF
7V5Zu1mmD0GVvOtszfPthT5umUjnf+UZAG7gFXoxWWNq91FtiXzmYkMJsfmrB2Wb
dIflVw65wrgAfVgh3jTa0OQRE2F7Gw+0o7Q6+UXrNBDh4uL+DTGI/36tFvACrYAb
ToEDev8hnZEv529pcznbbyLAPdeFsMy2hDgf0oH3Z6EMk6aFozM=
=br7e
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to