diff options
author | Simon Paillard <spaillard> | 2009-08-11 14:14:18 +0000 |
---|---|---|
committer | Simon Paillard <spaillard> | 2009-08-11 14:14:18 +0000 |
commit | 61ba3af8cc7f18a42bbef906adf679dc76f8f45f (patch) | |
tree | fb285aec5ca51c4842d51bd1dbdb66f78f874a33 | |
parent | 84bd0b210c49a0725dca20020b57d8c0ce853f18 (diff) |
[DSA 1858-1] New imagemagick packages fix several vulnerabilities
CVS version numbers
english/security/2009/dsa-1858.data: INITIAL -> 1.1
english/security/2009/dsa-1858.wml: INITIAL -> 1.1
-rw-r--r-- | english/security/2009/dsa-1858.data | 223 | ||||
-rw-r--r-- | english/security/2009/dsa-1858.wml | 90 |
2 files changed, 313 insertions, 0 deletions
diff --git a/english/security/2009/dsa-1858.data b/english/security/2009/dsa-1858.data new file mode 100644 index 00000000000..d41cb1eb795 --- /dev/null +++ b/english/security/2009/dsa-1858.data @@ -0,0 +1,223 @@ +<define-tag pagetitle>DSA-1858-1 imagemagick</define-tag> +<define-tag report_date>2009-8-10</define-tag> +<define-tag secrefs>CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882 Bug#418057 Bug#412945 Bug#444267 Bug#530838</define-tag> +<define-tag packages>imagemagick</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> + +#use wml::debian::security + +<h3>Debian GNU/Linux 4.0 (etch)</h3> + +<dl> + + +<dt><source /> + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.tar.gz /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.dsc /> + +<dt>Alpha: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_alpha.deb /> + +<dt>AMD64: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb /> + +<dt>ARM: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_arm.deb /> + +<dt>HP Precision: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_hppa.deb /> + +<dt>Intel IA-32: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_i386.deb /> + +<dt>Intel IA-64: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_ia64.deb /> + +<dt>Big-endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_mips.deb /> + +<dt>Little-endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb /> + +<dt>PowerPC: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb /> + +<dt>Sun Sparc: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_sparc.deb /> +</dl> + +<h3>Debian GNU/Linux 5.0 (lenny)</h3> + +<dl> + + +<dt><source /> + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2.orig.tar.gz /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz /> + +<dt>Alpha: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_alpha.deb /> + +<dt>AMD64: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_amd64.deb /> + +<dt>ARM EABI: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_armel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_armel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_armel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_armel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_armel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_armel.deb /> + +<dt>HP Precision: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_hppa.deb /> + +<dt>Intel IA-32: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb /> + +<dt>Intel IA-64: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_ia64.deb /> + +<dt>Big-endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_mips.deb /> + +<dt>Little-endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_mipsel.deb /> + +<dt>PowerPC: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_powerpc.deb /> + +<dt>IBM S/390: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_s390.deb /> + +<dt>Sun Sparc: + + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_sparc.deb /> + +</dl> + +<p><md5sums http://lists.debian.org/debian-security-announce/2009/msg00175.html /></p> diff --git a/english/security/2009/dsa-1858.wml b/english/security/2009/dsa-1858.wml new file mode 100644 index 00000000000..ff15cfe765c --- /dev/null +++ b/english/security/2009/dsa-1858.wml @@ -0,0 +1,90 @@ +<define-tag description>multiple vulnerabilities</define-tag> +<define-tag moreinfo> + +<p>Several vulnerabilities have been discovered in the imagemagick image +manipulation programs which can lead to the execution of arbitrary code, +exposure of sensitive information or cause DoS. The Common Vulnerabilities +and Exposures project identifies the following problems:</p> + +<ul> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667">CVE-2007-1667</a> + + <p>Multiple integer overflows in XInitImage function in xwd.c for + ImageMagick, allow user-assisted remote attackers to cause a denial of + service (crash) or obtain sensitive information via crafted images with + large or negative values that trigger a buffer overflow. It only affects + the oldstable distribution (etch).</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797">CVE-2007-1797</a> + + <p>Multiple integer overflows allow remote attackers to execute arbitrary + code via a crafted DCM image, or the colors or comments field in a + crafted XWD image. It only affects the oldstable distribution (etch).</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985">CVE-2007-4985</a> + + <p>A crafted image file can trigger an infinite loop in the ReadDCMImage + function or in the ReadXCFImage function. It only affects the oldstable + distribution (etch).</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986">CVE-2007-4986</a> + + <p>Multiple integer overflows allow context-dependent attackers to execute + arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, + which triggers a heap-based buffer overflow. It only affects the + oldstable distribution (etch).</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987">CVE-2007-4987</a> + + <p>Off-by-one error allows context-dependent attackers to execute arbitrary + code via a crafted image file, which triggers the writing of a '\0' + character to an out-of-bounds address. It affects only the oldstable + distribution (etch).</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988">CVE-2007-4988</a> + + <p>A sign extension error allows context-dependent attackers to execute + arbitrary code via a crafted width value in an image file, which + triggers an integer overflow and a heap-based buffer overflow. It + affects only the oldstable distribution (etch).</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1096">CVE-2008-1096</a> + + <p>The load_tile function in the XCF coder allows user-assisted remote + attackers to cause a denial of service or possibly execute arbitrary + code via a crafted .xcf file that triggers an out-of-bounds heap write. + It affects only to oldstable (etch).</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1097">CVE-2008-1097</a> + + <p>Heap-based buffer overflow in the PCX coder allows user-assisted remote + attackers to cause a denial of service or possibly execute arbitrary + code via a crafted .pcx file that triggers incorrect memory allocation + for the scanline array, leading to memory corruption. It affects only to + oldstable (etch).</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882">CVE-2009-1882</a> + + <p>Integer overflow allows remote attackers to cause a denial of service + (crash) and possibly execute arbitrary code via a crafted TIFF file, + which triggers a buffer overflow.</p></li> + +</ul> + +<p>For the old stable distribution (etch), these problems have been fixed in +version 7:6.2.4.5.dfsg1-0.15+etch1.</p> + +<p>For the stable distribution (lenny), these problems have been fixed in +version 7:6.3.7.9.dfsg2-1~lenny3.</p> + +<p>For the upcoming stable distribution (squeeze) and the unstable +distribution (sid), these problems have been fixed in version +7:6.5.1.0-1.1.</p> + +<p>We recommend that you upgrade your imagemagick packages.</p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2009/dsa-1858.data" +# $Id$ |