[ubuntu/artful-proposed] imagemagick 8:6.9.7.4+dfsg-9ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue May 30 16:01:14 UTC 2017
imagemagick (8:6.9.7.4+dfsg-9ubuntu1) artful; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
imagemagick (8:6.9.7.4+dfsg-9) unstable; urgency=high
* Security fixes assertion failure and memory leaks:
+ Check for EOF conditions for RLE image format. (Closes: #863126).
Fix CVE-2017-9144.
+ A crafted file revealed an assertion failure in blob.c.
(Closes: #863125).
Fix CVE-2017-9142.
+ A crafted file revealed an assertion failure in profile.c.
(Closes: #863124). Fix CVE-2017-9142.
+ Specially crafted arts file could lead to memory leak.
(Closes: #863123). Fix CVE-2017-9143.
* Fix an information leak due to the use of uninitialized memory
in RLE decoder. (Closes: #862967). Fix CVE-2017-9098.
imagemagick (8:6.9.7.4+dfsg-8) unstable; urgency=high
* Bug fix: "Built-Using field with binary version", thanks to Aurelien
Jarno (Closes: #862690).
imagemagick (8:6.9.7.4+dfsg-7) unstable; urgency=medium
* Fix a few securities bug:
+ Fix CVE-2017-8343: The ReadAAIImage function in
aai.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (Closes: #862572).
+ Fix CVE-2017-8344: Fix DOS in PCX file coders.
(Closes: #862574).
+ Fix CVE-2017-8345: The ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #862573)
+ Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file. (Closes: #862575).
+ Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577).
+ Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578).
+ Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579).
+ Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587).
+ Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589).
+ Fix CVE-2017-8352: Fix DOS in xwd file coders. (Closes: #862590).
+ Fix CVE-2017-8353: Fix DOS in pict file coders. (Closes: #862632).
+ Fix CVE-2017-8354: Fix DOS in bmp file coders. (Closes: #862633).
+ Fix CVE-2017-8355: Fix DOS in mtv file coders. (Closes: #862634).
+ Fix CVE-2017-8356: Fix DOS in sun file coders. (Closes: #862635).
+ Fix CVE-2017-8357: Fix DOS in ept file coders. (Closes: #862636).
+ Fix CVE-2017-8765: Fix DOS in icon file coders. (Closes: #862653).
+ Fix CVE-2017-8830: Fix DOS in bmp file coders. (Closes: #862637).
Date: Tue, 30 May 2017 10:24:23 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-9ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 30 May 2017 10:24:23 -0400
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-9ubuntu1
Distribution: artful
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 862572 862573 862574 862575 862577 862578 862579 862587 862589 862590 862632 862633 862634 862635 862636 862637 862653 862690 862967 863123 863124 863125 863126
Changes:
imagemagick (8:6.9.7.4+dfsg-9ubuntu1) artful; urgency=medium
.
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
.
imagemagick (8:6.9.7.4+dfsg-9) unstable; urgency=high
.
* Security fixes assertion failure and memory leaks:
+ Check for EOF conditions for RLE image format. (Closes: #863126).
Fix CVE-2017-9144.
+ A crafted file revealed an assertion failure in blob.c.
(Closes: #863125).
Fix CVE-2017-9142.
+ A crafted file revealed an assertion failure in profile.c.
(Closes: #863124). Fix CVE-2017-9142.
+ Specially crafted arts file could lead to memory leak.
(Closes: #863123). Fix CVE-2017-9143.
* Fix an information leak due to the use of uninitialized memory
in RLE decoder. (Closes: #862967). Fix CVE-2017-9098.
.
imagemagick (8:6.9.7.4+dfsg-8) unstable; urgency=high
.
* Bug fix: "Built-Using field with binary version", thanks to Aurelien
Jarno (Closes: #862690).
.
imagemagick (8:6.9.7.4+dfsg-7) unstable; urgency=medium
.
* Fix a few securities bug:
+ Fix CVE-2017-8343: The ReadAAIImage function in
aai.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (Closes: #862572).
+ Fix CVE-2017-8344: Fix DOS in PCX file coders.
(Closes: #862574).
+ Fix CVE-2017-8345: The ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #862573)
+ Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file. (Closes: #862575).
+ Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577).
+ Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578).
+ Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579).
+ Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587).
+ Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589).
+ Fix CVE-2017-8352: Fix DOS in xwd file coders. (Closes: #862590).
+ Fix CVE-2017-8353: Fix DOS in pict file coders. (Closes: #862632).
+ Fix CVE-2017-8354: Fix DOS in bmp file coders. (Closes: #862633).
+ Fix CVE-2017-8355: Fix DOS in mtv file coders. (Closes: #862634).
+ Fix CVE-2017-8356: Fix DOS in sun file coders. (Closes: #862635).
+ Fix CVE-2017-8357: Fix DOS in ept file coders. (Closes: #862636).
+ Fix CVE-2017-8765: Fix DOS in icon file coders. (Closes: #862653).
+ Fix CVE-2017-8830: Fix DOS in bmp file coders. (Closes: #862637).
Checksums-Sha1:
3c1949765ac5f1b52f67281c9960eedf65733ad3 5208 imagemagick_6.9.7.4+dfsg-9ubuntu1.dsc
8b59ad4ca982549cdc3910ae1312c9c7681989f8 8929800 imagemagick_6.9.7.4+dfsg.orig.tar.xz
8f460d808ce14c1f85429a90ced36c5051f491dc 222572 imagemagick_6.9.7.4+dfsg-9ubuntu1.debian.tar.xz
7e7ba5e3fb42f67952152a9b56be07f173d3293f 15263 imagemagick_6.9.7.4+dfsg-9ubuntu1_source.buildinfo
Checksums-Sha256:
1be304d34758676ad5ba6432114c82ae018da31115838cf99e785c233dda7a77 5208 imagemagick_6.9.7.4+dfsg-9ubuntu1.dsc
47fb2cdd26f5913318c4504f16ea363e04d1f400dda9ec52e461ab661d724026 8929800 imagemagick_6.9.7.4+dfsg.orig.tar.xz
8e0eed9c08831626983a7e6687fd8f1b08639f89dd4d6f20b73380fe35af0bc1 222572 imagemagick_6.9.7.4+dfsg-9ubuntu1.debian.tar.xz
b4112083a4dc0119de13b64dd953bb326ddd01fcfb8984e7a6fc228cf29be5d1 15263 imagemagick_6.9.7.4+dfsg-9ubuntu1_source.buildinfo
Files:
903505dfc07d6c062169533289926d59 5208 graphics optional imagemagick_6.9.7.4+dfsg-9ubuntu1.dsc
a43e39ad84d37e9ffcec5346bf12e446 8929800 graphics optional imagemagick_6.9.7.4+dfsg.orig.tar.xz
794e71f0903536e6fddcdeaabac70970 222572 graphics optional imagemagick_6.9.7.4+dfsg-9ubuntu1.debian.tar.xz
6d091994f5a0f00dca65a8f9af1f774c 15263 graphics optional imagemagick_6.9.7.4+dfsg-9ubuntu1_source.buildinfo
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJZLZW0AAoJEGVp2FWnRL6TkigP/18AjeHd+TPYi0+aQHFLrBSh
kXXzR6k8oSgyYBL4+fB119M9Sb57wUyKAKHkd5OupHeLdT3v5DnBpxP9qFWJSe6e
Z/1LhNy63xaN4ilpSdbGIGR50B0mPsdYTIsKgmYaT8Gcl6463oYBTNd2l/KyeJ9A
ar2kVcskbvJIrFMBI/XNZ9s9936MtusUI4IMjmMcDbpOFt/oykIJe6TCy8mewZB+
L/LpQSZtZ8K7SnZu2Ps7TlI5aYGHpt30gXFzXLdQbdQZJ6oBOZwfmibrtjdgrbM1
yZ79gVwylwkChxW81ecsoRyLc5S4G5iQWaCHX46V48t5Lw7S0umITf6vaQjbY/0W
IxsMCur1UALdHgN35YsM3/QPlXe9vR4IjjYONMej2q2qduaDbmYmykJvGiG9Hme8
uquAT7lKm0MNcszuNJIzCGq1U/Bt+52ufgSm9aV5jYEEN82z/XK7/m9zjHb+YbCp
cVYS2kdDa5VPotn616WX/hgVd9HmO5If05qUxqO5U40bXqC+JXvrrFH5s79iFSCB
F0GabcKrYw6oeCf/z9DyDpTCDjESeCJXzKkhv752DgC/PgLN32jBq5AhtljlNZsY
w1C8pg/ZasyMjf/enTnIOCA5eFTkRmgHjMQJ6UTiPznS6Rjre37nLjjG40vw26Wx
yI6EZrJLj0M15wZvjFah
=Oulc
-----END PGP SIGNATURE-----
More information about the Artful-changes
mailing list