[Pkg-gmagick-im-team] imagemagick_6.8.9.9-5+deb8u10_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Tue Jul 18 22:08:00 UTC 2017 

Mapping oldstable-security to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 15 Jul 2017 10:32:14 +0200
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 863126 863833 863834 864087 864089 864273 864274 867367 867721 867778 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897 868184 868264
Changes:
 imagemagick (8:6.8.9.9-5+deb8u10) jessie-security; urgency=high
 .
   * Fix security bugs:
     +  Previous CVE-2017-9144 fix was incomplete.
        A crafted RLE image can trigger a crash because of incorrect
        EOF handling in coders/rle.c
        (Closes: #863126)
     +  CVE-2017-10928:
        A heap-based buffer over-read in the GetNextToken
        function in token.c allows remote attackers to obtain
        sensitive information from process memory or possibly have
        unspecified other impact via a crafted SVG document
        that is mishandled in the GetUserSpaceCoordinateValue
        function in coders/svg.c.
        (Closes: #867367).
      + CVE-2017-9500:
        An assertion failure was found in the function
        ResetImageProfileIterator, which allows attackers to cause
        a denial of service via a crafted file.
        (Closes: #867778).
      + CVE-2017-9501:
        An assertion failure was found in the function LockSemaphoreInfo,
        which allows attackers to cause a denial of service via a crafted
        file.
        (Closes: #867721).
      + CVE-2017-9440:
        A memory leak was found in the function ReadPSDChannel
        in coders/psd.c, which allows attackers to cause a denial
        of service via a crafted file.
        (Closes: 864273).
      + CVE-2017-9439:
        A memory leak was found in the function ReadPDBImage in
        coders/pdb.c, which allows attackers to cause a denial of
        service via a crafted file.
        (Closes: #864274).
      + CVE-2017-11188: CPU exhaustion in ReadDPXImage
        Because dpx.file.image_offset is a unsigned int, it can be controlled
        as large as 4294967295.
        This will cause ImageMagick spend a lot of time to process a crafted
        DPX imagefile, even if the imagefile is very small.
        (Closes: #867806)
      + CVE-2017-11141: memory exhaustion in ReadMATImage
        When identify MAT file, imagemagick will allocate memory to store data
        in function ReadMATImage.
        Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
        a anysize amount of memory, this may cause a memory exhaustion
        (Closes: #868264)
      + CVE-2017-11170: memory exhaustion in ReadTGAImage
        When identify VST file, imagemagick will allocate memory to store
        data in function ReadTGAImage in coders/tga.c
        using tga_info.bits_per_pixel field diretly from VST file without
        checking in tga.c
        By review the founction code, tga_info.bits_per_pixel max valid
        value is 32.
        On 32bit os, size_t one will be 32bit, so image->colors can be
        overflow to 0.
        On 64bit os, size_t one will be 64bit, so image->colors
        can be large as 0x100000000(64GB).
        (Closes: #868184)
      + Memory exhaustion in ReadCINImage
        When identify CIN file that contains User defined data,
        imagemagick will allocate memory to store the
        data in function ReadCINImage in coders\inc.c
        There is a security checking in the function SetImageExtent,
        but it after memory allocation, so IM can not control the memory usage
        (Closes: #867810)
      + CPU exhaustion in ReadRLEImage
        A corrupted rle file could trigger a DOS
        (Closes: #867808)
      + Memory leak in ReadDIBImage in dib.c
        The ReadDIBImage function in dib.c allows attackers
        to cause a denial of service (memory leak)
        via a small crafted dib file.
        (Closes: #867811)
      + Memory exhaustion in ReadDPXImage in dpx.c
        When identify DPX file that contains user header data,
        imagemagick will allocate memory to store the data in function
        ReadDPXImage in coders\dpx.c
        There is a security checking in the function SetImageExtent,
        but it is too late, so IM can not control the memory usage.
        (Closes: #867812)
      + Enable heap overflow check for stdin for mpc files
        Enabling seekable streams is required to ensure checking
        the blob size works when an image is streamed on stdin.
        (Closes: #867896)
      + Assertion failure in WriteBlob
        A crafted file revealed an assertion failure in blob.c.
        (Closes: #867798)
      + Memory exhaustion in ReadEPTImage in ept.c
        When identify EPT file , imagemagick will allocate memory
        to store the data.
        There is a security checking in the function SetImageExtent,
        but it is not used in the allocation function,
        so IM can not control the memory usage.
        (Closes: #867821)
      + CPU exhaustion in ReadOneJNGImage
        Due to lack of validation of PNG format, imagemagick could loop
        2^32 in a CPU intensive loop.
        (Closes:  #867824, #867825).
      + CPU exhaustion in ReadOneDJVUImag
        Due to lack of format validation, a crafted file will cause a
        loop to run endless.
        (Closes: #867826).
      + Zero pixel buffer
        Avoid a data leak in case of incorrect file by clearing a buffer
        (Closes: #867893).
      + memory leak in ReadMATImage in mat.c
        The ReadMATImage function in mat.c allows attackers to cause a
        denial of service (memory leak) via a small crafted mat file.
        (Closes: #867823).
      + Avoid heap based overflow for jpeg
        A corrupted jpeg file could trigger an heap overflow
        (Closes: #867894).
      + Fix a memory leak in screenshot coder
        (Closes: #867897)
      + CVE-2017-9409: Memory leak in the icon file coder.
       (Closes: #864087)
      + CVE-2017-9407: the ReadPALMImage function in palm.c
        allows attackers to cause a denial of service (memory leak)
        via a crafted file. (Closes: #864089).
      + CVE-2017-9409: the ReadMPCImage function in mpc.c
        allows attackers to cause a denial of service (memory leak)
     + CVE-2017-9262: Memory leak in the ReadJNGImage function
       (Closes: #863834).
     + CVE-2017-9261: Memory leak in the ReadMNGImage function
       (Closes: #863833).
Checksums-Sha1:
 4d7e2fd3f9f406340bef41dc46e5b772187df970 4228 imagemagick_6.8.9.9-5+deb8u10.dsc
 af671e2222e4ae1e81fa8e2fd123337f24d61484 286116 imagemagick_6.8.9.9-5+deb8u10.debian.tar.xz
 e6cdcaa4d1ddebe5e7966b5d84e6a28fe4f0b7de 153774 imagemagick-common_6.8.9.9-5+deb8u10_all.deb
 c6f6dd7ffd27565f4b14f6a0c44a7fd78fa0605e 7540908 imagemagick-doc_6.8.9.9-5+deb8u10_all.deb
 a15ab11982ba093dc9325687ba49120389c29cc7 172196 libmagickcore-6-headers_6.8.9.9-5+deb8u10_all.deb
 188a7e77f7c190a5bebe2d93afeedd1581927ec2 134380 libmagickwand-6-headers_6.8.9.9-5+deb8u10_all.deb
 19e3d9fd29ed103c63e55438f7b20e30d21fb026 170900 libmagick++-6-headers_6.8.9.9-5+deb8u10_all.deb
 2376f6674301f91de5f2ea5c408e605995e0dc6f 159152 imagemagick_6.8.9.9-5+deb8u10_amd64.deb
 058865a96ffe0c44d9bc6ae37d3e8ade706d4c15 178348 libimage-magick-perl_6.8.9.9-5+deb8u10_all.deb
 4a2d4e076094fab96d2f3d1fcb23cb7af24ffdc8 133166 libmagickcore-6-arch-config_6.8.9.9-5+deb8u10_amd64.deb
 f66ccb36ef0132b5d2205a4d53d38795b94bf3bf 512374 imagemagick-6.q16_6.8.9.9-5+deb8u10_amd64.deb
 553328974c23ce528a69646564861888af77ea9e 1694626 libmagickcore-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb
 fe4a2ebcf2587a289e99c99d68716b6f508a55b5 174634 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u10_amd64.deb
 e51b3fb83e02cf8e2dc837b9c339176b5d1b76c4 1030982 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 a70702db86cf993f7dafe9118b19db0ce9e68944 408584 libmagickwand-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb
 31869e7df68386feaf43602bf4adaeebf48d8d0f 395078 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 f6cdb0e755267047d2839414be6c4ab1ed502a5a 258032 libmagick++-6.q16-5_6.8.9.9-5+deb8u10_amd64.deb
 685ecdc2955c7cabb3f2dff8cb99001606f23aa3 226460 libmagick++-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 068c5cb5596004842fc9f0eaa7e64dfda09b0566 5008100 imagemagick-dbg_6.8.9.9-5+deb8u10_amd64.deb
 b45b44c92eb6eb7b66ffc587d540034d51a6b2e5 225510 libimage-magick-q16-perl_6.8.9.9-5+deb8u10_amd64.deb
 a00953994a916f2f644f73667acaf59efb6c8735 125618 perlmagick_6.8.9.9-5+deb8u10_all.deb
 19a09f1326c1927444d67f4693fb06206a74e672 125596 libmagickcore-dev_6.8.9.9-5+deb8u10_all.deb
 df509b2e174f4738a671710698d70dcb9e72ac9e 125578 libmagickwand-dev_6.8.9.9-5+deb8u10_all.deb
 7ed630d1b92a941a737741637f2c469d4b2de9f5 125616 libmagick++-dev_6.8.9.9-5+deb8u10_all.deb
Checksums-Sha256:
 96bae3c6468f12c6292e99e8e8fdb5e0ed66e58843b803e52bcbaf13a3dc715b 4228 imagemagick_6.8.9.9-5+deb8u10.dsc
 a9664cde38586f09a7d29718136c5a083fc0b854ca862d7cbd5b6151a5009452 286116 imagemagick_6.8.9.9-5+deb8u10.debian.tar.xz
 5ef9d535456ad694da8d96283cc4fcc9c48696e9d6283013933febe1904c8d64 153774 imagemagick-common_6.8.9.9-5+deb8u10_all.deb
 835016a77d78d1d43ea9837a425f3441a7f2bcfa5d2c081cded5a2f4cf5809d2 7540908 imagemagick-doc_6.8.9.9-5+deb8u10_all.deb
 cd9343aace86cb0c31633e9e57cc215861dc95e7b76b9c6dba88530387a79931 172196 libmagickcore-6-headers_6.8.9.9-5+deb8u10_all.deb
 1e6fb9990a8d2048f15e73efb99f85aaf288c41af724418e23ca9d9d5f78b50a 134380 libmagickwand-6-headers_6.8.9.9-5+deb8u10_all.deb
 cc861f9a977dbecaed4ba21f8a2efdb80e5719c2d75ad7bb95cefb2961527a27 170900 libmagick++-6-headers_6.8.9.9-5+deb8u10_all.deb
 c3e137e214a3768e11ec50f08ae619c791eb7f3d90bb915d588a94a6c02b3b18 159152 imagemagick_6.8.9.9-5+deb8u10_amd64.deb
 191663bd5092daec3eaf761c250b06dc8675de9004aaad0191bb27e968e79d9f 178348 libimage-magick-perl_6.8.9.9-5+deb8u10_all.deb
 cd46382d6c542195b55bc47b6994f8b595ad9d24e34035b3de9d1e99d2cd0018 133166 libmagickcore-6-arch-config_6.8.9.9-5+deb8u10_amd64.deb
 542c6ecc894707912571a80ddb3de5e2a45c7ea0140fc451fa0cd0419d09acf2 512374 imagemagick-6.q16_6.8.9.9-5+deb8u10_amd64.deb
 b9b92e94358936719a1636c5a2eec4af9db9354308b78f27a9cd8e93d359dfe1 1694626 libmagickcore-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb
 dd5ff57c8db1a7ebf55b3282ce171c84bb6e6d3a02dd2d73186e673a386cacce 174634 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u10_amd64.deb
 c8319977a694d4f57cee1fc4c3838090e0ca3fde86107d7d444ea3211c5b2640 1030982 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 421507760d600db21afd375518b6e5b7426b4838f76a4a9eef6e1bd70e753175 408584 libmagickwand-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb
 76aaf04e659f190df3bd341c6b85308ba30aaa8c78a60e9b0bde2720e69933e8 395078 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 62d3b4eb81a815ff81d39120320b49bfd6e03f0fb8c79ab1f09f99e49166a403 258032 libmagick++-6.q16-5_6.8.9.9-5+deb8u10_amd64.deb
 c7734a68a676b8f2e2b79f48095f1f20ad8336496f51f809231774e63864df03 226460 libmagick++-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 9629473d61fd2b6e00747b23ad8e029ddf82238ffe8ab237ff8e1971a9b4d3a3 5008100 imagemagick-dbg_6.8.9.9-5+deb8u10_amd64.deb
 46429aa5006ac10f8f40e64ecee046e6407b1f350692faae458b1ede4e0aeccb 225510 libimage-magick-q16-perl_6.8.9.9-5+deb8u10_amd64.deb
 a42b0a2c7522b1083bc4dedd081586fc9256fe6a38ad5f802ca9296a78463d35 125618 perlmagick_6.8.9.9-5+deb8u10_all.deb
 14f0ea43f35cc12118981204fd85744d946f4cec550b23f8c8a4e40c64344faf 125596 libmagickcore-dev_6.8.9.9-5+deb8u10_all.deb
 acdde295cc6e5cca179d4d405533cfcd23b86eae70e9f22c86b5f43d76af54bf 125578 libmagickwand-dev_6.8.9.9-5+deb8u10_all.deb
 b7479e495a39c0abe53f8435942c0312cbda0212d44f135adb34a578150a219d 125616 libmagick++-dev_6.8.9.9-5+deb8u10_all.deb
Files:
 5c1680233ae03afb61357c3cccc6a028 4228 graphics optional imagemagick_6.8.9.9-5+deb8u10.dsc
 6189d10459b09bb1972dbb39b44c8504 286116 graphics optional imagemagick_6.8.9.9-5+deb8u10.debian.tar.xz
 551df7dea8818440a13878813b656bde 153774 graphics optional imagemagick-common_6.8.9.9-5+deb8u10_all.deb
 a576f5f7101ecbf273b268cedc827303 7540908 doc optional imagemagick-doc_6.8.9.9-5+deb8u10_all.deb
 7133747a303d503819364cae3cbda231 172196 libdevel optional libmagickcore-6-headers_6.8.9.9-5+deb8u10_all.deb
 bf8b4e7083adf9de892233eb0b2119cd 134380 libdevel optional libmagickwand-6-headers_6.8.9.9-5+deb8u10_all.deb
 1d75fdd5b5ad0f37c97bd1438e32eaa4 170900 libdevel optional libmagick++-6-headers_6.8.9.9-5+deb8u10_all.deb
 4018e9a35f9a515cef47d1361c690164 159152 graphics optional imagemagick_6.8.9.9-5+deb8u10_amd64.deb
 ee7f75805149f803e8acc0aa7b916871 178348 perl optional libimage-magick-perl_6.8.9.9-5+deb8u10_all.deb
 342f1066c6417197a769e959648597f7 133166 libdevel optional libmagickcore-6-arch-config_6.8.9.9-5+deb8u10_amd64.deb
 229954fc4308fd6d51358a466fb0fe66 512374 graphics optional imagemagick-6.q16_6.8.9.9-5+deb8u10_amd64.deb
 b1c198135aeffe26f8fe999d35170a15 1694626 libs optional libmagickcore-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb
 6d48dda59776c72a97e367e8807b44bd 174634 libs optional libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u10_amd64.deb
 70c8d5de314ad513ba0fe3e607a5c00a 1030982 libdevel optional libmagickcore-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 ec4110b01b057c5386b4bd5467d86ecf 408584 libs optional libmagickwand-6.q16-2_6.8.9.9-5+deb8u10_amd64.deb
 bc4befc57e4b370f8eb935abd3c410ab 395078 libdevel optional libmagickwand-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 7827eed27b4c8749475f2fbf01dc1fc6 258032 libs optional libmagick++-6.q16-5_6.8.9.9-5+deb8u10_amd64.deb
 93a6963d35969f70684ae79f1d72e99a 226460 libdevel optional libmagick++-6.q16-dev_6.8.9.9-5+deb8u10_amd64.deb
 12e1d79bbc925712f4814e25e6a8b809 5008100 debug extra imagemagick-dbg_6.8.9.9-5+deb8u10_amd64.deb
 953ded06e35c24f5d7f9b7e5f4261cc3 225510 perl optional libimage-magick-q16-perl_6.8.9.9-5+deb8u10_amd64.deb
 bcca745e2c40213e754862aa3c1c1bb1 125618 oldlibs extra perlmagick_6.8.9.9-5+deb8u10_all.deb
 bf9b70e3cb32c75847ff7f2a79496c99 125596 oldlibs extra libmagickcore-dev_6.8.9.9-5+deb8u10_all.deb
 a04b5ea9eda6eb010a5626cd8c332e52 125578 oldlibs extra libmagickwand-dev_6.8.9.9-5+deb8u10_all.deb
 0aee6e72dd63cb37fe68760f266026e0 125616 oldlibs extra libmagick++-dev_6.8.9.9-5+deb8u10_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAllqEncACgkQADoaLapB
CF+zFg//dExDlccMWTQuZP0c+Igp6KNsthyBXhGr1abaoE4fv4BNCJBjO2OxAXpe
tsrkeBk8F93EqBfMLXvkVH9NXjtz8sOk7YjKQUlq9MvBeV81GSsSxuE8TVsnEMFk
zyC5zs+cncBLFzimuWuWIRK9m8dPEbLfX7qNw10QcjWXMNISzLbb8LuxwJ/of9DZ
40YLn/XIfv8HPZegaCvMkuRYamfPA8lr82QutsHKb0tIlxxZxxKLdAhp/qhGDhF6
cKhkjMfmpGDRqmjowZoSx4q4Gl49NCwqnTeYKuhm5uMhWMy+nExJIth0bRLYrqK6
olSuiUD3q97LiGy3plmNCi2kRV1IT4jUshGQFrHQBU5LgcLMwzwI9THvhwN8vklL
tNS2DxNQVZIR8u0aQZmpMib8DG+m2WrIu9kbRAbO5Uy0yTQoD0cQ5HtPS1M9AHOi
N0f5tGjH1cmk6h72DBTcy7SINqw1lbm4y9533fSpRQ/cIwvueeHgg7q1dzPt4qjn
g2xIgf5WOdRyNoeG2ymT4KohyRjbAzfiFyR/UntvM2Jp3eU/98+zQMDgTdeRE8CY
Qef4ZoxPcYanS4ktxrxKWnnhNiJTjCBCOFRQNVa1AjHY/8Q8UCs3tIt6IGaWp2n4
gKXudBnt/xqPpJxoo17ZONW+5X/62LL0sgOXUsKuPWLT8y7KLlo=
=h68p
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Pkg-gmagick-im-team mailing list