Your message dated Wed, 23 Nov 2016 23:35:32 +0000 with message-id <e1c9h4e-000czr...@fasolo.debian.org> and subject line Bug#845242: fixed in imagemagick 8:6.9.6.5+dfsg-1 has caused the Debian Bug report #845242, regarding imagemagick: CVE-2016-9556: Heap buffer overflow in heap-buffer-overflow in IsPixelGray to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 845242: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845242 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 Moreinformation https://github.com/ImageMagick/ImageMagick/issues/301 Fixed in https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.6.5+dfsg-1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 845...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Nov 2016 13:59:54 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-6v6 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-2 libmagickcore-6.q16hdri-2-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-2 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-6v6 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.6.5+dfsg-1 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-6v6 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-6v6 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-2 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-2-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-2 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 842632 844211 845239 845241 845242 845243 Changes: imagemagick (8:6.9.6.5+dfsg-1) unstable; urgency=high . * Upload to unstable * Fix CVE-2016-9298: heap overflow in WaveletDenoiseImage(). (Closes: #844211). * Fixed memory leak in psd file handling. (Closes: #845239). * Fix security bug; "Prevent fault in MSL interpreter" (Closes: #845241). * Fix null pointer dereference in TIFF file handling (Closes: #845243). * Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray. Backport fixes from upstream. (Closes: #845242). * Supports XPM with > 8464 colours. (Closes: #842632). * Use safer policy.xml file. * Improve postinst file by checking version. * Improve rules by using set -e Checksums-Sha1: 6c4d7bc03295e0875196968429957781cd4c9fed 5159 imagemagick_6.9.6.5+dfsg-1.dsc 6519a023fc553a9525abcd27b6aff95af35720ba 8926984 imagemagick_6.9.6.5+dfsg.orig.tar.xz 1993bfeaba6f986a2672078c7764959cf2febd3d 251360 imagemagick_6.9.6.5+dfsg-1.debian.tar.xz Checksums-Sha256: e18d6a6563b328b566836ddb743dba24d1436705e8e368915511daafbcb054a0 5159 imagemagick_6.9.6.5+dfsg-1.dsc b755fa6e21734e35cd5c078bf4c343bb75c5ff0463aba002ee1ae0b76bc2325c 8926984 imagemagick_6.9.6.5+dfsg.orig.tar.xz adb777a094389a6414045930d42a7f870ddc238f3fd475729a2084640ca4e1a9 251360 imagemagick_6.9.6.5+dfsg-1.debian.tar.xz Files: 169b5eb89fac7528ef4a9e04c633aaef 5159 graphics optional imagemagick_6.9.6.5+dfsg-1.dsc 713d4313a523a8ab85da054970704925 8926984 graphics optional imagemagick_6.9.6.5+dfsg.orig.tar.xz db3caa6531f411a01f3b622869561c19 251360 graphics optional imagemagick_6.9.6.5+dfsg-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+EoFf4tE9gE4lP+0Hwx90Gq2wGYFAlg2G9gACgkQHwx90Gq2 wGbC5BAAzmXgXAm9B8MqJ1V3nDNSyTTnKWgq2wo9zt/6Vv7PaFQYsikhgfyrT7yx E+IcwZAB/+mi0/vDRrIW+D97afSrJaU5biRApqJjJ8sOSu5qNfdEqMVw6uetHjBF vtSYC9KNcikC32OQ9Fhv3yrECFrxWWxjZE59KIlOxlNnnNrXWfDgRLbwm/h9eIqi dQXHOqsocVYm+3WGro/K0v+bLIUsz6sb/NvSZHgILEU6J04r1+vhcNP+AiH//TyK 9uH8JUU5/gyt93WlZkjIUTT2l82euZPPp8rLKxRZ6oKgGmdCRuItKM5c8lt7j2AI kJdkXrHwHTibr9rWOAZRVAsHcza+hRivHG/7zzM3oUf4pKe0TTmTnSccloLeKmEb YITS3AY7lHIAV8fRpcDfwbWEkWmvoT6kE3jRWPthViwKJvl+RIfJtfGbw2UKSb7j Klo2Am0uYLgAtE01whGbyAvOHAnZOHlSSp9FwrSZMnAZLpxeen0uSGAoTd6Ut06b ZSWGMnewuUiAA0ixvsdqQcrF3HwX/ywBsdSj2u4h0R+M53zfpaW/11uf8kqXA2xJ sGnU65eOCQ3CbN1f5u3H34/F8Q4qKdJ+A2oMsLfqjoIzrcw8Z79fCA0RazrGUPbH odfE5ZsNs3/4Dcy0KB2iPD0O+h3QvQZmAFilBAHyHEoWg0HpQVQ= =4T1U -----END PGP SIGNATURE-----
--- End Message ---
