[ubuntu/cosmic-proposed] imagemagick 8:6.9.10.8+dfsg-1ubuntu1 (Accepted)

Gianfranco Costamagna locutusofborg at debian.org
Wed Aug 22 09:16:13 UTC 2018 

imagemagick (8:6.9.10.8+dfsg-1ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
  * Merge from Debian unstable.  Remaining changes:
    - Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
      but is not in main.
    - demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
      Recommends on libjxr-tools to Suggests, as it is in universe.
    - CVE-2017-15033.patch: cherry-pick CVE patch from upstream

imagemagick (8:6.9.10.8+dfsg-1) unstable; urgency=high

  * New upstream version
  * Fix security bugs:
    + CVE-2018-14551: The ReadMATImageV4 function in coders/mat.c
      uses an uninitialized variable, leading to memory corruption.
      (Closes: #904713)
    + CVE-2018-9135: A heap-based buffer over-read in IsWEBPImageLossless
      in coders/webp.c.
    + CVE-2018-14437: Memory leak in parse8BIM in coders/meta.c.
    + CVE-2018-14436: Memory leak in ReadMIFFImage in coders/miff.c.
    + CVE-2018-14435: Memory leak in DecodeImage in coders/pcd.c.
    + CVE-2018-14434: Memory leak for a colormap in WriteMPCImage
      in coders/mpc.c.
    + CVE-2018-13153: Memory leak in the XMagickCommand function
      in MagickCore/animate.c.

Date: Wed, 22 Aug 2018 11:14:55 +0200
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.8+dfsg-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 22 Aug 2018 11:14:55 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickcore-6.q16-dev libmagickwand-6.q16-6 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-6 libmagickcore-6.q16hdri-6-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-6 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.10.8+dfsg-1ubuntu1
Distribution: cosmic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-6 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-6-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-6.q16hdri-6 - low-level image manipulation library -- quantum depth Q16HDRI
 libmagickcore-6.q16hdri-6-extra - low-level image manipulation library - extra codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-6 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-6 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 904713
Changes:
 imagemagick (8:6.9.10.8+dfsg-1ubuntu1) cosmic; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
   * Merge from Debian unstable.  Remaining changes:
     - Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
       but is not in main.
     - demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
       Recommends on libjxr-tools to Suggests, as it is in universe.
     - CVE-2017-15033.patch: cherry-pick CVE patch from upstream
 .
 imagemagick (8:6.9.10.8+dfsg-1) unstable; urgency=high
 .
   * New upstream version
   * Fix security bugs:
     + CVE-2018-14551: The ReadMATImageV4 function in coders/mat.c
       uses an uninitialized variable, leading to memory corruption.
       (Closes: #904713)
     + CVE-2018-9135: A heap-based buffer over-read in IsWEBPImageLossless
       in coders/webp.c.
     + CVE-2018-14437: Memory leak in parse8BIM in coders/meta.c.
     + CVE-2018-14436: Memory leak in ReadMIFFImage in coders/miff.c.
     + CVE-2018-14435: Memory leak in DecodeImage in coders/pcd.c.
     + CVE-2018-14434: Memory leak for a colormap in WriteMPCImage
       in coders/mpc.c.
     + CVE-2018-13153: Memory leak in the XMagickCommand function
       in MagickCore/animate.c.
Checksums-Sha1:
 05e360437b017030184da068692203dc3f7c7925 5170 imagemagick_6.9.10.8+dfsg-1ubuntu1.dsc
 11f848e285ed2e40a030e623af22d992ddb3b9ab 9053868 imagemagick_6.9.10.8+dfsg.orig.tar.xz
 970e56d0325c15436b13330f73fc77e599a18ee7 222104 imagemagick_6.9.10.8+dfsg-1ubuntu1.debian.tar.xz
 fb0ed9e5d040e7a553612f5303fb004f712d531d 13837 imagemagick_6.9.10.8+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
 118f454807be17d848f4b9d184bd72a00c4e2b16a6d4d20afc399f80c84f17c1 5170 imagemagick_6.9.10.8+dfsg-1ubuntu1.dsc
 4f972b5f1c31a908d8e008bc182fe7534ecadb6cabc15b6415d3892bf92253f9 9053868 imagemagick_6.9.10.8+dfsg.orig.tar.xz
 ca4be9e1bd654329508811bd090357e17bb3a40a8887c34ed109eedd2c32b649 222104 imagemagick_6.9.10.8+dfsg-1ubuntu1.debian.tar.xz
 1b1a61397fd0ed67c243514f9affa5ceab3db39fcdc5b50bf82bd87b605fff8b 13837 imagemagick_6.9.10.8+dfsg-1ubuntu1_source.buildinfo
Files:
 b34b06ee7fe7b3e27ceb9d26025eccdb 5170 graphics optional imagemagick_6.9.10.8+dfsg-1ubuntu1.dsc
 5a9123997c34be71a9489b78565e2dc0 9053868 graphics optional imagemagick_6.9.10.8+dfsg.orig.tar.xz
 3c2ae3850f99aa137113632b2fbe430b 222104 graphics optional imagemagick_6.9.10.8+dfsg-1ubuntu1.debian.tar.xz
 44294e61a72ddb405389affcad4a4308 13837 graphics optional imagemagick_6.9.10.8+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAlt9KbUACgkQ808JdE6f
Xdl8Eg/+J7RHDanjIEx4cIKyuA0UP966AnMUsUoE7wU79jhHLoEKpP/QdC+bIhau
+lPgyAzncswmuL1rk4wY/NSUueAdWU97JlNHzj2/n9aW+SyW0SGZXy58VjJISx3w
0Y7nZNmR1OR/pSIVfaN7AFOzKZYHYnIIwGZvQiJbCAxurChxYEZNl+o4uQYKFfI3
7nEuEq2MrrCBQzeQmpypNpsasT0ZuFTt5kGjfyNeMFmS35kfHEDAtZ6ZTYfGSBth
S4jduAMDwCZjG2YV+A50v6umPMzYznuKvQ9B2tHD8lX8u92pOtNdv3a9X2N5lmwG
uxn+lxTKVzkgLJ0bgM8RqRPNNfPLUrouaVW4X3d0mqKk5o1DHini1QmAwCwJ3TKa
9aDs7rrY1Oqtvm7NeUUNuKW1eSwhXtzRR+GhaO7wZB0R5lqNYW7IgiaGoPBl9qCw
sHnLrOCAKzYrLMmXTECL+J75JCZOPR42smEcCjPWQsHE8dbmrlpjuWdoLqq+gNlL
r6exHPSmtj/R3+WJ7d7KgXaj/8DFK+ZF23rjjDXKRGH889gNpHf2DHrDXPTYhMR/
KMWmv/7MgLCDaei0YN7IRu2/iP5CHgpz2ingoJLUkDWLPieKIi6ezMxVGXoXiIeJ
8Ew9ufL5EP3m49PHinPfIda9K5wi87kG4kUg/iWGmnjxNFApD9o=
=aR7K
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list