New upstream release fixes png handling vulnerabilities
Bug #7359 reported by
Debian Bug Importer
This bug report is a duplicate of:
Bug #7306: [CAN-2004-0597, CAN-2004-0598, CAN-2004-0599] stack-based buffer overflow and other code concerns.
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
imagemagick (Debian) |
Fix Released
|
Unknown
|
|||
imagemagick (Ubuntu) |
Invalid
|
High
|
Unassigned |
Bug Description
Automatically imported from Debian bug report #264361 http://
Changed in imagemagick: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Message-ID: <email address hidden>
Date: Sun, 8 Aug 2004 14:10:33 +0200
From: "J.H.M. Dassen (Ray)" <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: New upstream release fixes png handling vulnerabilities
Package: imagemagick
Version: 5:6.0.3.5-2
Severity: grave
Tags: upstream fixed-upstream security sarge sid
ImageMagick 6.0.4 has been released upstream. The change include (according
to freshmeat) "Recently disclosed libpng vulnerabilities were fixed. LZW
compression is now enabled by default."
"recently disclosed libpng vulnerabilities" include cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2004- 0597 cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2004- 0598 cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2004- 0599
http://
http://
http://
-- System Information: en_US.ISO8859- 1
Debian Release: 3.1
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=C, LC_CTYPE=
Versions of packages imagemagick depends on:
ii libmagick6 5:6.0.3.5-2 Image manipulation library (free v
-- no debconf information
--
Obsig: developing a new sig