Bug#683284: marked as done (CVE-2012-3438)

Mon, 20 Aug 2012 06:36:28 -0700 

Your message dated Mon, 20 Aug 2012 13:32:43 +0000
with message-id <[email protected]>
and subject line Bug#683284: fixed in graphicsmagick 1.3.16-1.1
has caused the Debian Bug report #683284,
regarding CVE-2012-3438
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
683284: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683284
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: graphicsmagick
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3438 for 
details.

Please fix this for Wheezy with an isolated fix instead of updating to a new
upstream release (since the freeze is in effect)

This doesn't warrant a DSA, but can be fixed through a stable point update for
Squeeze (adding Jonathan to CC, who's managing this)

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: graphicsmagick
Source-Version: 1.3.16-1.1

We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated graphicsmagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 18 Aug 2012 15:08:57 +0200
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev 
libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl 
graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat 
graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.16-1.1
Distribution: unstable
Urgency: low
Maintainer: Daniel Kobras <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Description: 
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing 
ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing 
ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++1-dev - format-independent image processing - C++ 
development files
 libgraphicsmagick++3 - format-independent image processing - C++ shared library
 libgraphicsmagick1-dev - format-independent image processing - C development 
files
 libgraphicsmagick3 - format-independent image processing - C shared library
Closes: 683284
Changes: 
 graphicsmagick (1.3.16-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * [SECURITY] Fix "CVE-2012-3438": apply patch from upstream repo:
     
http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2
     "coders/png.c: Some typecasts were inconsistent with libpng-1.4 and
     later."
     (Closes: #683284)
Checksums-Sha1: 
 b9e2178a3e08032b171a20f9d3f3a4b069aaf5a3 2631 graphicsmagick_1.3.16-1.1.dsc
 224322db69e3c2ea7ff75e87cdd546e8d1878418 159080 
graphicsmagick_1.3.16-1.1.diff.gz
 58f06875141cc9108be344a14b3166766891b81e 1029270 
graphicsmagick_1.3.16-1.1_amd64.deb
 f09702a6ea974da8c76b3126768c36e93a08a0f9 1319926 
libgraphicsmagick3_1.3.16-1.1_amd64.deb
 4b2ab72edd7e6006b5379a17698f136aae439087 1815114 
libgraphicsmagick1-dev_1.3.16-1.1_amd64.deb
 c17694a8e7f292b755fd4506166939281d428730 152838 
libgraphicsmagick++3_1.3.16-1.1_amd64.deb
 4b7e222016ad1e125774b258d6aae7cbac05dce9 404920 
libgraphicsmagick++1-dev_1.3.16-1.1_amd64.deb
 17bb8a4429f2dcebff533d3185de8931a3e3e272 81778 
libgraphics-magick-perl_1.3.16-1.1_amd64.deb
 d6c59a308c21b200e1863f51cd6c3521379c5b69 3259936 
graphicsmagick-dbg_1.3.16-1.1_amd64.deb
 d8864b1bcdb593e868e95c709712180c71612078 15934 
graphicsmagick-imagemagick-compat_1.3.16-1.1_all.deb
 0fc07df33fdf62429550d48b4ba0860e35fc6a80 19526 
graphicsmagick-libmagick-dev-compat_1.3.16-1.1_all.deb
Checksums-Sha256: 
 cfe2f45f3728c1c7902385e3c2ce8bf3dd65bd6a458865bad9b80e7d8025fc8d 2631 
graphicsmagick_1.3.16-1.1.dsc
 0103133d738608d087724f5c8bf8f04638f9a46be0741d185dc26463d0d2b1f8 159080 
graphicsmagick_1.3.16-1.1.diff.gz
 fff8e02dec29797face632b95ad319df101f52ae3f95ac8e4f8898afbf3aabb8 1029270 
graphicsmagick_1.3.16-1.1_amd64.deb
 9db0e50d550d786157e407f9bd82f87e14797428eb51cbe7dabe256b6ba5c99d 1319926 
libgraphicsmagick3_1.3.16-1.1_amd64.deb
 91391440b3a25b0ffac1e37a1d4d20416632fa9fed3e9b99caaa4153e6cf3e26 1815114 
libgraphicsmagick1-dev_1.3.16-1.1_amd64.deb
 b11b0c1f8a4aa84906afd5e37e5d95431d2447bbf0209cb1446e429458d90412 152838 
libgraphicsmagick++3_1.3.16-1.1_amd64.deb
 538929f48cd0c0e36d9815dba3d07333db092da3fd36b2ffb068c90c625c3dff 404920 
libgraphicsmagick++1-dev_1.3.16-1.1_amd64.deb
 78f42f63703bff932c4696d03882fd7fa794773be47d0f50405c370c01274106 81778 
libgraphics-magick-perl_1.3.16-1.1_amd64.deb
 a11a98eda512f6830e868d0f7f9d3462a6b665234cc95aa1041d97f2158bd491 3259936 
graphicsmagick-dbg_1.3.16-1.1_amd64.deb
 e668ea9a38776ff0881e05bdf58568896f91c8231978df42e678228fc4d95fc1 15934 
graphicsmagick-imagemagick-compat_1.3.16-1.1_all.deb
 2e3f415658aa0e33bebb484f47d8669af52e14ca0eed6516184ee3d40718d6a9 19526 
graphicsmagick-libmagick-dev-compat_1.3.16-1.1_all.deb
Files: 
 6fde843563e9bc3ddb8c59ff230c478f 2631 graphics optional 
graphicsmagick_1.3.16-1.1.dsc
 fbbe469f5af36c13c6ee291e9653b8c0 159080 graphics optional 
graphicsmagick_1.3.16-1.1.diff.gz
 73f93e72a106fa6f7106cf18e86f663b 1029270 graphics optional 
graphicsmagick_1.3.16-1.1_amd64.deb
 0e9a0f6fb975b861038e8c795a5c9bd9 1319926 libs optional 
libgraphicsmagick3_1.3.16-1.1_amd64.deb
 358c9a99a5ec67ccfbe3b121407f661d 1815114 libdevel optional 
libgraphicsmagick1-dev_1.3.16-1.1_amd64.deb
 fc56a8a1d2ead73bc3d842612cd2fa7e 152838 libs optional 
libgraphicsmagick++3_1.3.16-1.1_amd64.deb
 57d8825472bb1e680f53e4ff716b9838 404920 libdevel optional 
libgraphicsmagick++1-dev_1.3.16-1.1_amd64.deb
 f108935082f0b3fb41c5efc07512236f 81778 perl optional 
libgraphics-magick-perl_1.3.16-1.1_amd64.deb
 7af9126779a8a63254905af906c18815 3259936 debug extra 
graphicsmagick-dbg_1.3.16-1.1_amd64.deb
 532860ecf86bd62a4fcd48fc6b78ce40 15934 graphics extra 
graphicsmagick-imagemagick-compat_1.3.16-1.1_all.deb
 2bc87a34e7b1245dcb807eb6e52bad9a 19526 graphics extra 
graphicsmagick-libmagick-dev-compat_1.3.16-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQL5SXAAoJELs6aAGGSaoGL3IQAI01dvRsYdy61GT7COx8HD4o
074U8p5f8mxxcyVH0Nou53LcyQq+XibMW5OX4VGtj+396YGZHi1zqLgXEQy1uXp+
5dV5A6GGTCumNJwxLw4uCqJepVYWeZcxTCAN1K23ysPTtwG2hyVC4yF3KZiydraL
3exLlCJzAjAbMntp/7SpiHDU3JlBxTxtDBAig3YffLtS1+AXxPeoEK3EGd9nJde/
M0UCh4lcjC//VGnRK2M06XQFnzEu5pEpuaqZQbs18W/7U9rutw+Kfc4Kgj3AA9b5
j5myHXTCDqHTYptC0Zj2H8zHGur9Y84MJoAcFxDfGFBWPzrLbXddvWzJYPAdkAL+
1i057DlChmm46EmqyhPC9bQLMihzNG0sYfI9G6C4vM27DNMCEmfbSrh3U3MQ1+Ky
1k64B4oAJ4smC/6fLdy0nWcfQvqoy8o+9JDMlKp7IXy53W7xrvPVekiOblR6nAjj
UCZwzq4sSxlZ5v5KRy2ZsurhTrOfqSgZNqMYBDTOxX0pkQWTRCn+wF0zta790cey
GfriKFwDaBsI1O4iSMIDjjnKSYZOEKP21tioCZilP5esWWZRp9JmOvIhl1xL1m2R
/4SOF30+o91kos/OzVz717U/3OFpOy6A5xNuaaHKEaXUvYQA63LRKV18xWyT4foQ
leygiYWi2XKXpyJAAWPv
=+8ON
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to