Your message dated Wed, 01 Jun 2016 22:20:00 +0000 with message-id <e1b8eua-0007y6...@franck.debian.org> and subject line Bug#825799: fixed in imagemagick 8:6.8.9.9-7.1 has caused the Debian Bug report #825799, regarding imagemagick: CVE-2016-5118 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 825799: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825799 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: imagemagick Version: 8:6.8.9.9-7 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for imagemagick. CVE-2016-5118[0]: popen() shell vulnerability via filename If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5118 [1] http://www.openwall.com/lists/oss-security/2016/05/29/7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.8.9.9-7.1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 825...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emilio Pozuelo Monfort <po...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 01 Jun 2016 21:48:10 +0200 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5v5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source Version: 8:6.8.9.9-7.1 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Emilio Pozuelo Monfort <po...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5v5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 825799 Changes: imagemagick (8:6.8.9.9-7.1) unstable; urgency=medium . * Non-maintainer upload. * 0082-Fix-CVE-2016-5118-disable-filename-pipes.patch: + Fix CVE-2016-5118: disable pipes in filenames to avoid arbitrary command execution. Closes: #825799. Checksums-Sha1: 4f21679830a6714a1eba69f6682087f91cbd68e1 4212 imagemagick_6.8.9.9-7.1.dsc 84abbeab6d142267fe6eedfbbfaec11d43075c48 7891624 imagemagick_6.8.9.9.orig.tar.xz 63ccac517ba02526288f12274b07bdd442c5762b 204100 imagemagick_6.8.9.9-7.1.debian.tar.xz Checksums-Sha256: 9b7cdbeead74acbe7698e30a8d578712d2e0edf9bfe6d7cc6d4f48948b0777a1 4212 imagemagick_6.8.9.9-7.1.dsc a4cccc70179ff2c67550e063cdcb2e62907338ef3e68b45bb1c41931e515b3eb 7891624 imagemagick_6.8.9.9.orig.tar.xz d14ced3a93819e2af86e608e9103a5ad49a3abee276da529f83ff84683d29ae3 204100 imagemagick_6.8.9.9-7.1.debian.tar.xz Files: bf4a370e42a9bbaf1de9671733bc5be6 4212 graphics optional imagemagick_6.8.9.9-7.1.dsc 9ac3d9153ef78482d750cb03e3456e28 7891624 graphics optional imagemagick_6.8.9.9.orig.tar.xz fa5de1997cf83fad0ce9cd565e85d583 204100 graphics optional imagemagick_6.8.9.9-7.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXTzzbAAoJEJ1GxIjkNoMCRekQAL4GXGhSFdKf/2MMKE9XP9Vy MS7qqDmq1YffQJGg7bdmEKmlhafEtWyOUMNpjNgwxfQfuqUsdT0FPfyURi6q8Xca aqEGKORWH0HK2oRuaJ1wqj8pgQXyimPkDbrtQUjL5s0nUL48ktjNqhHzsp+mDx5t bittKKAqjuMwN882T1AuH6JdGTf0VzTyJ7QO4kn/GChLVrgGcByjgsrcks0nQd6c VAUc98s1YlmgdWr81t5w4m4hbCbQXJjAN12LUpUET06Mf+ATjywQB0REdmqqPvgR 9w0+w7cxCuqwGeeS8NpsMjRMGZqDrHPd89FpIcU7Oo2G5+/bSR6Ogq5aYJw0k2X2 HnilinPaRwIl+15eQ18wmAqYJ2rzkbE7B4QQv9wJIP6PubYtPccIK06NMvmXHM7N USs0GEnz16UrSnL0iSm2ojFIbrH2DuR6zg5oW+8Tp82lyy4oAlc96BuVwyNMQIM4 PSFERUteHssmslO9+eL5+XNXDk24R8WACsSiEAb5J8qAdxg3QyaQMgIgJnUuNIgm sdVS+/NrdIVI9cjGt6PEkURhzQe5bNvreoPN5gt8BAkwizFYCm1R0xD5RprSqqqk MZAJulAe34JRkwUP26D1N2HskQZlwvuHd5lu0A185g5+n6zRfWe/eJ7zCaYKeYIE fGW6Wq/nCI0MbULHtq32 =4p0g -----END PGP SIGNATURE-----
--- End Message ---
