[Bug 144425]
Jamie Strandboge
jamie at ubuntu.com
Fri Oct 14 20:16:28 UTC 2011
Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.
Please feel free to report any other bugs you may find.
** Changed in: graphicsmagick (Ubuntu Dapper)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/144425
Title:
[ImageMagick] security issues with releases prior to 6.3.5-9
Status in “graphicsmagick” package in Ubuntu:
Fix Released
Status in “imagemagick” package in Ubuntu:
Fix Released
Status in “graphicsmagick” source package in Dapper:
Won't Fix
Status in “imagemagick” source package in Dapper:
Fix Released
Status in “graphicsmagick” source package in Edgy:
Won't Fix
Status in “imagemagick” source package in Edgy:
Fix Released
Status in “graphicsmagick” source package in Feisty:
Won't Fix
Status in “imagemagick” source package in Feisty:
Fix Released
Status in “graphicsmagick” source package in Gutsy:
Won't Fix
Status in “imagemagick” source package in Gutsy:
Fix Released
Status in “graphicsmagick” package in Debian:
Fix Released
Status in “graphicsmagick” package in Gentoo Linux:
Fix Released
Bug description:
Binary package hint: imagemagick
From:
http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html
"iDefense is planning to announce a number of security issues with
ImageMagick in releases prior to 6.3.5-9. All known security issues
are resolved with the recent release of 6.3.5-9. The issues are
predominately data driven integer overflow that potentially cause less
memory to be allocated than required. We have addressed this security
flaw by introducing the AcquireQuantumMemory() method that accepts a
element count and size. If `count' times `size' overflow (i.e. result
greater than 4GB), we return an error. Note that there are no known
exploits for these issues but you might want to consider upgrading if
you can or to apply patches against any older versions of ImageMagick
you might be using."
References:
- Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594
- Multiple Vendor ImageMagick Off-By-One Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595
- Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596
- Multiple Vendor ImageMagick Sign Extension Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/graphicsmagick/+bug/144425/+subscriptions
More information about the foundations-bugs
mailing list