Ubuntu
imagemagick package

Bug #144425
Activity log

Activity log for bug #144425

Date	Who	What changed	Old value	New value	Message
2007-09-24 12:47:34	disabled.user	bug			added bug
2007-09-24 12:50:52	disabled.user	description	Binary package hint: imagemagick From: http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html "iDefense is planning to announce a number of security issues with ImageMagick in releases prior to 6.3.5-9. All known security issues are resolved with the recent release of 6.3.5-9. The issues are predominately data driven integer overflow that potentially cause less memory to be allocated than required. We have addressed this security flaw by introducing the AcquireQuantumMemory() method that accepts a element count and size. If `count' times `size' overflow (i.e. result greater than 4GB), we return an error. Note that there are no known exploits for these issues but you might want to consider upgrading if you can or to apply patches against any older versions of ImageMagick you might be using." References: - Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594 - Multiple Vendor ImageMagick Off-By-One Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595 - Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596 - Multiple Vendor ImageMagick Sign Extension Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597	Binary package hint: imagemagick From: http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html "iDefense is planning to announce a number of security issues with ImageMagick in releases prior to 6.3.5-9. All known security issues are resolved with the recent release of 6.3.5-9. The issues are predominately data driven integer overflow that potentially cause less memory to be allocated than required. We have addressed this security flaw by introducing the AcquireQuantumMemory() method that accepts a element count and size. If `count' times `size' overflow (i.e. result greater than 4GB), we return an error. Note that there are no known exploits for these issues but you might want to consider upgrading if you can or to apply patches against any older versions of ImageMagick you might be using." References: - Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594 - Multiple Vendor ImageMagick Off-By-One Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595 - Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596 - Multiple Vendor ImageMagick Sign Extension Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597
2007-10-01 20:42:09	Kees Cook	bug			assigned to graphicsmagick (Ubuntu)
2007-10-01 20:43:02	Kees Cook	graphicsmagick: importance	Undecided	Medium
2007-10-01 20:43:02	Kees Cook	graphicsmagick: assignee		keescook
2007-10-01 20:43:02	Kees Cook	graphicsmagick: status	New	In Progress
2007-10-01 20:43:15	Kees Cook	graphicsmagick: importance	Undecided	Medium
2007-10-01 20:43:15	Kees Cook	graphicsmagick: assignee		keescook
2007-10-01 20:43:15	Kees Cook	graphicsmagick: status	New	In Progress
2007-10-01 20:43:29	Kees Cook	graphicsmagick: importance	Undecided	Medium
2007-10-01 20:43:29	Kees Cook	graphicsmagick: assignee		keescook
2007-10-01 20:43:29	Kees Cook	graphicsmagick: status	New	In Progress
2007-10-01 20:43:46	Kees Cook	graphicsmagick: importance	Undecided	Medium
2007-10-01 20:43:46	Kees Cook	graphicsmagick: status	New	Confirmed
2007-10-01 20:44:01	Kees Cook	graphicsmagick: status	In Progress	Confirmed
2007-10-01 20:44:01	Kees Cook	graphicsmagick: assignee	keescook
2007-10-02 20:58:47	Kees Cook	graphicsmagick: status	In Progress	Confirmed
2007-10-02 20:58:47	Kees Cook	graphicsmagick: assignee	keescook
2007-10-02 20:58:52	Kees Cook	graphicsmagick: status	In Progress	Confirmed
2007-10-02 20:58:52	Kees Cook	graphicsmagick: assignee	keescook
2007-10-02 20:59:01	Kees Cook	imagemagick: importance	Undecided	Medium
2007-10-02 20:59:01	Kees Cook	imagemagick: assignee		keescook
2007-10-02 20:59:01	Kees Cook	imagemagick: status	New	In Progress
2007-10-02 20:59:06	Kees Cook	imagemagick: importance	Undecided	Medium
2007-10-02 20:59:06	Kees Cook	imagemagick: assignee		keescook
2007-10-02 20:59:06	Kees Cook	imagemagick: status	New	In Progress
2007-10-02 20:59:10	Kees Cook	imagemagick: importance	Undecided	Medium
2007-10-02 20:59:10	Kees Cook	imagemagick: assignee		keescook
2007-10-02 20:59:10	Kees Cook	imagemagick: status	New	In Progress
2007-10-02 20:59:51	Kees Cook	imagemagick: importance	Undecided	Medium
2007-10-02 20:59:51	Kees Cook	imagemagick: assignee		keescook
2007-10-02 20:59:51	Kees Cook	imagemagick: status	New	In Progress
2007-10-03 18:23:39	Kees Cook	imagemagick: status	In Progress	Fix Released
2007-10-03 18:23:41	Kees Cook	imagemagick: status	In Progress	Fix Released
2007-10-03 18:23:49	Kees Cook	imagemagick: status	In Progress	Fix Released
2007-10-03 18:23:53	Kees Cook	imagemagick: status	In Progress	Fix Released
2007-11-09 12:04:19	William Grant	bug			added subscriber MOTU SWAT Team
2007-11-09 12:05:38	William Grant	bug			assigned to graphicsmagick (Debian)
2007-11-10 10:26:29	Bug Watch Updater	graphicsmagick: status	Unknown	New
2008-02-27 08:50:44	Bug Watch Updater	graphicsmagick: status	New	Fix Released
2008-03-23 07:30:58	William Grant	graphicsmagick: status	Confirmed	In Progress
2008-03-23 07:30:58	William Grant	graphicsmagick: assignee		fujitsu
2008-04-09 15:35:52	Emanuele Gentili	bug			assigned to graphicsmagick (Gentoo Linux)
2008-04-09 17:17:21	Bug Watch Updater	graphicsmagick: status	Unknown	Fix Released
2008-04-22 07:57:10	William Grant	graphicsmagick: status	In Progress	Fix Released
2008-07-24 17:06:48	Hew	graphicsmagick: status	Confirmed	Won't Fix
2008-12-15 02:04:38	Hew	graphicsmagick: status	Confirmed	Won't Fix
2008-12-15 02:04:38	Hew	graphicsmagick: statusexplanation		Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.
2009-05-07 10:05:24	Sergio Zanchetta	graphicsmagick (Ubuntu Gutsy): status	Confirmed	Won't Fix
2011-02-04 07:56:54	Bug Watch Updater	graphicsmagick (Gentoo Linux): importance	Unknown	High
2011-10-14 20:16:33	Jamie Strandboge	graphicsmagick (Ubuntu Dapper): status	Confirmed	Won't Fix
2011-10-15 01:00:11	Hew	removed subscriber Hew McLachlan
2020-04-03 13:19:55	Bug Watch Updater	bug watch added		https://bugs.gentoo.org/show_bug.cgi?id=191001

Ubuntuimagemagick package

Activity log for bug #144425

Ubuntu
imagemagick package