[ubuntu/hirsute-proposed] imagemagick 8:6.9.11.60+dfsg-1ubuntu1 (Accepted)
Matthias Klose
doko at ubuntu.com
Mon Apr 12 09:45:54 UTC 2021
imagemagick (8:6.9.11.60+dfsg-1ubuntu1) hirsute; urgency=medium
* FFe: LP: #1923350.
* Merge with Debian; remaining changes:
- SECURITY UPDATE: code execution vulnerabilities in ghostscript as
invoked by imagemagick
- debian/patches/200-disable-ghostscript-formats.patch: disable
ghostscript handled types by default in policy.xml
- debian/tests/rose-*: remove pdf tests.
* imagemagick is now in universe, so drop all the the patches removing
build dependencies for main packages.
imagemagick (8:6.9.11.60+dfsg-1) unstable; urgency=high
* New upstream version
- Bug fix: "gscan2pdf tests fail", thanks to Sergio Durigan Junior
(Closes: #980202).
imagemagick (8:6.9.11.58+dfsg-1) unstable; urgency=medium
* New upstream version:
- Fix error on i386 with php
* Bug fix (workarround): "Many doubled www/www; broken links on
index.html", thanks to 積丹尼 Dan Jacobson (Closes: #978138).
imagemagick (8:6.9.11.57+dfsg-1) unstable; urgency=medium
* New upstream version:
- Bug fix: "CVE-2020-29599", imagemagick mishandles the
-authenticate option, which allows setting a password
for password-protected PDF files. The user-controlled
password was not properly escaped/sanitized and it
was therefore possible to inject additional shell commands
via coders/pdf.c. Thanks to Salvatore Bonaccorso
(Closes: #977205).
- Bug fix: "CVE-2020-27560: Division by Zero in function
OptimizeLayerFrames", thanks to Salvatore Bonaccorso
(Closes: #972797).
* Fix dh_doxygen FTBFS (Closes: #971216)
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
* Acknowledge NMU
* New upstream version:
- Fix CVE-2019-11470: Cineon image parsing DOS (Closes: #927830).
- Fix CVE-2019-11472: XWD image parsing DOS (Closes: #927828).
- Fix CVE-2020-13902: Heap based overflow in TIFF image decoding.
(Closes: #928207).
- Fix CVE-2019-11598: Heap-based buffer over-read in PNM image
decoding (Closes: #928206).
- Fix CVE-2019-12974: NULL pointer dereference in pango coder.
(Closes: #931196).
- Fix CVE-2019-12977: use of uninitialized value" vulnerability
in the WriteJP2Image of jp2 coder (Closes: #931191).
- Fix CVE-2019-12978: use of uninitialized value" vulnerability
in the pango coder. (Closes: #931190).
- Fix CVE-2019-12979: use of uninitialized value" vulnerability
in MagickCore/image.c (Closes: #931189).
- Fix CVE-2019-13135: use of uninitialized value" vulnerability
in the cut coder (Closes: #932079).
- Fix CVE-2019-13295: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931457).
- Fix CVE-2019-13297: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931455).
- Fix CVE-2019-13300: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931454).
- Fix CVE-2019-13304: stack-based buffer overflow for
PNM image (Closes: #931453).
- Fix CVE-2019-13305: stack-based buffer overflow for
PNM image (Closes: #931452).
- Fix CVE-2019-13306: stack-based buffer overflow for
PNM image (Closes: #931449).
- Fix CVE-2019-13307: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931448).
- Fix CVE-2019-13308: heap-based buffer overflow in
MagickCore/fourier.c (Closes: #931447).
- Fix CVE-2019-13391: heap-based buffer over-read (Closes: #931633).
- Fix CVE-2019-13454: Division by Zero in MagickCore/layer.c
(Closes: #931740).
- Fix CVE-2019-14981: divide-by-zero in MeanShiftImage
(Closes: #955025).
- Fix CVE-2019-15139: DOS for XWD images (Closes: #941670).
- Fix CVE-2019-15140: DOS for mat images (Closes: #941671).
- Fix CVE-2019-19948: Heap-based buffer overflow in SGI coder
(Closes: #947308).
- Fix CVE-2019-19949: Heap buffer over-read in PNG coder
(Closes: #947309).
- Fix CVE-2020-10251: out-of-bounds read vulnerability for HEIC
coder (Closes: #953741).
- Fix CVE-2020-13902: heap-based buffer over-read for TIFF coder.
* Bug fix: "Updating the imagemagick Uploaders list", thanks to Tobias
Frost (Closes: #962110). Thanks Nelson A. de Oliveira
* Add link in api doc dir to assets javascript library
* Fix a typo in convert man page (Closes: #953279,#947983,#921594).
* Fix a pkgconfig error that pull q16 instead of q16hdri (Closes: #950282).
Date: Sun, 11 Apr 2021 14:32:48 +0200
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Sun, 11 Apr 2021 14:32:48 +0200
Source: imagemagick
Built-For-Profiles: noudeb
Architecture: source
Version: 8:6.9.11.60+dfsg-1ubuntu1
Distribution: hirsute
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Matthias Klose <doko at ubuntu.com>
Closes: 921594 927828 927830 928206 928207 931189 931190 931191 931196 931447 931448 931449 931452 931453 931454 931455 931457 931633 931740 932079 941670 941671 947308 947309 947983 950282 953279 953741 955025 962110 971216 972797 977205 978138 980202
Launchpad-Bugs-Fixed: 1923350
Changes:
imagemagick (8:6.9.11.60+dfsg-1ubuntu1) hirsute; urgency=medium
.
* FFe: LP: #1923350.
* Merge with Debian; remaining changes:
- SECURITY UPDATE: code execution vulnerabilities in ghostscript as
invoked by imagemagick
- debian/patches/200-disable-ghostscript-formats.patch: disable
ghostscript handled types by default in policy.xml
- debian/tests/rose-*: remove pdf tests.
* imagemagick is now in universe, so drop all the the patches removing
build dependencies for main packages.
.
imagemagick (8:6.9.11.60+dfsg-1) unstable; urgency=high
.
* New upstream version
- Bug fix: "gscan2pdf tests fail", thanks to Sergio Durigan Junior
(Closes: #980202).
.
imagemagick (8:6.9.11.58+dfsg-1) unstable; urgency=medium
.
* New upstream version:
- Fix error on i386 with php
* Bug fix (workarround): "Many doubled www/www; broken links on
index.html", thanks to 積丹尼 Dan Jacobson (Closes: #978138).
.
imagemagick (8:6.9.11.57+dfsg-1) unstable; urgency=medium
.
* New upstream version:
- Bug fix: "CVE-2020-29599", imagemagick mishandles the
-authenticate option, which allows setting a password
for password-protected PDF files. The user-controlled
password was not properly escaped/sanitized and it
was therefore possible to inject additional shell commands
via coders/pdf.c. Thanks to Salvatore Bonaccorso
(Closes: #977205).
- Bug fix: "CVE-2020-27560: Division by Zero in function
OptimizeLayerFrames", thanks to Salvatore Bonaccorso
(Closes: #972797).
* Fix dh_doxygen FTBFS (Closes: #971216)
.
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
.
* Acknowledge NMU
* New upstream version:
- Fix CVE-2019-11470: Cineon image parsing DOS (Closes: #927830).
- Fix CVE-2019-11472: XWD image parsing DOS (Closes: #927828).
- Fix CVE-2020-13902: Heap based overflow in TIFF image decoding.
(Closes: #928207).
- Fix CVE-2019-11598: Heap-based buffer over-read in PNM image
decoding (Closes: #928206).
- Fix CVE-2019-12974: NULL pointer dereference in pango coder.
(Closes: #931196).
- Fix CVE-2019-12977: use of uninitialized value" vulnerability
in the WriteJP2Image of jp2 coder (Closes: #931191).
- Fix CVE-2019-12978: use of uninitialized value" vulnerability
in the pango coder. (Closes: #931190).
- Fix CVE-2019-12979: use of uninitialized value" vulnerability
in MagickCore/image.c (Closes: #931189).
- Fix CVE-2019-13135: use of uninitialized value" vulnerability
in the cut coder (Closes: #932079).
- Fix CVE-2019-13295: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931457).
- Fix CVE-2019-13297: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931455).
- Fix CVE-2019-13300: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931454).
- Fix CVE-2019-13304: stack-based buffer overflow for
PNM image (Closes: #931453).
- Fix CVE-2019-13305: stack-based buffer overflow for
PNM image (Closes: #931452).
- Fix CVE-2019-13306: stack-based buffer overflow for
PNM image (Closes: #931449).
- Fix CVE-2019-13307: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931448).
- Fix CVE-2019-13308: heap-based buffer overflow in
MagickCore/fourier.c (Closes: #931447).
- Fix CVE-2019-13391: heap-based buffer over-read (Closes: #931633).
- Fix CVE-2019-13454: Division by Zero in MagickCore/layer.c
(Closes: #931740).
- Fix CVE-2019-14981: divide-by-zero in MeanShiftImage
(Closes: #955025).
- Fix CVE-2019-15139: DOS for XWD images (Closes: #941670).
- Fix CVE-2019-15140: DOS for mat images (Closes: #941671).
- Fix CVE-2019-19948: Heap-based buffer overflow in SGI coder
(Closes: #947308).
- Fix CVE-2019-19949: Heap buffer over-read in PNG coder
(Closes: #947309).
- Fix CVE-2020-10251: out-of-bounds read vulnerability for HEIC
coder (Closes: #953741).
- Fix CVE-2020-13902: heap-based buffer over-read for TIFF coder.
* Bug fix: "Updating the imagemagick Uploaders list", thanks to Tobias
Frost (Closes: #962110). Thanks Nelson A. de Oliveira
* Add link in api doc dir to assets javascript library
* Fix a typo in convert man page (Closes: #953279,#947983,#921594).
* Fix a pkgconfig error that pull q16 instead of q16hdri (Closes: #950282).
Checksums-Sha1:
68a071ea73b61b7bc89b4a6a09061076a177fa13 5211 imagemagick_6.9.11.60+dfsg-1ubuntu1.dsc
824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
522f6faefc5450edffe26b81a74441381816fa4c 265424 imagemagick_6.9.11.60+dfsg-1ubuntu1.debian.tar.xz
ab4760e05fcedde0ec17650f6f6ab7a5aaf4a6a2 18388 imagemagick_6.9.11.60+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
dd9b584e1cd7046bde7b272e823c4659cd1859d47acadd470c544ff134deb90a 5211 imagemagick_6.9.11.60+dfsg-1ubuntu1.dsc
472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
ce62a9164baa3758fa28997b74c3e8181153ff70daa5dd134ac6fb0b4e5002b0 265424 imagemagick_6.9.11.60+dfsg-1ubuntu1.debian.tar.xz
8c286f8727db3e2131e0262df736846f81ea5514324aea1a5d617f5fe3fd3333 18388 imagemagick_6.9.11.60+dfsg-1ubuntu1_source.buildinfo
Files:
b82c85ee8a13f1bda3f15c014d7d2232 5211 graphics optional imagemagick_6.9.11.60+dfsg-1ubuntu1.dsc
8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz
5d9f62f2acfe3338d619190d513c79e3 265424 graphics optional imagemagick_6.9.11.60+dfsg-1ubuntu1.debian.tar.xz
2ed40e948ad2db51cf8949fe9fb610df 18388 graphics optional imagemagick_6.9.11.60+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
More information about the Hirsute-changes
mailing list