[ubuntu/zesty-proposed] imagemagick 8:6.9.6.2+dfsg-2ubuntu1 (Accepted)
Nishanth Aravamudan
nish.aravamudan at canonical.com
Mon Nov 28 17:41:14 UTC 2016
imagemagick (8:6.9.6.2+dfsg-2ubuntu1) zesty; urgency=medium
* Merge with Debian unstable (LP: #1645406). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP #711061).
[ Previously undocumented ]
* Drop:
- Add backports of d6054824, 95c8394e and 68c6a7d to
0070-Fix-PixelColor-off-by-one-on-i386.patch (LP #1549942)
which were missed in "PixelColor off by one on i386
(closes #811308)
https://github.com/ImageMagick/ImageMagick/issues/54".
+ Add backport of 54b752c3 to fix color behavior (LP #1549942).
+ Fix backport of d6054824 to include dropped parentheses
(LP #1549942).
+ Drop of backported fixes to d/p/0070-Fix-PixelColor-off-by-one-on-i386.patch
[ Previously undocumented ]
[ Fixed upstream ]
- debian/rules: Use LCQUANTUMDEPTH when generating display-im6.desktop too.
Fixes broken icon in .desktop file. (LP #1558409)
[ Fixed in Debian ]
- SECURITY UPDATE: popen() shell vulnerability
+ d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
+ CVE-2016-5118
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers at ubuntu.com> for verification. ]
- SECURITY UPDATE: ImageTragick remote code execution
+ d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
+ d/p/0077-Remove-PLT-Gnuplot-decoder.patch
+ d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
+ d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
+ d/p/0080-Prevent-indirect-reads-with-label-at.patch
+ d/p/0081-Less-secure-coders-require-explicit-reference.patch
+ debian/rules: build with --with-rsvg.
+ CVE-2016-3714
+ CVE-2016-3716
+ CVE-2016-3718
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers at ubuntu.com> for verification. ]
- debian/README.Debian: explain use of --with-rsvg option.
[ Previously undocumented, dropped ]
- SECURITY UPDATE: multiple security issues
+ debian/patches/*: synchronize large quantity of security fixes with
Debian's 8:6.8.9.9-5+deb8u5 release. Thanks to Bastien Roucariès for
the excellent work this update is based on!
+ CVE-2014-9907, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959,
CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010,
CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690,
CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491,
CVE-2016-6823, CVE-2016-7101, CVE-2016-7513, CVE-2016-7514,
CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518,
CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522,
CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526,
CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530,
CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534,
CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538,
CVE-2016-7539, CVE-2016-7540
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers at ubuntu.com> for verification. ]
- Add backport of a54fe0e8 to fix segmentation faults during
php-imagick tests (LP #1549942).
+ Delete d/p/0076-Fix-segmentation-fault-with-php-imagick.patch
[ previously undocumented ]
[ Fixed upstream ]
Date: Wed, 23 Nov 2016 13:18:57 -0800
Changed-By: Nishanth Aravamudan <nish.aravamudan at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.6.2+dfsg-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 23 Nov 2016 13:18:57 -0800
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-6v6 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.6.2+dfsg-2ubuntu1
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nishanth Aravamudan <nish.aravamudan at canonical.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-6v6 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Launchpad-Bugs-Fixed: 1645406
Changes:
imagemagick (8:6.9.6.2+dfsg-2ubuntu1) zesty; urgency=medium
.
* Merge with Debian unstable (LP: #1645406). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP #711061).
[ Previously undocumented ]
* Drop:
- Add backports of d6054824, 95c8394e and 68c6a7d to
0070-Fix-PixelColor-off-by-one-on-i386.patch (LP #1549942)
which were missed in "PixelColor off by one on i386
(closes #811308)
https://github.com/ImageMagick/ImageMagick/issues/54".
+ Add backport of 54b752c3 to fix color behavior (LP #1549942).
+ Fix backport of d6054824 to include dropped parentheses
(LP #1549942).
+ Drop of backported fixes to d/p/0070-Fix-PixelColor-off-by-one-on-i386.patch
[ Previously undocumented ]
[ Fixed upstream ]
- debian/rules: Use LCQUANTUMDEPTH when generating display-im6.desktop too.
Fixes broken icon in .desktop file. (LP #1558409)
[ Fixed in Debian ]
- SECURITY UPDATE: popen() shell vulnerability
+ d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
+ CVE-2016-5118
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers at ubuntu.com> for verification. ]
- SECURITY UPDATE: ImageTragick remote code execution
+ d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
+ d/p/0077-Remove-PLT-Gnuplot-decoder.patch
+ d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
+ d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
+ d/p/0080-Prevent-indirect-reads-with-label-at.patch
+ d/p/0081-Less-secure-coders-require-explicit-reference.patch
+ debian/rules: build with --with-rsvg.
+ CVE-2016-3714
+ CVE-2016-3716
+ CVE-2016-3718
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers at ubuntu.com> for verification. ]
- debian/README.Debian: explain use of --with-rsvg option.
[ Previously undocumented, dropped ]
- SECURITY UPDATE: multiple security issues
+ debian/patches/*: synchronize large quantity of security fixes with
Debian's 8:6.8.9.9-5+deb8u5 release. Thanks to Bastien Roucariès for
the excellent work this update is based on!
+ CVE-2014-9907, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959,
CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010,
CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690,
CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491,
CVE-2016-6823, CVE-2016-7101, CVE-2016-7513, CVE-2016-7514,
CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518,
CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522,
CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526,
CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530,
CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534,
CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538,
CVE-2016-7539, CVE-2016-7540
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers at ubuntu.com> for verification. ]
- Add backport of a54fe0e8 to fix segmentation faults during
php-imagick tests (LP #1549942).
+ Delete d/p/0076-Fix-segmentation-fault-with-php-imagick.patch
[ previously undocumented ]
[ Fixed upstream ]
Checksums-Sha1:
45517d38f442bb03a2f7630544e6964b55b6aaad 4121 imagemagick_6.9.6.2+dfsg-2ubuntu1.dsc
fa7319a4f23712e55cd539cf6ff0dbdbc0639846 8996652 imagemagick_6.9.6.2+dfsg.orig.tar.xz
bbd308ff7ccda350d2f319b2edce44f39ef79615 208688 imagemagick_6.9.6.2+dfsg-2ubuntu1.debian.tar.xz
Checksums-Sha256:
347cd300fe0162026f507a21b732c46dd0befac0de844b0d7d0185bcfcf9eaa7 4121 imagemagick_6.9.6.2+dfsg-2ubuntu1.dsc
2b82e076ad077385e147856111704f59661eda7b60a5227222a8375158335ec9 8996652 imagemagick_6.9.6.2+dfsg.orig.tar.xz
cd2c064c04c75a74f70c42447694b9157b4f36d3dc811e248a10fa67c393754d 208688 imagemagick_6.9.6.2+dfsg-2ubuntu1.debian.tar.xz
Files:
1d1cf64a6ba14fe9bf4758b46660308d 4121 graphics optional imagemagick_6.9.6.2+dfsg-2ubuntu1.dsc
7e31ceb28b0731012134d3ffc477c64a 8996652 graphics optional imagemagick_6.9.6.2+dfsg.orig.tar.xz
95dc474ca8eb793b01d307eb069a69c1 208688 graphics optional imagemagick_6.9.6.2+dfsg-2ubuntu1.debian.tar.xz
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQE7BAEBCAAlBQJYPGuJHhxuaXNoLmFyYXZhbXVkYW5AY2Fub25pY2FsLmNvbQAK
CRADRGyeZjIE+FIuCACDCZcPVAV5QoVUZkuTSUKBGxuMZZe0i3SIm1tcyR7lCQeI
gkBm9C8snvrXbFWaPp5sodl8wZNzDnpPq48oqNantEewUUI7eHarDkfHZa3mrc0b
awzlx2iZZXoqXsEyDVTt3YhGr+LESDiO7cUiqU/LatsWiNH10yfCniEQ9I7Oy+n9
IdQVyojT87SPWOXT7Pg3xpJjGvIckbI4ZEli7S0KFI0fblrq8kcXDjw80ApJipmt
D+DoQhC0x2zmGmmIb0E3/0q1bU9cbnIJKx+STZUQH28UJPXv+Wxj4phSmsrcc8Rk
GrcTDBPfqtzBedFuqqwlnRmrQpEl7/Qevv3W0VfT
=89Mw
-----END PGP SIGNATURE-----
More information about the Zesty-changes
mailing list