-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 04 Oct 2007 18:54:56 +0200 Source: imagemagick Binary: perlmagick libmagick9 libmagick9-dev imagemagick libmagick++9-dev libmagick++9c2a Architecture: source i386 Version: 7:6.2.4.5.dfsg1-1+lenny1 Distribution: testing-security Urgency: high Maintainer: Luciano Bello <luciano@linux.org.ar> Changed-By: Nico Golde <nion@debian.org> Description: imagemagick - Image manipulation programs libmagick++9-dev - The object-oriented C++ API to the ImageMagick library--developme libmagick++9c2a - The object-oriented C++ API to the ImageMagick library libmagick9 - Image manipulation library libmagick9-dev - Image manipulation library -- development perlmagick - A perl interface to the libMagick graphics routines Changes: imagemagick (7:6.2.4.5.dfsg1-1+lenny1) testing-security; urgency=high . * Non maintainer upload by testing security team based on unstable package by Daniel Kobras. * The following security issues are addressed with this update: - CVE-2007-4985: integer overflow in DCM and XCF coders which leads to an infinite loop in the ReadDCMImage function - CVE-2007-4986: multiple integer overflows in DCM, DIB, XBM, XCF, and XWD coders which triggered a heap-based buffer overflow - CVE-2007-4987: off-by-one error in ReadBlobString which could lead to arbitrary code execution - CVE-2007-4988: sign extension error in ReadDIBImage function which could lead to arbitrary code execution via a crafted image file Files: 7d13123b605e7a8806c610d71ab6e95f 1065 graphics optional imagemagick_6.2.4.5.dfsg1-1+lenny1.dsc 2c5d3723d25c4119cf003efce2161c56 5203463 graphics optional imagemagick_6.2.4.5.dfsg1.orig.tar.gz 311a8378538235124bd842ca07c28f26 105247 graphics optional imagemagick_6.2.4.5.dfsg1-1+lenny1.diff.gz 628addba283bc8007dd81831d03e8448 748806 graphics optional imagemagick_6.2.4.5.dfsg1-1+lenny1_i386.deb 232616c23f72f05629fe0ad030f961e4 1279276 libs optional libmagick9_6.2.4.5.dfsg1-1+lenny1_i386.deb 6d97f537a51bc5501a9f2ba4c0dd098e 1578078 libdevel optional libmagick9-dev_6.2.4.5.dfsg1-1+lenny1_i386.deb 3a9b9f8c1eb9006559ac4b35a8f461f7 192710 libs optional libmagick++9c2a_6.2.4.5.dfsg1-1+lenny1_i386.deb 484ac950734290767fba40923183ab62 228056 libdevel optional libmagick++9-dev_6.2.4.5.dfsg1-1+lenny1_i386.deb 5fb676cc51d3aaf6f581e2ed62f3c83b 171860 perl optional perlmagick_6.2.4.5.dfsg1-1+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHBSD8HYflSXNkfP8RArHGAKCzx7PFlaXaMhPRulbNnTMICj6GJwCdFC67 zwtdBoXqLDdFUTrvVNK1X4c= =SvP3 -----END PGP SIGNATURE----- Accepted: imagemagick_6.2.4.5.dfsg1-1+lenny1.diff.gz to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1+lenny1.diff.gz imagemagick_6.2.4.5.dfsg1-1+lenny1.dsc to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1+lenny1.dsc imagemagick_6.2.4.5.dfsg1-1+lenny1_i386.deb to pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-1+lenny1_i386.deb libmagick++9-dev_6.2.4.5.dfsg1-1+lenny1_i386.deb to pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-1+lenny1_i386.deb libmagick++9c2a_6.2.4.5.dfsg1-1+lenny1_i386.deb to pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-1+lenny1_i386.deb libmagick9-dev_6.2.4.5.dfsg1-1+lenny1_i386.deb to pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-1+lenny1_i386.deb libmagick9_6.2.4.5.dfsg1-1+lenny1_i386.deb to pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-1+lenny1_i386.deb perlmagick_6.2.4.5.dfsg1-1+lenny1_i386.deb to pool/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-1+lenny1_i386.deb