Your message dated Thu, 08 Oct 2009 19:58:31 +0000
with message-id <e1mvz8b-0003pi...@ries.debian.org>
and subject line Bug#530946: fixed in graphicsmagick 1.1.11-3.2+lenny1
has caused the Debian Bug report #530946,
regarding CVE-2009-1882: ImageMagick Integer Overflow Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
530946: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530946
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for imagemagick:
SA35216[0]:
> DESCRIPTION:
> Tielei Wang has discovered a vulnerability in ImageMagick, which can
> be exploited by malicious people to potentially compromise a user's
> system.
>
> The vulnerability is caused due to an integer overflow error within
> the "XMakeImage()" function in magick/xwindow.c. This can be
> exploited to cause a buffer overflow via e.g. a specially crafted
> TIFF file.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerability is confirmed in version 6.5.2-8. Prior versions may
> also be affected.
>
> SOLUTION:
> Update to version 6.5.2-9.
>
> PROVIDED AND/OR DISCOVERED BY:
> Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
> Security, Institute of Computer Science and Technology, Peking
> University)
>
> ORIGINAL ADVISORY:
> ImageMagick:
> http://imagemagick.org/script/changelog.php
If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.
[0]http://secunia.com/advisories/35216/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoeOU8ACgkQNxpp46476apsTACfeXUukW4HpJRAEzEv/EuPfOHZ
8sIAn2iR9jkY0FdIPJVJ6ewcY3UB853d
=yTEV
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.1.11-3.2+lenny1
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive:
graphicsmagick-dbg_1.1.11-3.2+lenny1_i386.deb
to pool/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_i386.deb
graphicsmagick-imagemagick-compat_1.1.11-3.2+lenny1_all.deb
to
pool/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.1.11-3.2+lenny1_all.deb
graphicsmagick-libmagick-dev-compat_1.1.11-3.2+lenny1_all.deb
to
pool/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.1.11-3.2+lenny1_all.deb
graphicsmagick_1.1.11-3.2+lenny1.diff.gz
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1.diff.gz
graphicsmagick_1.1.11-3.2+lenny1.dsc
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1.dsc
graphicsmagick_1.1.11-3.2+lenny1_i386.deb
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_i386.deb
libgraphics-magick-perl_1.1.11-3.2+lenny1_i386.deb
to
pool/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_i386.deb
libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_i386.deb
to
pool/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_i386.deb
libgraphicsmagick++1_1.1.11-3.2+lenny1_i386.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_i386.deb
libgraphicsmagick1-dev_1.1.11-3.2+lenny1_i386.deb
to
pool/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_i386.deb
libgraphicsmagick1_1.1.11-3.2+lenny1_i386.deb
to pool/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 530...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated graphicsmagick
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 05 Oct 2009 22:11:23 +0200
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick1 libgraphicsmagick1-dev
libgraphicsmagick++1 libgraphicsmagick++1-dev libgraphics-magick-perl
graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat
graphicsmagick-dbg
Architecture: source i386 all
Version: 1.1.11-3.2+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Daniel Kobras <kob...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing
ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing
ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++1 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++
development files
libgraphicsmagick1 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development
files
Closes: 491439 530946
Changes:
graphicsmagick (1.1.11-3.2+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2008-3134: Multiple errors within the processing of various
formats can be exploited to crash the application (Closes: 491439)
* Fixed CVE-2008-6070: Multiple heap-based buffer underflows in the
ReadPALMImage function
* Fixed CVE-2008-6071: Heap-based buffer overflow in the DecodeImage function
* Fixed CVE-2008-6072: Multiple errors within the processing of XCF and
CINEON images can be exploited to crash the application.
* Fixed CVE-2008-6621: Multiple errors within the processing of DPX images
can be exploited to crash the application.
* Fixed CVE-2009-1882: Integer overflow in the XMakeImage function
(Closes: 530946)
Checksums-Sha1:
483bbc677687c7936539656fa63f322f7ef81b14 1536
graphicsmagick_1.1.11-3.2+lenny1.dsc
b84cb0bde3b59068f0c40dbfba77f58b8e95ebba 6046139
graphicsmagick_1.1.11.orig.tar.gz
889ba404cdff9ceece75072e99d2c8cd1f7e3e40 149167
graphicsmagick_1.1.11-3.2+lenny1.diff.gz
f22c8213636af9b51284a69b279e0faee56dec6d 947238
graphicsmagick_1.1.11-3.2+lenny1_i386.deb
43a53cf2f89f0fcdc91cceb4718a9745bce8c102 1200420
libgraphicsmagick1_1.1.11-3.2+lenny1_i386.deb
4c2db1b9bb9f0444adea63c7dce039bb53b1a41b 1544146
libgraphicsmagick1-dev_1.1.11-3.2+lenny1_i386.deb
35af8141850bdcf7d9bc2e89c20d014b24bd3ee0 244172
libgraphicsmagick++1_1.1.11-3.2+lenny1_i386.deb
79a58958aa3008837ba03d994abcf8e6fbf0a6a9 494178
libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_i386.deb
cced086f867a8e32d10054ea954e35acfcff1ab2 163900
libgraphics-magick-perl_1.1.11-3.2+lenny1_i386.deb
e7b161e6c9344c162257c5318581436fbd9b1b43 1891742
graphicsmagick-dbg_1.1.11-3.2+lenny1_i386.deb
d4eb7f7381dffad1da50e8cdf8a1e10f782098bd 12644
graphicsmagick-imagemagick-compat_1.1.11-3.2+lenny1_all.deb
64555eb6694dea8152a6f96f08660e53a06f097f 16174
graphicsmagick-libmagick-dev-compat_1.1.11-3.2+lenny1_all.deb
Checksums-Sha256:
588464a23e228cdf428ddafe8a14d024c9ebd77bcfd7cfda567511571ee92d72 1536
graphicsmagick_1.1.11-3.2+lenny1.dsc
16c2198941f0fe61f11f6daa66265fae7d452a4e74fdfd03feeb0b7bc8883ce5 6046139
graphicsmagick_1.1.11.orig.tar.gz
d312bd2795f1c4830b40c3f615d8014613d82d5823ec3d16664438555ab2b320 149167
graphicsmagick_1.1.11-3.2+lenny1.diff.gz
3c24de2ea1e1393b0f5cf6e838a02287e996f813831982f5bc40a37d5831b2d5 947238
graphicsmagick_1.1.11-3.2+lenny1_i386.deb
2acbe486e38246d1027f7af211c01ef1def906b522daa5f2a983269ed0cc653b 1200420
libgraphicsmagick1_1.1.11-3.2+lenny1_i386.deb
94f27cfa533f6d7bbfd727241e8b994dd094075c94bc8ed262a5ff962c4b30ca 1544146
libgraphicsmagick1-dev_1.1.11-3.2+lenny1_i386.deb
790e82c5d94148818dd722c5f78a3aa9bf25ba67e8584e13b22be5160b1af5ed 244172
libgraphicsmagick++1_1.1.11-3.2+lenny1_i386.deb
111aa3c500fa5e4eeebb6459a2960ce34963e8aaf985c8e82132c9d3d04733a7 494178
libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_i386.deb
ed1fb0384c7a1f4f6573f5bbe2ae9275ca95d22c462226ddf3e703b26dac4e62 163900
libgraphics-magick-perl_1.1.11-3.2+lenny1_i386.deb
a9805c348be574bb06eb5fb7f2dd7e650d8b4a8a39d7b8d782d6a8925d08e4a1 1891742
graphicsmagick-dbg_1.1.11-3.2+lenny1_i386.deb
25690e425dd2c292a2bcc324d833be1812c8dc0a445393e3ac3b5ea7a414de71 12644
graphicsmagick-imagemagick-compat_1.1.11-3.2+lenny1_all.deb
97f36e8d8404e067191a14909bb974df39d106d986da0f098512a159ffbe12d2 16174
graphicsmagick-libmagick-dev-compat_1.1.11-3.2+lenny1_all.deb
Files:
261662b6fb3b77604edab132d10977f6 1536 graphics optional
graphicsmagick_1.1.11-3.2+lenny1.dsc
16a032350a153d822ac07cae01961a91 6046139 graphics optional
graphicsmagick_1.1.11.orig.tar.gz
cdd750ffe34e093cdfac225fa6b33a73 149167 graphics optional
graphicsmagick_1.1.11-3.2+lenny1.diff.gz
741fbb514c8cb4835b395b45184f76e3 947238 graphics optional
graphicsmagick_1.1.11-3.2+lenny1_i386.deb
6ccb85e8b7eaeeee2e4fe00d832803b2 1200420 libs optional
libgraphicsmagick1_1.1.11-3.2+lenny1_i386.deb
1914a5d9a26fc909e98e8e926ddb78d1 1544146 libdevel optional
libgraphicsmagick1-dev_1.1.11-3.2+lenny1_i386.deb
a376387d274be4e565cdcdefc7e02ac8 244172 libs optional
libgraphicsmagick++1_1.1.11-3.2+lenny1_i386.deb
4ff97dc9e9ea733d22a3829a05e895a8 494178 libdevel optional
libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_i386.deb
3dac4dabd442279dfa97118e99a4ac6a 163900 perl optional
libgraphics-magick-perl_1.1.11-3.2+lenny1_i386.deb
8d98c6b5ddfcaab523ab24a7ddd63b4a 1891742 graphics extra
graphicsmagick-dbg_1.1.11-3.2+lenny1_i386.deb
7f81eeb86f1c06e48621f4af601c03af 12644 graphics extra
graphicsmagick-imagemagick-compat_1.1.11-3.2+lenny1_all.deb
618b4b262760b75319c81d651ee50644 16174 graphics extra
graphicsmagick-libmagick-dev-compat_1.1.11-3.2+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrKV5oACgkQNxpp46476apxSgCeMRH20B7CBZv3StVHXqqNRpTW
Ba4AoJhDWl5grPlmvXPjWrPoPnfqFqZV
=7McW
-----END PGP SIGNATURE-----
--- End Message ---
