[ubuntu/yakkety-proposed] imagemagick 8:6.8.9.9-7ubuntu7 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Jun 2 13:25:19 UTC 2016 

imagemagick (8:6.8.9.9-7ubuntu7) yakkety; urgency=medium

  * SECURITY UPDATE: ImageTragick remote code execution
    - d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
    - d/p/0077-Remove-PLT-Gnuplot-decoder.patch
    - d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
    - d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
    - d/p/0080-Prevent-indirect-reads-with-label-at.patch
    - d/p/0081-Less-secure-coders-require-explicit-reference.patch
    - debian/rules: build with --with-rsvg.
    - CVE-2016-3714
    - CVE-2016-3715
    - CVE-2016-3716
    - CVE-2016-3717
    - CVE-2016-3718
  * SECURITY UPDATE: popen() shell vulnerability
    - d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
    - CVE-2016-5118

Date: Thu, 02 Jun 2016 08:46:43 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu7
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 02 Jun 2016 08:46:43 -0400
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5v5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
Architecture: source
Version: 8:6.8.9.9-7ubuntu7
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-5v5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development files
 perlmagick - Perl interface to ImageMagick -- transition package
Changes:
 imagemagick (8:6.8.9.9-7ubuntu7) yakkety; urgency=medium
 .
   * SECURITY UPDATE: ImageTragick remote code execution
     - d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
     - d/p/0077-Remove-PLT-Gnuplot-decoder.patch
     - d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
     - d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
     - d/p/0080-Prevent-indirect-reads-with-label-at.patch
     - d/p/0081-Less-secure-coders-require-explicit-reference.patch
     - debian/rules: build with --with-rsvg.
     - CVE-2016-3714
     - CVE-2016-3715
     - CVE-2016-3716
     - CVE-2016-3717
     - CVE-2016-3718
   * SECURITY UPDATE: popen() shell vulnerability
     - d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
     - CVE-2016-5118
Checksums-Sha1:
 caca782f62dfbaacc12ec60e69690ff52582d35e 4311 imagemagick_6.8.9.9-7ubuntu7.dsc
 556bfce0cc9adb2b417444ba92f1ce0ff83dcb69 209520 imagemagick_6.8.9.9-7ubuntu7.debian.tar.xz
Checksums-Sha256:
 0b2e4bddf86ae74b4f4e53eb611f61c356130632186457d414f385d9668ca8c8 4311 imagemagick_6.8.9.9-7ubuntu7.dsc
 c8a4615306613ace8d9ab7055709aa6d37a910910686a2863401b7c8a61e5bf7 209520 imagemagick_6.8.9.9-7ubuntu7.debian.tar.xz
Files:
 d885bb87e630634f27ff2c94a8d720c7 4311 graphics optional imagemagick_6.8.9.9-7ubuntu7.dsc
 568ec45fd18d3757af35b81b4ff004b1 209520 graphics optional imagemagick_6.8.9.9-7ubuntu7.debian.tar.xz
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXUDHwAAoJEGVp2FWnRL6TEVoQAJVaGAF7ep08yJA6nE2M/+qj
5ugmjGVVcSnxonkOf4+sJz1IOviFKZ9KmoWY6+PlhfgLU4P7TIR7utMOfEQp1Kog
FJOj89USffo7rJe/uzy7uJ411huQFy6d2yNOZr84TKEzbCkE8KPgFA8MfXAKpObD
ZUTF22bLwqoohXoJQfpeK69cBLqAZVJjAU4kwHNLbXyIY76V5Ri5npMm9CvV1oI3
/2EaRohLzDPp0Wawl6g7UDXoiTTTIkCPVdWq07OfI/Jx5k3/iSKBM3ijL+y6XTNg
xtkmN4/6KRrzjfeIWLtpkHxxtD98bjIT18HBouq1KQZtQyXbf+UZhLy8w1uOxMHJ
dJyf8SIJQg5McQCX3UIqNYYlE9BihaO/ksdep3PpRfiCdVBUluDf5sY05iW1xsJL
WxSSHZlyKbjNC1LKmSIorBp2a7ClU0rZA5UqI6+GESY/kGHs1hTVvfx8Pn6xc3OE
72z8AtkkkxHXVgsu2O2ScDdgP4ZlDhIeFhJIMiFpioEw//T0qmgCakDx/wbh8ys5
srJ1RO7NAp9bPUHVsY4yk2FCz1kC9gfyMrHEZoQlqLTQXRe7/YV0KRiE7EeLc534
p5pjejWVIhplL+WCSIWgLTqVsZJe2JTVOCT+5Tz0ss8byHZgF97F0Kd/semCTU+E
RLcdS8XAY5Ivt7A1XNOm
=Hola
-----END PGP SIGNATURE-----

More information about the Yakkety-changes mailing list