Your message dated Mon, 06 Jun 2016 17:17:11 +0000 with message-id <e1b9y9h-0000cc...@franck.debian.org> and subject line Bug#825799: fixed in imagemagick 8:6.8.9.9-5+deb8u3 has caused the Debian Bug report #825799, regarding imagemagick: CVE-2016-5118 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 825799: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825799 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: imagemagick Version: 8:6.8.9.9-7 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for imagemagick. CVE-2016-5118[0]: popen() shell vulnerability via filename If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5118 [1] http://www.openwall.com/lists/oss-security/2016/05/29/7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 825...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luciano Bello <luci...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 31 May 2016 19:49:36 +0200 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Luciano Bello <luci...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 825799 Changes: imagemagick (8:6.8.9.9-5+deb8u3) jessie-security; urgency=medium . * Disable support for reading input from a shell command, or writing output to a shell command. This was done by the pipe (|) prefix. It was possible to perform a command injection as discrived by CVE-2016-5118 since it use popen. Closes: 825799 Checksums-Sha1: a8c5b2dbfb398e0e60fe379d3f8cb5c59f28eac8 4228 imagemagick_6.8.9.9-5+deb8u3.dsc b146cc0cba8c55a92fe952b3cad094be25b63f91 218720 imagemagick_6.8.9.9-5+deb8u3.debian.tar.xz 03b754678effbf778cbb901fd94df11ab55b9be4 149610 imagemagick-common_6.8.9.9-5+deb8u3_all.deb eb9fbd424f72d5d477b0eeb3c83f6bb27d02717a 7665902 imagemagick-doc_6.8.9.9-5+deb8u3_all.deb 5e580d3e0a0c1f414e5cbfe3a70ea63a17b682c2 168342 libmagickcore-6-headers_6.8.9.9-5+deb8u3_all.deb 63240173d01305440bf9d15932a63ea8bd526248 131248 libmagickwand-6-headers_6.8.9.9-5+deb8u3_all.deb 8b5442be4cfbc26213d807128277d53cc88457e6 166946 libmagick++-6-headers_6.8.9.9-5+deb8u3_all.deb 93d61a97b35ce418b203b71e98450890365c5ff6 156032 imagemagick_6.8.9.9-5+deb8u3_amd64.deb ed77339b95f01170d9febade4a6ed64c03b4ef38 174548 libimage-magick-perl_6.8.9.9-5+deb8u3_all.deb 2b795007e74de36e7b6df7117629c12d72cd27ca 130086 libmagickcore-6-arch-config_6.8.9.9-5+deb8u3_amd64.deb 2f950d526066aa9d6706b6289b4f25d386118087 508746 imagemagick-6.q16_6.8.9.9-5+deb8u3_amd64.deb e30994984c64b5ace1e362c54a41c7776984ac6e 1686244 libmagickcore-6.q16-2_6.8.9.9-5+deb8u3_amd64.deb 19c075b01fd62f65c516df7e4152306155550cd0 170614 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u3_amd64.deb 52f8cae08e23296fde383e67435e918786e3e27c 1027292 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb 8efb5dea75013a3cf6a32786736990e5337f54e3 403892 libmagickwand-6.q16-2_6.8.9.9-5+deb8u3_amd64.deb 5ad8593027f6c8f276f73ae06cff23efbf12454f 392366 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb ab8c6305dc8c827bfd1d6114792c7c22f42079c0 254668 libmagick++-6.q16-5_6.8.9.9-5+deb8u3_amd64.deb 21784e7293361ac6f0b2a5b883fa83d04ece2958 221914 libmagick++-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb 5fab6694cfa5da9858f20b42cc85c9142ca166c2 5003970 imagemagick-dbg_6.8.9.9-5+deb8u3_amd64.deb 8ebc3fcd3f59f848eda423336fa5e5de9795fe0b 220738 libimage-magick-q16-perl_6.8.9.9-5+deb8u3_amd64.deb 6b2f1190ab22a371a524b277801cc64fc0072201 122366 perlmagick_6.8.9.9-5+deb8u3_all.deb 2a80ae479c5001f1f8b375853312ee8e747d9be3 122350 libmagickcore-dev_6.8.9.9-5+deb8u3_all.deb 8ca0424785019c987dac224a0dc05ac4a4e290c3 122334 libmagickwand-dev_6.8.9.9-5+deb8u3_all.deb 89a92fe5c6eb21e4f07976a29ffc78e130eeb29a 122358 libmagick++-dev_6.8.9.9-5+deb8u3_all.deb Checksums-Sha256: 3b32e41daa3c38436f90fc83b16340f12d54f41d95dfc71b2590eb5d0a9d5ded 4228 imagemagick_6.8.9.9-5+deb8u3.dsc 50fca5b7eee0fa84143defdb177a6b653f119c309be0630b3f40ca5c6ba64450 218720 imagemagick_6.8.9.9-5+deb8u3.debian.tar.xz 9c2e1fb3dece95972eada16c0f2a2c41c10bfbf8acd0bac9e6a543b814dbedfb 149610 imagemagick-common_6.8.9.9-5+deb8u3_all.deb c1e43dd0d2d61b72447e220fb966f7ec0ff3add79e179ac9373113d961e92d70 7665902 imagemagick-doc_6.8.9.9-5+deb8u3_all.deb 801745c96b3a1e973a4065c5639b08dc5c9d0d30e5afbc43bef09c85ad98e13e 168342 libmagickcore-6-headers_6.8.9.9-5+deb8u3_all.deb fa024d9a146a700533836aac4088285916585841b1dcde37eccef07829a50bcc 131248 libmagickwand-6-headers_6.8.9.9-5+deb8u3_all.deb 8f8d57d5dacf195c1954fb6824a26eda64cd496341652481b6809430156a1940 166946 libmagick++-6-headers_6.8.9.9-5+deb8u3_all.deb c1529b6888445fe6cabfe631fc242e018a28bf979e8e0466265eedb22d275299 156032 imagemagick_6.8.9.9-5+deb8u3_amd64.deb b2f432176acf34dcb949d807c3a397dc257bae16cc9a846145a42af2e8a96106 174548 libimage-magick-perl_6.8.9.9-5+deb8u3_all.deb d6c53e9a5dd347de6261764d4afd77642606ddd5f931672627e412e4f723e718 130086 libmagickcore-6-arch-config_6.8.9.9-5+deb8u3_amd64.deb b1037d3971a195e7d11054a38eb16b7e9ad2486e83749ce2c8fbc24414455370 508746 imagemagick-6.q16_6.8.9.9-5+deb8u3_amd64.deb f47dd0c7e98df9bbd21336ef67d24e2b36b9ab8601f200b0854ff94794bbcc67 1686244 libmagickcore-6.q16-2_6.8.9.9-5+deb8u3_amd64.deb 82c83ed81b3347fa67f864339e3d7be7b0741fb882b41e4a3fab94816cfbb593 170614 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u3_amd64.deb 39fca3730db756c85f36f5446675671a6f30e5de792c57d6c190f2d29fda7961 1027292 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb abed70032700afb0840cba755158220866edfeac13b24cd918714f65c8cac14b 403892 libmagickwand-6.q16-2_6.8.9.9-5+deb8u3_amd64.deb 7bf3585893ffe96366d10f8da375cdc938fbf0aa9ebc5845930e7dcdb683f478 392366 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb 7f6fccf1f2e9d4cd53467b82a2878f8f55c2f5f0fece8cdf0b29ea4746c6ff5e 254668 libmagick++-6.q16-5_6.8.9.9-5+deb8u3_amd64.deb d54088a69af784b3ea7aafb086f12845035971917ccbdbe7712df0758a5608f1 221914 libmagick++-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb 07c5d120cb98bf55c72574a2660d2dbae79fd0bff1eae0e56a4663437b1f6f0c 5003970 imagemagick-dbg_6.8.9.9-5+deb8u3_amd64.deb ff341202c22da42d67d7b6eb40c5ac5da70da881fbb035d8a0874f2bb089623d 220738 libimage-magick-q16-perl_6.8.9.9-5+deb8u3_amd64.deb f772454dbd01b3e95f20f3ef347124b116d73b51cb3d33c69f7934e65ede55a4 122366 perlmagick_6.8.9.9-5+deb8u3_all.deb afb161749a7d7159fb8534d8797554829d4e41f47150a294e36659cce00b2ca4 122350 libmagickcore-dev_6.8.9.9-5+deb8u3_all.deb 379ba97ad1453bc19a5527f9a1b053cddf880be6377cb24a78068c391c167078 122334 libmagickwand-dev_6.8.9.9-5+deb8u3_all.deb 3e8b98857096ea3531270e2db2ecd9a19f99d21ef61d07f49300a6b0c8c83ab0 122358 libmagick++-dev_6.8.9.9-5+deb8u3_all.deb Files: c7802341ef88f6cab0c586a22b3040ad 4228 graphics optional imagemagick_6.8.9.9-5+deb8u3.dsc 519eeeb25fb195f94a0ea27ca14453c8 218720 graphics optional imagemagick_6.8.9.9-5+deb8u3.debian.tar.xz 0c1b72ae319c2ddcc14e6aa82bd0fcbf 149610 graphics optional imagemagick-common_6.8.9.9-5+deb8u3_all.deb ff6d64b4b6907dde6640d5376d7ea891 7665902 doc optional imagemagick-doc_6.8.9.9-5+deb8u3_all.deb 25022c2feddfae6e7ec47d405a45ee24 168342 libdevel optional libmagickcore-6-headers_6.8.9.9-5+deb8u3_all.deb c5ecdc8da31669e64be6a158a043fc3b 131248 libdevel optional libmagickwand-6-headers_6.8.9.9-5+deb8u3_all.deb 698b9c2cd9fb9890f5b171364926ac2d 166946 libdevel optional libmagick++-6-headers_6.8.9.9-5+deb8u3_all.deb 04ff0f5ceb360a0e578ac444559bc0fb 156032 graphics optional imagemagick_6.8.9.9-5+deb8u3_amd64.deb 9d2cf2662553c2cd8453c2d75b210b88 174548 perl optional libimage-magick-perl_6.8.9.9-5+deb8u3_all.deb 810afbe33a37aa0925aeeb962b0a03ac 130086 libdevel optional libmagickcore-6-arch-config_6.8.9.9-5+deb8u3_amd64.deb 802d2a85edf4ade848cd0f5acb49c5cc 508746 graphics optional imagemagick-6.q16_6.8.9.9-5+deb8u3_amd64.deb 78bd47fe2983229b719d6287dbab5587 1686244 libs optional libmagickcore-6.q16-2_6.8.9.9-5+deb8u3_amd64.deb 7a3c304a7c093bc84baeb3e8c9d85099 170614 libs optional libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u3_amd64.deb 45d78bdb0e44cbd2d02777cf05ca5cec 1027292 libdevel optional libmagickcore-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb ad2292e1c45d8803aa4cdc36bbf6f0e9 403892 libs optional libmagickwand-6.q16-2_6.8.9.9-5+deb8u3_amd64.deb 85b0f5d9be97c8d7f861e82e6ff364b4 392366 libdevel optional libmagickwand-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb 692fc16d7d8efb0bc4fe46c031dc33a8 254668 libs optional libmagick++-6.q16-5_6.8.9.9-5+deb8u3_amd64.deb 3ad5a42052cea7b484b68479ba11f101 221914 libdevel optional libmagick++-6.q16-dev_6.8.9.9-5+deb8u3_amd64.deb df4423a0e16641951b9dc679b5b84cea 5003970 debug extra imagemagick-dbg_6.8.9.9-5+deb8u3_amd64.deb 643c31e3c8a49a09706348a158c95770 220738 perl optional libimage-magick-q16-perl_6.8.9.9-5+deb8u3_amd64.deb bd7c5b40479befec8884989fd10be28f 122366 oldlibs extra perlmagick_6.8.9.9-5+deb8u3_all.deb df14e0501d3fa25320cf981758a70aca 122350 oldlibs extra libmagickcore-dev_6.8.9.9-5+deb8u3_all.deb aab25984e26289b95ef2d07538c2242e 122334 oldlibs extra libmagickwand-dev_6.8.9.9-5+deb8u3_all.deb 9e141dc707ec694c5e886d7a1b77860a 122358 oldlibs extra libmagick++-dev_6.8.9.9-5+deb8u3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXTq7WAAoJEG7C3vaP/jd0As8P/2i/6no4P5Yk0ryA4kWZ9ADO xVUnMrWCgtrTrwIsQBmVYDZFzvkWsH9Zz6lr9hwmrdFQsFS9twLwVM11dGlIKcRq JIlarVGD4xa/hIvB8drVsSe6542PWfhFI1PHwGDz4FvJRt2NJiZVsxP4OQPy5F4S Arehv7QSrRWYVf2sVbhs32hqYuT8r4GkGrd+BECtRiopDABX4fxsLFX4GYrlaTkg dgTEcLb16jxy3F452XYx16Y5aw7ve8rW18NpPgN4JgQ32iBHXP/Rjt2XsfwVThVh jR8TfaAjsawHqoOUWrbXExD/tirpJF5XfKeeXtmDUXpbzAMbYF5F7UBjfUAZvpuY liQWVl3bE4mxaDopF/NL6WOAuA9s0M7XpNb0YMLBnQv5+kXzCHI7GA2V5ULIxPTh TaAZkLc4p5lpFE2MnKoQoEHdi9kZ/miKrMwL1MYVhpVaQfJHltvYOnFoA/KPAxiV rjaerFSyuruZKUadBGybMh4oeiMsJWKU/JWYQi4ttTX2oN23BO/jkpPB4/E1OB0Q l3u+tUoY4pCt/AjJoV++dbXYOwlog1ge4z1gYdKgseReW7vaepA0gunBxqbkejlJ M9zg6k3TcndHGDlOM7whZnDMOcZjXXDkb57Qxdf77e24wr0EuceGzL9AAA7G6SfS 4SgbZi3qryr7kDheLrsD =0U6l -----END PGP SIGNATURE-----
--- End Message ---
