Thanks for the debdiffs Dariusz! We ended up releasing updates using a
bunch of Debian's patches:
http://www.ubuntu.com/usn/usn-2990-1/
I'm closing out this bug, since we're now fixed in all supported
releases.
** Changed in: imagemagick (Ubuntu Precise)
Status: Confirmed => Fix Released
** Changed in: imagemagick (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578398
Title:
ImageMagick Security Issue: CVE-2016-3714
To manage
** Bug watch added: Debian Bug tracker #823542
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823542
** Also affects: imagemagick (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823542
Importance: Unknown
Status: Unknown
--
You received this bug notification
Adding SRU proposal for Wily.
** Attachment added: "wily_imagemagick_6.8.9.9-5ubuntu2.1.debdiff.2"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4663809/+files/wily_imagemagick_6.8.9.9-5ubuntu2.1.debdiff.2
--
You received this bug notification because you
Adding a debdiff for yakkety.
** Patch removed: "yakkety_imagemagick_6.8.9.9-7ubuntu7.debdiff"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4661804/+files/yakkety_imagemagick_6.8.9.9-7ubuntu7.debdiff
** Patch removed:
Adding SRU proposal for Trusty.
** Attachment added: "trusty_imagemagick_6.7.7.10-6ubuntu3.1.debdiff.2"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4663810/+files/trusty_imagemagick_6.7.7.10-6ubuntu3.1.debdiff.2
--
You received this bug notification
Adding SRU proposal for Xenial.
** Attachment added: "xenial_imagemagick_6.8.9.9-7ubuntu5.1.debdiff.2"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4663808/+files/xenial_imagemagick_6.8.9.9-7ubuntu5.1.debdiff.2
--
You received this bug notification because
Sorry about that Seth. I've just attached fixed debdiffs.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578398
Title:
ImageMagick Security Issue: CVE-2016-3714
To manage notifications about this
SRU proposal for Precise.
** Attachment added: "precise_imagemagick_6.6.9.7-5ubuntu3.4.debdiff.2"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4663811/+files/precise_imagemagick_6.6.9.7-5ubuntu3.4.debdiff.2
--
You received this bug notification because you
Dariusz, those debdiffs look good with the exception of the funny filename:
+CVE-2016–3714-workaround.patch
The ImageTragick team used a funny em-dash instead of a hyphen when they
gave the name of the CVE on their website, which has led to all kinds of
funny "CVE not found" and similar errors
The attachment "yakkety_imagemagick_6.8.9.9-7ubuntu7.debdiff" seems to
be a debdiff. The ubuntu-sponsors team has been subscribed to the bug
report so that they can review and hopefully sponsor the debdiff. If
the attachment isn't a patch, please remove the "patch" flag from the
attachment,
Adding SRU proposal for Trusty.
** Patch added: "trusty_imagemagick_6.7.7.10-6ubuntu3.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4661813/+files/trusty_imagemagick_6.7.7.10-6ubuntu3.1.debdiff
--
You received this bug notification because you are
Adding SRU proposal for wily.
** Patch added: "wily_imagemagick_6.8.9.9-5ubuntu2.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4661812/+files/wily_imagemagick_6.8.9.9-5ubuntu2.1.debdiff
--
You received this bug notification because you are a
Adding SRU proposal for Precise.
** Patch added: "precise_imagemagick_6.6.9.7-5ubuntu3.4.debdiff"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4661814/+files/precise_imagemagick_6.6.9.7-5ubuntu3.4.debdiff
--
You received this bug notification because you
Adding a debdiff for yakkety.
I have updated the policy.xml as recommended to increase the OOB security until
the upstream get fixed.
** Patch added: "yakkety_imagemagick_6.8.9.9-7ubuntu7.debdiff"
Adding SRU proposal for Xenial.
** Patch added: "xenial_imagemagick_6.8.9.9-7ubuntu5.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+attachment/4661805/+files/xenial_imagemagick_6.8.9.9-7ubuntu5.1.debdiff
--
You received this bug notification because you are a
I allowed myself to change the title of the bug so it's more meaningful
and can be found by searching for the CVE-Code.
** Summary changed:
- ImageMagick Security Issue reported yesterday
+ ImageMagick Security Issue: CVE-2016-3714
--
You received this bug notification because you are a member
17 matches
Mail list logo