Your message dated Sun, 13 Apr 2014 17:17:06 +0000 with message-id <e1wzo1i-0008dh...@franck.debian.org> and subject line Bug#740250: fixed in imagemagick 8:6.7.7.10-5+deb7u3 has caused the Debian Bug report #740250, regarding imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 740250: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740250 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: imagemagick Severity: grave Tags: security Justification: user security hole The CVE assignments are a bit tricky, please see http://www.openwall.com/lists/oss-security/2014/02/12/2 for the thread on oss-security. CVE-2014-1958 http://trac.imagemagick.org/changeset/14801 CVE-2014-1947: http://trac.imagemagick.org/changeset/13736 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.7.7.10-5+deb7u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 740...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 02 Mar 2014 18:23:16 +0100 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.7.7.10-5+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Description: imagemagick - image manipulation programs imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++5 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore5 - low-level image manipulation library libmagickcore5-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand5 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 740250 Changes: imagemagick (8:6.7.7.10-5+deb7u3) wheezy-security; urgency=high . * Fix three security bugs (Closes: #740250): - Fix CVE-2014-1958 and CVE-2014-2030, two buffer overflow in psd file handling. - Fix CVE-2014-1947 a buffer overflow in log handling. Checksums-Sha1: 7ca2f8983151d492570588e0f76f34264f84909d 2533 imagemagick_6.7.7.10-5+deb7u3.dsc 632d2f7fd2bfc1917edee5e80fe8418de25e0112 140231 imagemagick_6.7.7.10-5+deb7u3.debian.tar.bz2 c6bb5eb3dfba8b0e9b58a68e0c7a8ca49b6e92bc 285022 imagemagick_6.7.7.10-5+deb7u3_amd64.deb 4a7ee5c660c3727915c8e87bd2a788d36467d5c1 6265726 imagemagick-dbg_6.7.7.10-5+deb7u3_amd64.deb 54e50ab8cf81cc6d71e03014c4a5a7d973f50e5c 128240 imagemagick-common_6.7.7.10-5+deb7u3_all.deb 1030266d429ded6ed8f3c239c31d133c68b395e2 5628084 imagemagick-doc_6.7.7.10-5+deb7u3_all.deb 1d9aabe104cd2315a527c8726c6d318e155c936a 2083462 libmagickcore5_6.7.7.10-5+deb7u3_amd64.deb 27d60fac510c3696f3395a97efafd0b7e75a3cf5 163674 libmagickcore5-extra_6.7.7.10-5+deb7u3_amd64.deb 6db7a9e4f830437821ca6276ae1974e000a756e8 1386404 libmagickcore-dev_6.7.7.10-5+deb7u3_amd64.deb bc6bf284cf46e59c0f5f66544841b7d94c001895 462178 libmagickwand5_6.7.7.10-5+deb7u3_amd64.deb a2bb35e2b8e91cb62553b4113deb84e6259d7663 544270 libmagickwand-dev_6.7.7.10-5+deb7u3_amd64.deb cfa0d78fe021746cbde09c6a3a1806f5874151b3 236492 libmagick++5_6.7.7.10-5+deb7u3_amd64.deb eefc165260a0426531d721f879bf88403ee59de9 284988 libmagick++-dev_6.7.7.10-5+deb7u3_amd64.deb 530dc0fa4efef729eaa5e539d34f33987a403af7 255662 perlmagick_6.7.7.10-5+deb7u3_amd64.deb Checksums-Sha256: 37bfc98a8901d1a36f982f6c929264f0c69df12e5fdb2e9a2b7767a9588c456c 2533 imagemagick_6.7.7.10-5+deb7u3.dsc da4928a5e7519e03bdc0d615b8a7eb916944c0fc819ea78a47fdc3ad36274298 140231 imagemagick_6.7.7.10-5+deb7u3.debian.tar.bz2 5e63f4878427176b3256beb57a8dba17a7ac83c109be8daac25d21485a3d937e 285022 imagemagick_6.7.7.10-5+deb7u3_amd64.deb b4218283cad3f9e7a6e5e7d0e29d451dc22e655e40f4a3236dbaf702c8041703 6265726 imagemagick-dbg_6.7.7.10-5+deb7u3_amd64.deb e6132bfbf1dc99e37addafce516631015b73d718475b8c06f5d1736aaaa5df4b 128240 imagemagick-common_6.7.7.10-5+deb7u3_all.deb 6dc4c4de5b660c7c996726e607c48bcf8f4825fcf89c6a00c620236f27875db8 5628084 imagemagick-doc_6.7.7.10-5+deb7u3_all.deb 481703eaa22d94da6441e9a9251b0d2a65ca33da9502d8f883cb9391fa879300 2083462 libmagickcore5_6.7.7.10-5+deb7u3_amd64.deb 47f42a3ac4bd76d6ddb99c6b1c7767f37285d101aa9431d31942e0896c932079 163674 libmagickcore5-extra_6.7.7.10-5+deb7u3_amd64.deb 3fad6edcdfca9855079b316b56f4e16b91798e62c2710a44a59d3b204c81b5f5 1386404 libmagickcore-dev_6.7.7.10-5+deb7u3_amd64.deb 65fe21f5ad1e23836f9ec11f3306ec147013293148a8e960242fc776192713e1 462178 libmagickwand5_6.7.7.10-5+deb7u3_amd64.deb 8482135d9ca8ce0eaeca42cccd56e60267882650f5d90d17706463c6ef0052b7 544270 libmagickwand-dev_6.7.7.10-5+deb7u3_amd64.deb b7921ad4fbd1a172b771ce2f5c0ba51e15c47dcca683a009b522b91de33acbae 236492 libmagick++5_6.7.7.10-5+deb7u3_amd64.deb 37df3b1a8bc6d96ba16f4eda584a7a7578fc53321fefd856283b204fc2cb8ff8 284988 libmagick++-dev_6.7.7.10-5+deb7u3_amd64.deb fbab8675621a632ac85ee56d6d2a10705b3c1ec42c11524da36f45c58c4cd189 255662 perlmagick_6.7.7.10-5+deb7u3_amd64.deb Files: 9cb3c9b37ffff3e1a6020539db05b102 2533 graphics optional imagemagick_6.7.7.10-5+deb7u3.dsc 2cc08ff3173ef7bd36f1bc3fce51becd 140231 graphics optional imagemagick_6.7.7.10-5+deb7u3.debian.tar.bz2 3c5fd2802fe91372394583d8310ed137 285022 graphics optional imagemagick_6.7.7.10-5+deb7u3_amd64.deb 5386f00c82f3fe0bcb031a2305e604c0 6265726 debug extra imagemagick-dbg_6.7.7.10-5+deb7u3_amd64.deb 6d33b9c34263ccf26babcb7757f90c5a 128240 graphics optional imagemagick-common_6.7.7.10-5+deb7u3_all.deb 361c6aaf773c57d5e5e7dbe4610d69fa 5628084 doc optional imagemagick-doc_6.7.7.10-5+deb7u3_all.deb 7938f4869842f9f04e53c6cebeb22d6a 2083462 libs optional libmagickcore5_6.7.7.10-5+deb7u3_amd64.deb 67c9d7d99a86f4a81d40e6ebd3dcc8bd 163674 libs optional libmagickcore5-extra_6.7.7.10-5+deb7u3_amd64.deb 904495aeb16bbe979c16b16fde88bcd3 1386404 libdevel optional libmagickcore-dev_6.7.7.10-5+deb7u3_amd64.deb 3698a13bd6137d71b6cae4c5d738fe32 462178 libs optional libmagickwand5_6.7.7.10-5+deb7u3_amd64.deb d8a56786a3a1812458a2b602d6efcb94 544270 libdevel optional libmagickwand-dev_6.7.7.10-5+deb7u3_amd64.deb 98f615e76230df917446f4da4b481fd6 236492 libs optional libmagick++5_6.7.7.10-5+deb7u3_amd64.deb 290592601e3994512f7fc8cb31714fc2 284988 libdevel optional libmagick++-dev_6.7.7.10-5+deb7u3_amd64.deb d602454d211f249520158a59693b554a 255662 perl optional perlmagick_6.7.7.10-5+deb7u3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iEYEARECAAYFAlMboxgACgkQx/UhwSKygsp9UQCfYTeClhQvsC5SkvPyZs6cFT9G jXgAninbHTKVnaAioYxlxh1Zpoy7RSAN =GT11 -----END PGP SIGNATURE-----
--- End Message ---
