[DSA 1858-1] New imagemagick packages fix several vulnerabilities

CVS version numbers english/security/2009/dsa-1858.data: INITIAL -> 1.1 english/security/2009/dsa-1858.wml: INITIAL -> 1.1
author: Simon Paillard <spaillard> 2009-08-11 14:14:18 +0000
committer: Simon Paillard <spaillard> 2009-08-11 14:14:18 +0000
commit: 61ba3af8cc7f18a42bbef906adf679dc76f8f45f (patch)
tree: fb285aec5ca51c4842d51bd1dbdb66f78f874a33
parent: 84bd0b210c49a0725dca20020b57d8c0ce853f18 (diff)
2 files changed, 313 insertions, 0 deletions
diff --git a/english/security/2009/dsa-1858.data b/english/security/2009/dsa-1858.data
new file mode 100644
index 00000000000..d41cb1eb795
--- /dev/null
+++ b/english/security/2009/dsa-1858.data
@@ -0,0 +1,223 @@
+<define-tag pagetitle>DSA-1858-1 imagemagick</define-tag>
+<define-tag report_date>2009-8-10</define-tag>
+<define-tag secrefs>CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882 Bug#418057 Bug#412945 Bug#444267 Bug#530838</define-tag>
+<define-tag packages>imagemagick</define-tag>
+<define-tag isvulnerable>yes</define-tag>
+<define-tag fixed>yes</define-tag>
+
+#use wml::debian::security
+
+<h3>Debian GNU/Linux 4.0 (etch)</h3>
+
+<dl>
+
+
+<dt><source />
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.tar.gz />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.dsc />
+
+<dt>Alpha:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_alpha.deb />
+
+<dt>AMD64:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb />
+
+<dt>ARM:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_arm.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_arm.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_arm.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_arm.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_arm.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_arm.deb />
+
+<dt>HP Precision:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_hppa.deb />
+
+<dt>Intel IA-32:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_i386.deb />
+
+<dt>Intel IA-64:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_ia64.deb />
+
+<dt>Big-endian MIPS:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_mips.deb />
+
+<dt>Little-endian MIPS:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb />
+
+<dt>PowerPC:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb />
+
+<dt>Sun Sparc:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_sparc.deb />
+</dl>
+
+<h3>Debian GNU/Linux 5.0 (lenny)</h3>
+
+<dl>
+
+
+<dt><source />
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2.orig.tar.gz />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz />
+
+<dt>Alpha:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_alpha.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_alpha.deb />
+
+<dt>AMD64:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_amd64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_amd64.deb />
+
+<dt>ARM EABI:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_armel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_armel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_armel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_armel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_armel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_armel.deb />
+
+<dt>HP Precision:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_hppa.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_hppa.deb />
+
+<dt>Intel IA-32:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb />
+
+<dt>Intel IA-64:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_ia64.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_ia64.deb />
+
+<dt>Big-endian MIPS:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_mips.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_mips.deb />
+
+<dt>Little-endian MIPS:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_mipsel.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_mipsel.deb />
+
+<dt>PowerPC:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_powerpc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_powerpc.deb />
+
+<dt>IBM S/390:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_s390.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_s390.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_s390.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_s390.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_s390.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_s390.deb />
+
+<dt>Sun Sparc:
+
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_sparc.deb />
+  <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_sparc.deb />
+
+</dl>
+
+<p><md5sums http://lists.debian.org/debian-security-announce/2009/msg00175.html /></p>
diff --git a/english/security/2009/dsa-1858.wml b/english/security/2009/dsa-1858.wml
new file mode 100644
index 00000000000..ff15cfe765c
--- /dev/null
+++ b/english/security/2009/dsa-1858.wml
@@ -0,0 +1,90 @@
+<define-tag description>multiple vulnerabilities</define-tag>
+<define-tag moreinfo>
+
+<p>Several vulnerabilities have been discovered in the imagemagick image
+manipulation programs which can lead to the execution of arbitrary code,
+exposure of sensitive information or cause DoS. The Common Vulnerabilities
+and Exposures project identifies the following problems:</p>
+
+<ul>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667">CVE-2007-1667</a>
+
+   <p>Multiple integer overflows in XInitImage function in xwd.c for
+   ImageMagick, allow user-assisted remote attackers to cause a denial of
+   service (crash) or obtain sensitive information via crafted images with
+   large or negative values that trigger a buffer overflow. It only affects
+   the oldstable distribution (etch).</p></li>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797">CVE-2007-1797</a>
+
+   <p>Multiple integer overflows allow remote attackers to execute arbitrary
+   code via a crafted DCM image, or the colors or comments field in a 
+   crafted XWD image. It only affects the oldstable distribution (etch).</p></li>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985">CVE-2007-4985</a>
+
+   <p>A crafted image file can trigger an infinite loop in the ReadDCMImage
+   function or in the ReadXCFImage function. It only affects the oldstable
+   distribution (etch).</p></li>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986">CVE-2007-4986</a>
+
+   <p>Multiple integer overflows allow context-dependent attackers to execute
+   arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,
+   which triggers a heap-based buffer overflow. It only affects the  
+   oldstable distribution (etch).</p></li>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987">CVE-2007-4987</a>
+
+   <p>Off-by-one error allows context-dependent attackers to execute arbitrary
+   code via a crafted image file, which triggers the writing of a '\0'
+   character to an out-of-bounds address. It affects only the oldstable
+   distribution (etch).</p></li>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988">CVE-2007-4988</a>
+
+   <p>A sign extension error allows context-dependent attackers to execute   
+   arbitrary code via a crafted width value in an image file, which 
+   triggers an integer overflow and a heap-based buffer overflow. It 
+   affects only the oldstable distribution (etch).</p></li>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1096">CVE-2008-1096</a>
+
+   <p>The load_tile function in the XCF coder allows user-assisted remote
+   attackers to cause a denial of service or possibly execute arbitrary 
+   code via a crafted .xcf file that triggers an out-of-bounds heap write.
+   It affects only to oldstable (etch).</p></li>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1097">CVE-2008-1097</a>
+
+   <p>Heap-based buffer overflow in the PCX coder allows user-assisted remote
+   attackers to cause a denial of service or possibly execute arbitrary 
+   code via a crafted .pcx file that triggers incorrect memory allocation 
+   for the scanline array, leading to memory corruption. It affects only to
+   oldstable (etch).</p></li>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882">CVE-2009-1882</a>
+
+   <p>Integer overflow allows remote attackers to cause a denial of service
+   (crash) and possibly execute arbitrary code via a crafted TIFF file, 
+   which triggers a buffer overflow.</p></li>
+
+</ul>
+
+<p>For the old stable distribution (etch), these problems have been fixed in
+version 7:6.2.4.5.dfsg1-0.15+etch1.</p>
+
+<p>For the stable distribution (lenny), these problems have been fixed in
+version 7:6.3.7.9.dfsg2-1~lenny3.</p>
+
+<p>For the upcoming stable distribution (squeeze) and the unstable
+distribution (sid), these problems have been fixed in version
+7:6.5.1.0-1.1.</p>
+
+<p>We recommend that you upgrade your imagemagick packages.</p>
+</define-tag>
+
+# do not modify the following line
+#include "$(ENGLISHDIR)/security/2009/dsa-1858.data"
+# $Id$
author	Simon Paillard <spaillard>	2009-08-11 14:14:18 +0000
committer	Simon Paillard <spaillard>	2009-08-11 14:14:18 +0000
commit	61ba3af8cc7f18a42bbef906adf679dc76f8f45f (patch)
tree	fb285aec5ca51c4842d51bd1dbdb66f78f874a33
parent	84bd0b210c49a0725dca20020b57d8c0ce853f18 (diff)