[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
Launchpad has imported 35 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=186030. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2007-07-20T21:26:44+00:00 graaff wrote: imagemagick 6.3.5 has been released on July 5th, with a -2 patch version on the 17th. The reason I am mentioning it is that I got a huge memory leak when using imagemagick 6.3.4 through rmagick 1.15.7-r1. Both imagemagick 6.3.3 and 6.3.5 don't have this problem. Since things work again with imagemagick 6.3.5 I'm not going to hunt for the actual cause, but let me know if you need more information. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/0 On 2007-09-04T19:44:12+00:00 pacho wrote: Also, seems that this bump could fix: http://bugs.gentoo.org/show_bug.cgi?id=191001 As said in: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=9602&p=0&e=0&sid=179acdbb16feb516eedb6f0477471371 Thanks a lot Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/1 On 2007-09-16T08:03:32+00:00 graaff wrote: Created attachment 131031 Ebuild for imagemagick 6.3.5-9 An updated ebuild for imagemagick-6.3.5-9. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/2 On 2007-09-20T22:32:42+00:00 betelgeuse wrote: (In reply to comment #2) > Created an attachment (id=131031) [edit] > Ebuild for imagemagick 6.3.5-9 > > An updated ebuild for imagemagick-6.3.5-9. > Couple months gone by since the original report so you could as well go ahead and do the bump yourself. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/3 On 2007-09-21T19:55:55+00:00 hoffie wrote: Just saw the advisories about CVE-2007-4985 [1], CVE-2007-4986 [2], CVE-2007-4987 [3] and CVE-2007-4988 [4] from iDefense, so transforming this one to a security bug. [1] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596 [2] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594 [3] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595 [4] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597 Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/4 On 2007-09-21T20:06:12+00:00 rbu wrote: Setting whiteboard to A2 because the application itself is not actively remotely exploitable. A combination with networked applications makes this bug more serious though. graphics, please provide an updated ebuild. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/5 On 2007-09-21T20:22:26+00:00 graaff wrote: I've added the ebuild for imagemagick 6.3.5-9 to CVS just now, as discussed on IRC with the graphics herd. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/6 On 2007-09-21T20:40:50+00:00 keytoaster wrote: Thanks. Arches, please stabilize media-gfx/imagemagick-6.3.5.9, target keywords are: "alpha amd64 hppa ia64 mips ppc ppc64 sparc x86 ~x86-fbsd". Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/7 On 2007-09-21T23:22:55+00:00 fauli wrote: x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/8 On 2007-09-21T23:39:31+00:00 fmccor wrote: Sparc stable. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/9 On 2007-09-22T05:44:15+00:00 jer wrote: Stable for HPPA. Reply at: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/144425/comments/10 On 2007-09-22T09:55:03+00:00 jonas wrote: media-gfx/imagemagick-6.3.5.9 USE="X jpeg mpeg perl png tiff truetype xml zlib -bzip2 -doc -fpx -graphviz -gs -hdri -jbig -jpeg2k -lcms -nocxx -openexr -q32 -q8 -wmf" 1. Emerges on AMD64. 2. No collisions etc. 3. Works - have tried to convert images with convert tool. Portage 2.1.2.12 (default-linux/amd64/2
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
** Changed in: graphicsmagick (Gentoo Linux) Importance: Unknown => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/144425 Title: [ImageMagick] security issues with releases prior to 6.3.5-9 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life - http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the Gutsy task. ** Changed in: graphicsmagick (Ubuntu Gutsy) Status: Confirmed => Won't Fix -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix. ** Changed in: graphicsmagick (Ubuntu Feisty) Status: Confirmed => Won't Fix -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
Please close for Feisty as Won't Fix? This goes for all the other Feisty bugs. -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix. ** Changed in: graphicsmagick (Ubuntu Edgy) Status: Confirmed => Won't Fix -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
** Changed in: graphicsmagick (Ubuntu) Status: In Progress => Fix Released -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
** Changed in: graphicsmagick (Gentoo Linux) Status: Unknown => Fix Released -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
** Bug watch added: Gentoo Bugzilla #186030 http://bugs.gentoo.org/show_bug.cgi?id=186030 ** Also affects: graphicsmagick (Gentoo Linux) via http://bugs.gentoo.org/show_bug.cgi?id=186030 Importance: Unknown Status: Unknown -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
graphicsmagick isn't affected by CVE-2007-4987. The others will be fixed by the sync in bug #204349. ** Changed in: graphicsmagick (Ubuntu) Assignee: (unassigned) => William Grant (fujitsu) Status: Confirmed => In Progress -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
** Changed in: graphicsmagick (Debian) Status: New => Fix Released -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
** Changed in: graphicsmagick (Debian) Status: Unknown => New -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
** Bug watch added: Debian Bug tracker #444266 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444266 ** Also affects: graphicsmagick (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444266 Importance: Unknown Status: Unknown -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
Released as USN-523-1. ** Changed in: imagemagick (Ubuntu Gutsy) Status: In Progress => Fix Released ** Changed in: imagemagick (Ubuntu Dapper) Status: In Progress => Fix Released ** Changed in: imagemagick (Ubuntu Edgy) Status: In Progress => Fix Released ** Changed in: imagemagick (Ubuntu Feisty) Status: In Progress => Fix Released -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
Thanks for attaching the fixes. I will get this built and published shortly. ** Changed in: graphicsmagick (Ubuntu Dapper) Assignee: Kees Cook (keescook) => (unassigned) Status: In Progress => Confirmed ** Changed in: graphicsmagick (Ubuntu Edgy) Assignee: Kees Cook (keescook) => (unassigned) Status: In Progress => Confirmed ** Changed in: imagemagick (Ubuntu Dapper) Importance: Undecided => Medium Assignee: (unassigned) => Kees Cook (keescook) Status: New => In Progress ** Changed in: imagemagick (Ubuntu Edgy) Importance: Undecided => Medium Assignee: (unassigned) => Kees Cook (keescook) Status: New => In Progress ** Changed in: imagemagick (Ubuntu Feisty) Importance: Undecided => Medium Assignee: (unassigned) => Kees Cook (keescook) Status: New => In Progress ** Changed in: imagemagick (Ubuntu Gutsy) Importance: Undecided => Medium Assignee: (unassigned) => Kees Cook (keescook) Status: New => In Progress -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
Er, actually, this one doesn't have fixes attached, but thank you regardless. I will hunt them down and get it rolling. :) -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
** Also affects: graphicsmagick (Ubuntu) Importance: Undecided Status: New ** Changed in: graphicsmagick (Ubuntu Dapper) Importance: Undecided => Medium Assignee: (unassigned) => Kees Cook (keescook) Status: New => In Progress ** Changed in: graphicsmagick (Ubuntu Edgy) Importance: Undecided => Medium Assignee: (unassigned) => Kees Cook (keescook) Status: New => In Progress ** Changed in: graphicsmagick (Ubuntu Feisty) Importance: Undecided => Medium Assignee: (unassigned) => Kees Cook (keescook) Status: New => In Progress ** Changed in: graphicsmagick (Ubuntu Gutsy) Importance: Undecided => Medium Status: New => Confirmed ** Changed in: graphicsmagick (Ubuntu Feisty) Assignee: Kees Cook (keescook) => (unassigned) Status: In Progress => Confirmed -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 144425] Re: [ImageMagick] security issues with releases prior to 6.3.5-9
This is especially critical because imagemagick is used on a lot of servers for automatic processing of uploaded image files. -- [ImageMagick] security issues with releases prior to 6.3.5-9 https://bugs.launchpad.net/bugs/144425 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs