Your message dated Fri, 25 Nov 2016 23:18:44 +0000 with message-id <e1caplu-0003vo...@fasolo.debian.org> and subject line Bug#845634: fixed in imagemagick 8:6.9.6.6+dfsg-1 has caused the Debian Bug report #845634, regarding CVE-2016-8862: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 845634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845634 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: fixed -1 8:6.9.6.2+dfsg-2 control: forwarded -1 https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255 https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/ Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc The initial patch was initiall meant to be incomplete and resulted in CVE-2016-8866. So when fixing this CVE make sure to fix it completely to not open up CVE-2016-8866. The "incomplete fix" though is not a real problem, cf. https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255 http://www.openwall.com/lists/oss-security/2016/10/17/4
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.6.6+dfsg-1 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 845...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 25 Nov 2016 23:17:24 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-6v6 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-2 libmagickcore-6.q16hdri-2-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-2 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-6v6 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.6.6+dfsg-1 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-6v6 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-6v6 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-2 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-2-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-2 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 845634 Changes: imagemagick (8:6.9.6.6+dfsg-1) unstable; urgency=high . * New upstream release. * Fix CVE-2016-8862: memory allocation failure in AcquireMagickMemory (memory.c). (Closes: #845634). * Drop a few debians patches used by upstream. Checksums-Sha1: 5bcd7083a1be9aaaebc4dfff4bd74a9b494fcda2 5159 imagemagick_6.9.6.6+dfsg-1.dsc 94f159418ebc91b34528bcccf9796a2ff581672c 8921112 imagemagick_6.9.6.6+dfsg.orig.tar.xz 908e534fb8b13b7f59672ebdd33d97df6e0a329e 241996 imagemagick_6.9.6.6+dfsg-1.debian.tar.xz Checksums-Sha256: 5e729e28a112d7c6ff125850cb6903ebb76ed3d0bf73f6df3fe7eaa8da4d999f 5159 imagemagick_6.9.6.6+dfsg-1.dsc fdab5e00b61408752ebeb33e3a4a4c3dfdc9bf2ce67dbab2851581474bd1d602 8921112 imagemagick_6.9.6.6+dfsg.orig.tar.xz be449d8ea0165e7b065ac3b5867e9449d3b52ccf060716f82ddbd5a6dac28bb0 241996 imagemagick_6.9.6.6+dfsg-1.debian.tar.xz Files: e6130e6815855a6c392eddbf8ac459ca 5159 graphics optional imagemagick_6.9.6.6+dfsg-1.dsc a9e6f6faa316b5e525d6cd014d804862 8921112 graphics optional imagemagick_6.9.6.6+dfsg.orig.tar.xz 00dbc21974cf708b989bbdf9eed62672 241996 graphics optional imagemagick_6.9.6.6+dfsg-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+EoFf4tE9gE4lP+0Hwx90Gq2wGYFAlg4w+wACgkQHwx90Gq2 wGYXtQ/+Ig3vgAoS8n9D8yyBcSVt+fqI50rDHOfVapBLfPcwamQtQYk1ITbQHnf7 WAZatIjjaVmUQJjMlNgVr/s0Cjtw+cO1qkLTy2Th6V+LaiLNIEWBuXInKYItF2r6 8SF/tEYVpHkrHWTeqn7SsmwZB130g352ZcYZujbzzs3oSA45kcbGHX5fhdpkJM9c KTGZyxqjVImYUhZin0cjhdIrm7w/u1p7oyUxKZoliSxN0QESTzz/MBrLO7phQaxB BzCrQp7csUw0h7Xv8KDQAOjUN468yvUwtV5vuPz6LEc0f/AMo74Cv7XY6M7n0cEy BNuUoTCCGPxdPiTMeY60JkJwQVm7WIcWjH+0LcSgMcaL1CZHV6ulYXep5i9mLZ8i YyCkmZltG5ZUgi8xLd6wDrWixg3m3QF7zEUkHQD3NJbyIsEV1DrbxadhbS2FrGV8 Oxsj6fwzUr+lTiraCHn/Jl3yCnwsXjEZK3E1QvXXP1LwBpBzSemMeEFRkShCut3M PjkAr2yg4T83XXnanZT/diPsln8H2UCGClFSqaBKMqUDnyVlTXhdtKStzOP9Ihi7 q+MXmZqq6v/PzDKFyiZr1Lm/D5eLZso4/bZkXqCrhzItmUwDrWCBjC8FR2zssIWW itHSPaqpb8A/1YXxD1he5SYoEwmiVG9dhC/dq9g16ZHpgtq1lew= =wRkE -----END PGP SIGNATURE-----
--- End Message ---
