[Pkg-gmagick-im-team] Bug#831034: imagemagick: CVE-2016-5841 CVE-2016-5842
Bastien ROUCARIES
roucaries.bastien+imagemagick at gmail.com
Sun Jul 31 20:24:51 UTC 2016
commit 3b7c0268e5339014f28abd620f4395827abc7ef4
Author: Cristy <urban-warrior at imagemagick.org>
Date: Tue Jun 21 21:13:18 2016 -0400
Improve checking of EXIF profile to prevent integer overflow
This fix CVE-2016-5841 and CVE-2016-5842
bug-debian: https://bug.debian.org/CVE-2016-5842
origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
commit faa64c1ec03fa1aa7ca468ae50c9f8281e6c4b3f
Author: Cristy <urban-warrior at imagemagick.org>
Date: Fri May 13 07:56:18 2016 -0400
Rewrite property with new wrapper
This fix https://github.com/ImageMagick/ImageMagick/issues/198
And it is also needed to apply cleanly CVE-2016-5841 that use
signed/unsigned logic.
Origin:upstream, 08fe978d2de086b90b67631b4d1097becc98f1d5
On Wed, Jul 13, 2016 at 9:53 PM, Salvatore Bonaccorso <carnil at debian.org> wrote:
> Source: imagemagick
> Version: 8:6.8.9.9-7.2
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> the following vulnerabilities were published for imagemagick.
> CVE-2016-5841[0] and CVE-2016-5842[1].
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-5841
> [1] https://security-tracker.debian.org/tracker/CVE-2016-5842
> [2] http://www.openwall.com/lists/oss-security/2016/06/23/1
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
More information about the Pkg-gmagick-im-team
mailing list