Your message dated Sun, 27 Nov 2016 21:47:34 +0000 with message-id <e1cb7im-0001gq...@fasolo.debian.org> and subject line Bug#845242: fixed in imagemagick 8:6.8.9.9-5+deb8u6 has caused the Debian Bug report #845242, regarding imagemagick: CVE-2016-9556: Heap buffer overflow in heap-buffer-overflow in IsPixelGray to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 845242: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845242 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 Moreinformation https://github.com/ImageMagick/ImageMagick/issues/301 Fixed in https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u6 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 845...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <roucaries.bastien+deb...@gmail.com> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 25 Nov 2016 21:45:37 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u6 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 840435 840437 845195 845196 845198 845202 845206 845212 845213 845242 845243 845244 845246 845634 Changes: imagemagick (8:6.8.9.9-5+deb8u6) jessie-security; urgency=medium . * Fix CVE-2016-7799: global buffer overflow. (Closes: #840437). * Fix CVE-2016-7906: use after free. (Closes: #840435). * Fix a TIFF file buffer overflow. (Closes: #845195). * Check return of fputc during TIFF file writing. (Closes: #845196). * Prevent buffer overflow by checking image extend for TIFF (Closes: #845198). * Avoid a out of bound read in VIFF file handler. (Closes: #845212 and LP: #1545183). * Avoid a DOS by not allowing too deep nested exception. (Closes: #845213). * Better check for buffer overflow in TIFF files handling. (Closes: #845202). * Fix CVE-2016-8677: memory allocate failure in AcquireQuantumPixels (Closes: #845206). * Prevent fault in MSL interpreter. (Closes: #845242). * Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray (Closes: #845242) * Fix null pointer dereference in TIFF file handling. (Closes: #845243). * Added check for invalid number of frames in mat file (Closes: #845244). * Fix an out of bound read in mat file due to insuffisant allocation. (Closes: #845246). * Fix CVE-2016-8862: memory allocation failure in AcquireMagickMemory (Closes: #845634). Checksums-Sha1: 8ea9abbc7a87d9b366a4af5d177470e917975c92 4210 imagemagick_6.8.9.9-5+deb8u6.dsc 8b82082973e6f27c02ba514a344290e551b6bb2d 260404 imagemagick_6.8.9.9-5+deb8u6.debian.tar.xz 5d9cd0f5e287984d3352d4ac4b1c0f3407a43b46 150970 imagemagick-common_6.8.9.9-5+deb8u6_all.deb 47347063f9daac522b44c124f800cfa1ef1090de 7668178 imagemagick-doc_6.8.9.9-5+deb8u6_all.deb 85ef6aef3c6fcc8c7ce559893b38d29cdce2bd07 169736 libmagickcore-6-headers_6.8.9.9-5+deb8u6_all.deb 495e289f8aa46a05154c0c47985ba62203f51973 132636 libmagickwand-6-headers_6.8.9.9-5+deb8u6_all.deb e9bbfc9b91cc27be745af823ceb92bd1d9bf65a3 168342 libmagick++-6-headers_6.8.9.9-5+deb8u6_all.deb acf9b8a04a91e77ca7dd7f2ef8b165306c7b22c3 157430 imagemagick_6.8.9.9-5+deb8u6_amd64.deb d810ebcb5ce46b31d1af5a26587b4ed8c7013ab7 175900 libimage-magick-perl_6.8.9.9-5+deb8u6_all.deb 7d5d2cecf87a365ccc9f78f76e3dab40f485b0c7 131464 libmagickcore-6-arch-config_6.8.9.9-5+deb8u6_amd64.deb ce0289347433f23d992c9c717b5558643879eefd 510056 imagemagick-6.q16_6.8.9.9-5+deb8u6_amd64.deb cefff776cd98e44dbeff00f397d766c53f06fac1 1694182 libmagickcore-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb 1ff53d7670a2a7eb955377bb4e231c857ff2af9c 172008 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u6_amd64.deb bfda078d8511391a2c6cd07a2b751569e795845e 1029388 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb 4c0d10b12cda7d637bea463836fa30f965654b63 406222 libmagickwand-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb 4fbfc345d0a04e29bc8091ead3b5b7bd5e9fbcd6 393268 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb 3a324df8157340831fb549ed67ce8edfabe1a30c 255678 libmagick++-6.q16-5_6.8.9.9-5+deb8u6_amd64.deb d63ce2201c9bd16db19d637b9c5a5b4212a38a0c 223538 libmagick++-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb c521192bfa4f2b02bf4747eb6ef3c61116cac14c 5011216 imagemagick-dbg_6.8.9.9-5+deb8u6_amd64.deb db48adc1aadaf70266b677571a73b4b2e70c094b 223110 libimage-magick-q16-perl_6.8.9.9-5+deb8u6_amd64.deb 464c061bb6ea3f3fe614b68efd30c9ddb6a2947b 123742 perlmagick_6.8.9.9-5+deb8u6_all.deb b224124808c6eab8c24cf0a0268cd1abac787a63 123734 libmagickcore-dev_6.8.9.9-5+deb8u6_all.deb d693ba56fcffc9738f7741578d0bd27c07e27b81 123718 libmagickwand-dev_6.8.9.9-5+deb8u6_all.deb baeb5013d21c0af177d1e38f3545336d39218310 123732 libmagick++-dev_6.8.9.9-5+deb8u6_all.deb Checksums-Sha256: babf8af8eee5385a9d3218bae44dd5cc4677640cfd0e0538ed5a7e893e00643e 4210 imagemagick_6.8.9.9-5+deb8u6.dsc aaaa5857f9002ef6c9cccf7dfdef6d2de3d2167f2f5b57a9fcefb95295de17b9 260404 imagemagick_6.8.9.9-5+deb8u6.debian.tar.xz 13dc6b9e2f00a59b36dd1b97dd6c0517d48135ef4f1eb99e6a038b6e8a197cb9 150970 imagemagick-common_6.8.9.9-5+deb8u6_all.deb 67e2b75ba56d9744e50cec29ecb9bc963ff00b5eb57620b9531837a207e49b4e 7668178 imagemagick-doc_6.8.9.9-5+deb8u6_all.deb ef867a5e7967de043df9064f14b196c231cf0c7555973c0fc2fdc34c648753d5 169736 libmagickcore-6-headers_6.8.9.9-5+deb8u6_all.deb b65cf7548926bd26d1540b036ddaf940c8b2e1f34907ad021c348950c40fa0f1 132636 libmagickwand-6-headers_6.8.9.9-5+deb8u6_all.deb a06dee077eb5e47a7f3d41e5f20e3a1b5a06ff633b4583966aaf50a562bf120c 168342 libmagick++-6-headers_6.8.9.9-5+deb8u6_all.deb 6847af183498d07ed9f6dfb8cc546ac228e94dd7c34798229f15e4f2881fc222 157430 imagemagick_6.8.9.9-5+deb8u6_amd64.deb dcae4e3bc2586151e447eb90876c9e9c3c37ea24da95e5104ddc9bc0d6c8d3dd 175900 libimage-magick-perl_6.8.9.9-5+deb8u6_all.deb 9ead33112074ed418a67fa3a1d212cc18399e64ae24312671ae556b5525d01ae 131464 libmagickcore-6-arch-config_6.8.9.9-5+deb8u6_amd64.deb c43a9ebbccec41fa2dced6fc8ecd1e05448d713ce81b43eeeb174c153a6316bd 510056 imagemagick-6.q16_6.8.9.9-5+deb8u6_amd64.deb 16a38168b3e74e2b61dd07a437718dca5598c18dc291b1f93002a6c19830ab60 1694182 libmagickcore-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb b7580efdf69698e715d65f6dc3cb0e810240b856c1c5218fb8db2f0c2b7138c6 172008 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u6_amd64.deb df9651fca410023108bccca929540960f88903c9e0dfae46eb344fdd4043678b 1029388 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb afd2bf30eed6cd71440fa7f6424629a8c61d98e9d7b01bc0ee893d79fcda1cf4 406222 libmagickwand-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb 1be6c178cc35774ef561b82b2d088e56ae3066424f618542f9d73f1392b5e025 393268 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb 96c5a3a0418833c8abad3586d179873ed79116bca7fc60598d787636af6ed040 255678 libmagick++-6.q16-5_6.8.9.9-5+deb8u6_amd64.deb a3d94cea704ff3974de1a28b4d1deb161e15e4fb838e0eed0b2ba8698c360e39 223538 libmagick++-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb 668c5276213dd1ef389141c223b451d5b9de18503da4730fed73e5dd6822b9ce 5011216 imagemagick-dbg_6.8.9.9-5+deb8u6_amd64.deb 1968e2bc813252a5fead6352673a2b0cb91fa1ae56c69f08bc1173c6e510c314 223110 libimage-magick-q16-perl_6.8.9.9-5+deb8u6_amd64.deb 69c2716a52f80ccadd875bc9fe288b844278e15ec390120fa326337b92e0c40e 123742 perlmagick_6.8.9.9-5+deb8u6_all.deb 165281bc02b802206efe9ab77bd484a5a69dd766b9d8de2d3583cc0e91bbfad3 123734 libmagickcore-dev_6.8.9.9-5+deb8u6_all.deb c9869901196d5e00a39546db83d29a813b9985a648012c2136c39d0a9062b53b 123718 libmagickwand-dev_6.8.9.9-5+deb8u6_all.deb 1f219872871d048d10c2bc48bd30709345c3cb6b531b501071f58715f529cfbe 123732 libmagick++-dev_6.8.9.9-5+deb8u6_all.deb Files: b483b2870c4507c21f5d6bcf426c08b6 4210 graphics optional imagemagick_6.8.9.9-5+deb8u6.dsc adc4791853b8bb8eb5fa3974df0819fb 260404 graphics optional imagemagick_6.8.9.9-5+deb8u6.debian.tar.xz 536fa3628e503019e07b205721c3f9f0 150970 graphics optional imagemagick-common_6.8.9.9-5+deb8u6_all.deb 87ba0c16e92f0b32aa715bc448741fa0 7668178 doc optional imagemagick-doc_6.8.9.9-5+deb8u6_all.deb 35802704757597c98a071f7cb7528a7e 169736 libdevel optional libmagickcore-6-headers_6.8.9.9-5+deb8u6_all.deb c30413c85b4a5fea6c1b19908de0def4 132636 libdevel optional libmagickwand-6-headers_6.8.9.9-5+deb8u6_all.deb 73d075e1fbdaa771ecf8d49c2d3ea49f 168342 libdevel optional libmagick++-6-headers_6.8.9.9-5+deb8u6_all.deb 85c3a09b5dabb82abdb8715ab23ac98c 157430 graphics optional imagemagick_6.8.9.9-5+deb8u6_amd64.deb 0afb6387916167a908238b650b903db8 175900 perl optional libimage-magick-perl_6.8.9.9-5+deb8u6_all.deb 783c009355eb8d3271adf2fa80ea93bd 131464 libdevel optional libmagickcore-6-arch-config_6.8.9.9-5+deb8u6_amd64.deb c600c8e26f9a346b1e51de7dddc06d82 510056 graphics optional imagemagick-6.q16_6.8.9.9-5+deb8u6_amd64.deb 8f9888fb205d6e192d5bd45e5fc37ae5 1694182 libs optional libmagickcore-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb d6f3cb605db44e722e4d648f15e472e4 172008 libs optional libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u6_amd64.deb 256833d363795fb656079ebc4999b5bf 1029388 libdevel optional libmagickcore-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb b857f1b8c5a876d820af746d5e194ad7 406222 libs optional libmagickwand-6.q16-2_6.8.9.9-5+deb8u6_amd64.deb 5eaef92cf5b64d739b71786c60fabdff 393268 libdevel optional libmagickwand-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb 0c521a6440694cb54c7179c88d934400 255678 libs optional libmagick++-6.q16-5_6.8.9.9-5+deb8u6_amd64.deb c382f68c5cdd78be5683e5901c2ef072 223538 libdevel optional libmagick++-6.q16-dev_6.8.9.9-5+deb8u6_amd64.deb 45820fd49870c7023c7f405ef233e44a 5011216 debug extra imagemagick-dbg_6.8.9.9-5+deb8u6_amd64.deb c1041962170018ac6c87b05c7ec0c27c 223110 perl optional libimage-magick-q16-perl_6.8.9.9-5+deb8u6_amd64.deb cea182aa55a9ec1b73f194b5913b8868 123742 oldlibs extra perlmagick_6.8.9.9-5+deb8u6_all.deb 24f8d817ac8ec4f84b803ed8f66a2537 123734 oldlibs extra libmagickcore-dev_6.8.9.9-5+deb8u6_all.deb 3bda90711b239e624ed67e18aa30c000 123718 oldlibs extra libmagickwand-dev_6.8.9.9-5+deb8u6_all.deb 8b7bea908cbcb2dfd3aefd88e85bdf31 123732 oldlibs extra libmagick++-dev_6.8.9.9-5+deb8u6_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYOdGOAAoJEG7C3vaP/jd0fIYP/15zkhUsRRJ/beJ/L1wc4Emq IUSf7VRiSldemCvY/FREnKTwAUEozladXUCEeovKeYmTGUo9/bMTwZhyt3DJcIwS UMj3aWzIPSwC7T+IMojCXaC24VMOdVi25wvOTx4FLCgqZfoqU2FwEymeHC8eowym GNVVIrLI6t/5HA05HhDlfpfjSb4YchZ5DZpCywglXH05ZlGX34BJYE6lAeD4A9YM eyS90W5mTaSBsusm9DooJu0YUz07aO7LwMOnDBjtzsz98klctREQ2rjbXb1xVHxV i+8JSPuLnfXt7d3UxR9vQa9oH5sV+X3bidp8k4wuvANY9e+vgR9drP/Gusbnqn2h zEkL9amk7ZVkv5xAHDjyAa4bpKcnetGbjGK2x4tbepgRsZ6gZxyi71MFOm3doLk9 ScPwZvdKnb7Ejpni/5AuWxw1f206kTe4QnLrWgbrwJk1yRAYS5ZJwK9aIr8KfHnB oqnVkcOXw82WyTYHOoti4ZdU5VY0Fq6Q9o47cy5WjCHw7nXOu5AizrusTIy3/7NP H2dJ+cF3KqCs1KKRSU+YJLHkGvMSr7PL6Op+LbPUBHkvvSHYGMwoZfo107CzW/+Q Yhz+9fheAnfuyflQY/8ajHewAou8A9yjIORVnF70DORpKwSwZCii+nfipiKCcvzF S1WtjkeAJIJWB98RO0Pw =hOlr -----END PGP SIGNATURE-----
--- End Message ---
