Bug#845308: marked as done (RFS [RC][Security]: imagemagick/8:6.8.9.9-5+deb8u6)

To: Tobias Frost <tobi@debian.org>
Subject: Bug#845308: marked as done (RFS [RC][Security]: imagemagick/8:6.8.9.9-5+deb8u6)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 20 Dec 2016 06:21:03 +0000
Message-id: <[🔎] handler.845308.D845308.14822146239383.ackdone@bugs.debian.org>
References: <1482214618.20260.10.camel@debian.org> <CAE2SPAY8zuLXGSpRw4dV-wCK5jN-vFJ8nk6c3fdWJ6KYwtez4Q@mail.gmail.com>

Your message dated Tue, 20 Dec 2016 07:16:58 +0100
with message-id <1482214618.20260.10.camel@debian.org>
and subject line imagemagick/8:6.8.9.9-5+deb8u6 has been already uploaded
has caused the Debian Bug report #845308,
regarding RFS [RC][Security]: imagemagick/8:6.8.9.9-5+deb8u6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
845308: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845308
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: RFS [RC][Security]: imagemagick/8:6.8.9.9-5+deb8u6
From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Date: Tue, 22 Nov 2016 11:11:12 +0100
Message-id: <CAE2SPAY8zuLXGSpRw4dV-wCK5jN-vFJ8nk6c3fdWJ6KYwtez4Q@mail.gmail.com>

Package: sponsorship-requests
X-Debbugs-CC: team@security.debian.org
Severity: important
Dear mentors,

I am looking for a sponsor for my package "imagemagick"

* Package name : imagemagick
Version : 8:6.8.9.9-5+deb8u6
Section : graphics

It builds those binary packages:

imagemagick - image manipulation programs -- binaries
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics
routines -- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick
- header files
libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick
- development files
libmagick++-dev - object-oriented C++ interface to ImageMagick
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library --
quantum depth Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library -
extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library -
development files (Q16)
libmagickcore-dev - low-level image manipulation library -- transition package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library - transition for
development files
perlmagick - Perl interface to ImageMagick -- transition package

To access further information about this package, please visit the
following URL:

https://mentors.debian.net/package/imagemagick

Alternatively, one can download the package with dget using this command:

dget -x https://mentors.debian.net/debian/pool/main/i/imagemagick/imagemagick_6.8.9.9-5+deb8u6.dsc

This fix all opened security bug against jessie except CVE-2016-8862
and CVE-2016-8678, where I am waiting more information from upstream,
and that are more succeptible of trouble (first fix has done a
regression). I prefer to release early instead of getting a patch
queue of more than 50 fixes like in the beginning of this year.
Release often, release early

Changes since the last upload:

imagemagick (8:6.8.9.9-5+deb8u6) jessie-security; urgency=medium

* Fix CVE-2016-7799: global buffer overflow. (Closes: #840437).
* Fix CVE-2016-7906: use after free. (Closes: #840435).
* Fix a TIFF file buffer overflow. (Closes: #845195).
* Check return of fputc during TIFF file writing.
(Closes: #845196).
* Prevent buffer overflow by checking image extend
for TIFF (Closes: #845198).
* Avoid a out of bound read in VIFF file handler.
(Closes: #845212 and LP: #1545183).
* Avoid a DOS by not allowing too deep nested exception.
(Closes: #845213).
* Better check for buffer overflow in TIFF files
handling. (Closes: #845202).
* Fix CVE-2016-8677: memory allocate failure in AcquireQuantumPixels
(Closes: #845206).
* Prevent fault in MSL interpreter. (Closes: #845242).
* Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray
(Closes: #845242)
* Fix null pointer dereference in TIFF file handling.
(Closes: #845243).
* Added check for invalid number of frames in mat file
(Closes: #845244).
* Fix an out of bound read in mat file due to insuffisant allocation.
(Closes: #845246).

-- Bastien Roucariès <roucaries.bastien+debian@gmail.com> Mon, 21
Nov 2016 22:04:16 +0100

Regards,
bastien roucaries

--- End Message ---

--- Begin Message ---

To: 845308-done@bugs.debian.org

Subject: imagemagick/8:6.8.9.9-5+deb8u6 has been already uploaded

From: Tobias Frost <tobi@debian.org>

Date: Tue, 20 Dec 2016 07:16:58 +0100

Message-id: <1482214618.20260.10.camel@debian.org>
Closing.

--
tobi
--- End Message ---

Reply to:

Prev by Date: Bug#848133: RFS: rdup/1.1.15-1.0
Next by Date: Bug#848698: [RC] imagemagick
Previous by thread: Processed: Correct severity
Next by thread: Processed: retitle 848698 to RFS: imagemagick/8:6.9.7.0+dfsg-1 [RC,Security][experimental]
Index(es):
- Date
- Thread