Bug#740250: marked as done (imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030)

[Debian Bug Tracking System]

Your message dated Mon, 03 Mar 2014 18:50:04 +0000
with message-id <e1wkxwc-0001c5...@franck.debian.org>
and subject line Bug#740250: fixed in imagemagick 8:6.7.7.10+dfsg-1
has caused the Debian Bug report #740250,
regarding imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
740250: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740250
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: imagemagick
Severity: grave
Tags: security
Justification: user security hole

The CVE assignments are a bit tricky, please see 
http://www.openwall.com/lists/oss-security/2014/02/12/2
for the thread on oss-security.

CVE-2014-1958
http://trac.imagemagick.org/changeset/14801

CVE-2014-1947:
http://trac.imagemagick.org/changeset/13736

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: imagemagick
Source-Version: 8:6.7.7.10+dfsg-1

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 740...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated 
imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 02 Mar 2014 19:28:30 +0100
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc 
libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 
libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source i386 all
Version: 8:6.7.7.10+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com>
Description: 
 imagemagick - image manipulation programs
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libmagick++-dev - object-oriented C++ interface to ImageMagick - development 
files
 libmagick++5 - object-oriented C++ interface to ImageMagick
 libmagickcore-dev - low-level image manipulation library - development files
 libmagickcore5 - low-level image manipulation library
 libmagickcore5-extra - low-level image manipulation library - extra codecs
 libmagickwand-dev - image manipulation library - development files
 libmagickwand5 - image manipulation library
 perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 734800 740250
Changes: 
 imagemagick (8:6.7.7.10+dfsg-1) unstable; urgency=high
 .
   * Fix three security bugs (Closes: #740250):
   - Fix CVE-2014-1958 and CVE-2014-2030, two buffer overflow
     in psd file handling.
   - Fix CVE-2014-1947 a buffer overflow in log handling.
   * repack due to license problem (Closes: #734800).
Checksums-Sha1: 
 687b35bb7bf2dcca7c399935ee36e6e923bb871f 3196 imagemagick_6.7.7.10+dfsg-1.dsc
 35ddc582e2c8b48bc89a3e144ed90acd94486518 7713512 
imagemagick_6.7.7.10+dfsg.orig.tar.xz
 7897ad86b727fa9d01a875322a10100a2208f173 121372 
imagemagick_6.7.7.10+dfsg-1.debian.tar.xz
 44376892818bc20b5d47bd4e907d854eb54b39bd 280412 
imagemagick_6.7.7.10+dfsg-1_i386.deb
 f416537c3fdec4a6402f5fc679ecaba95c301e94 5559210 
imagemagick-dbg_6.7.7.10+dfsg-1_i386.deb
 8bd0d5ed38814e6c660a0f53665208653592b5dd 123330 
imagemagick-common_6.7.7.10+dfsg-1_all.deb
 4667ed960fa1385b7e5c162cfd8bbdc35433393d 4309820 
imagemagick-doc_6.7.7.10+dfsg-1_all.deb
 f01db75870f516fc1c7600a26f6c75977201d28e 1469638 
libmagickcore5_6.7.7.10+dfsg-1_i386.deb
 efa6c8957c28d347b1163fc653f4f2f5dd1cc850 144338 
libmagickcore5-extra_6.7.7.10+dfsg-1_i386.deb
 a9ed58592dd948a4547028d551dc2f0ba688d41d 954152 
libmagickcore-dev_6.7.7.10+dfsg-1_i386.deb
 93fc0782f0c7ecc50e2cc21ab45debbf5426ecc3 325510 
libmagickwand5_6.7.7.10+dfsg-1_i386.deb
 00e2672ff134f882f83e28184d0c3842a30c21fe 347542 
libmagickwand-dev_6.7.7.10+dfsg-1_i386.deb
 e7d35d9231ac6067ba1ae2c80ce72fa812033064 199126 
libmagick++5_6.7.7.10+dfsg-1_i386.deb
 d3f68c603c9a92bf61ce533f85102cc53d59a4f9 218940 
libmagick++-dev_6.7.7.10+dfsg-1_i386.deb
 95a1dc2e95913e6b87193421057e07806e4ed636 218792 
perlmagick_6.7.7.10+dfsg-1_i386.deb
Checksums-Sha256: 
 5e7a216adeff39c0dd29c3762e4a3a5bf683fa074801035899e47e8a5f08291f 3196 
imagemagick_6.7.7.10+dfsg-1.dsc
 9b9c73ae03d92aeec72d309dd3b623c588035c53b23b711eea71da8679517289 7713512 
imagemagick_6.7.7.10+dfsg.orig.tar.xz
 4e73c5f0369699bab829a7a01f353538c9a6ecd71d3b678478ff3b2d289bdad9 121372 
imagemagick_6.7.7.10+dfsg-1.debian.tar.xz
 b9c0ff51d411a62620f8031afeb9d228db145b9e0aea70e89691e8b639ca71ac 280412 
imagemagick_6.7.7.10+dfsg-1_i386.deb
 c7901a797988bb696a01b9615ff12f871476e027128225a2dbbace7e12bde848 5559210 
imagemagick-dbg_6.7.7.10+dfsg-1_i386.deb
 89cd703d60ea3cc7e22953a348decc85d4ac81e176b15a1cfb9386a03d4b1abd 123330 
imagemagick-common_6.7.7.10+dfsg-1_all.deb
 4cd833c4266754c6ed51d2c7150ed25c978a73e2db5b8a7ecf43f8027c4073fa 4309820 
imagemagick-doc_6.7.7.10+dfsg-1_all.deb
 e27d59515ec506d47ca4aa300d8b5b1ab711f26d78f45d84b0720b3349e6ca53 1469638 
libmagickcore5_6.7.7.10+dfsg-1_i386.deb
 f343c1d3f84cc11820b0a01c05506e48e826abbba19ddf451f264f35d2f54174 144338 
libmagickcore5-extra_6.7.7.10+dfsg-1_i386.deb
 5b504e6845cb6a512be35731a027e8f0412af50eae7cc3f4262faf29dd074593 954152 
libmagickcore-dev_6.7.7.10+dfsg-1_i386.deb
 728177c49035da0aefa69ef5964e0043c8cc94f25be06a6bf1bf29ea78105551 325510 
libmagickwand5_6.7.7.10+dfsg-1_i386.deb
 77eeee9220a6fbaeb31bb0cbe83b7669a17808618e99a1ff8060e515e9c22055 347542 
libmagickwand-dev_6.7.7.10+dfsg-1_i386.deb
 afe667e1ecd4b187bb2952cfa765986e542cc18385aae938659ad0f5bafc3e0a 199126 
libmagick++5_6.7.7.10+dfsg-1_i386.deb
 39834abfaedb7f7f0aa5d110d590310fe1c8a8896dae25179e3e89064a0a18d4 218940 
libmagick++-dev_6.7.7.10+dfsg-1_i386.deb
 16153c307f0be14d716c003ec7f5fdf6174605a4f36c07e34a9660d87eb4d676 218792 
perlmagick_6.7.7.10+dfsg-1_i386.deb
Files: 
 7e027de11a713361aa41c3b511484f8d 3196 graphics optional 
imagemagick_6.7.7.10+dfsg-1.dsc
 120b19b437f3f3a7b168fb39b8d9319e 7713512 graphics optional 
imagemagick_6.7.7.10+dfsg.orig.tar.xz
 53401939cfc5040027aeea6a68eb2c4a 121372 graphics optional 
imagemagick_6.7.7.10+dfsg-1.debian.tar.xz
 9ffdfa76030febbf29456940428837ab 280412 graphics optional 
imagemagick_6.7.7.10+dfsg-1_i386.deb
 5d412c69f1c53e1b8db8504a4be33cba 5559210 debug extra 
imagemagick-dbg_6.7.7.10+dfsg-1_i386.deb
 ede6e545acc0d526f33e48e48b158b32 123330 graphics optional 
imagemagick-common_6.7.7.10+dfsg-1_all.deb
 950e5a5b78f2ed9014968888d6ec5173 4309820 doc optional 
imagemagick-doc_6.7.7.10+dfsg-1_all.deb
 8ecc73bf3589291c0e2eabacd54aaa1a 1469638 libs optional 
libmagickcore5_6.7.7.10+dfsg-1_i386.deb
 602237c2e2a043224b41bfa9ecdf588d 144338 libs optional 
libmagickcore5-extra_6.7.7.10+dfsg-1_i386.deb
 bf000eaf3d0c1731ba15e878ab3173e1 954152 libdevel optional 
libmagickcore-dev_6.7.7.10+dfsg-1_i386.deb
 c6562fd6b377f7b0c3b16c2912cb67ec 325510 libs optional 
libmagickwand5_6.7.7.10+dfsg-1_i386.deb
 feb1a19936a617d70a1a0c8486e035c5 347542 libdevel optional 
libmagickwand-dev_6.7.7.10+dfsg-1_i386.deb
 47fee9993ac2b03a7728e53314e69c77 199126 libs optional 
libmagick++5_6.7.7.10+dfsg-1_i386.deb
 0911f16187850b36efa878079c97a9d9 218940 libdevel optional 
libmagick++-dev_6.7.7.10+dfsg-1_i386.deb
 766736488f50d331f9193d7d1b5595c8 218792 perl optional 
perlmagick_6.7.7.10+dfsg-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJTFMtRAAoJEKVPAYVDghSEBEEP/jZ2n5/jGkI/nBMeY2pB/GoH
airP8KAkErs12dY01+VvwLW1aRp36NSHa93fjCHa/ibkVZCLabOb4euuInZu7y05
jun4+WY8bjXApCvD98lhvGv4l9LdbibwcFmeZoPtFYIIBvicsIAgg1tkrJC4Jy1J
JZX1PuSa6CxdMtxTtnRO6nT5JrSrMlH4953oEFVhcjjI8wH9qUKPLpMKbJ9JyKDk
lupL41Kur2c16/aStcLCRNO4hqvO0VnwdJrrgw2GBrPt1y5Qhm3lWLkyndebJ5Bj
nA9hYHeeL2/qS7vfeWT4vnmcEPZr4bYxdYvBPflcpo/alIyCWSGTB4uesxwooN/4
v3OKWyID+eJjeNYEo8lSJc6rIUh4o9pO5s2OnW7agIlC70SQDVf9N0VwWuoFut5J
u1IyYtLMO7H4oHHa2uv8Om4cQlSSB9zdYUZ2dlxQl4aVv7kCMs2dUAoMZKh6zk9h
+EkYKtpg8XN/BZSAYGbUp85k30FADupLyofBzfNFvlZE0xWpq8egV0sDxYwgAF3m
DOtMvlv+dzgA1jm7zNyvvncINUUVaztO7fJmbZqcn8wuvM64H2Nemqwtf9/1t8QO
BtyCnAXeQYmyV/F8QRYmC+KwWaRcXVWx1GOFWjxDgu8Q3MqHSF38+2D4W4W8f5es
nv5gJcPWC2jYxKQXDh9n
=QR0G
-----END PGP SIGNATURE-----

--- End Message ---