[Pkg-gmagick-im-team] imagemagick_6.9.7.4+dfsg-15_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Jul 29 23:04:10 UTC 2017
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Jul 2017 17:14:38 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-15
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 870047 870065 870067 870105 870106 870107 870108 870109 870111 870115 870116 870117 870118 870119 870120
Changes:
imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high
.
* Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3",
thanks to Adrian Bunk and Gianfranco Costamagna
(Closes: #870047).
* Security fixes:
+ CVE-2017-11639
When ImageMagick processes a crafted file in convert,
it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c,
related to the GetPixelLuma function
in MagickCore/pixel-accessor.h.
(Closes: #870065).
+ CVE-2017-11640
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
(Closes: #870067)
+ Validate png file.
Detect corrupted png early and avoid a crash
(Closes: #870105)
+ Heap buffer overflow in ReadOneMNGImage
A crafted file will cause x_off[i] out-of-bound operation vulnerability.
(Closes: #870106)
+ memory exhaustion in ReadOneJNGImage in png.c
When identify JNG file that contains chunk data, imagemagick will
allocate memory to store the chunk data in function ReadOneJNGImage
Due to a lack of valition, memory is not limited for corrupted files.
(Closes: #870107)
+ memory leak in ReadOneJNGImage #550
A crafted file could trigger a memory leak
(Closes: #870108)
+ out-of-bounds read with the MNG CLIP chunk.
(Closes: #870109)
+ coders/png.c: Memory leak Fixed Issue 600
(Closes: #870116)
+ memory leak in ReadOneJNGImage (upstream 602)
Fix a leak triggered by a corrupted file
(Closes: #870115)
+ Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT
Some version of libpng need serialization for error recovery of hard lock
Could be triggered by a corrupted file
(Closes: #870111)
+ memory leak in ReadOneMNGImage #619
A memory leak vulnerability was found in function ReadOneMNGImage,
which allow attackers to cause a denial of service (memory leak) via
a crafted file.
(Closes: #870117)
+ memory leak in ReadOneJNGImage #618
Triggered by a corrupted file
(Closes: #870118)
+ bad free in RelinquishMagickMemory
(Closes: #870119)
+ CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage
(Closes: #870120)
Checksums-Sha1:
e4470dc13e08044a41ae849db3ca6fb729a1f43e 5137 imagemagick_6.9.7.4+dfsg-15.dsc
8559e418b654908ef3185d39de794abb2fc78265 248828 imagemagick_6.9.7.4+dfsg-15.debian.tar.xz
b2062aa91e3b102960cd268ff286e8f639b1f95e 12823 imagemagick_6.9.7.4+dfsg-15_source.buildinfo
Checksums-Sha256:
8ca618e974bafa89ea30fd2da64c3b0e90b18152342ef96d561e9922a0bd3ead 5137 imagemagick_6.9.7.4+dfsg-15.dsc
a575c3e343a19e6f5e42cd9a9d56a676dfd2d28c7305b884f18fa73e5d1a5139 248828 imagemagick_6.9.7.4+dfsg-15.debian.tar.xz
0f30cc857cef1b311e4776a03a63308d3c38e863b791b411c6204fbf6d98675c 12823 imagemagick_6.9.7.4+dfsg-15_source.buildinfo
Files:
8e27fdd2bbf1babbae525b8ad888ecbd 5137 graphics optional imagemagick_6.9.7.4+dfsg-15.dsc
6f54da3b7e01cef045f5f2158e18ba69 248828 graphics optional imagemagick_6.9.7.4+dfsg-15.debian.tar.xz
a8068f184b323efc24f249e550ec4285 12823 graphics optional imagemagick_6.9.7.4+dfsg-15_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAll9EN4ACgkQADoaLapB
CF8kEA/+LJzRSxbJtd3eYTZ6rF0LvraLAbNHgtmwAye26v+p7fKcLDtAVY0OOLx7
apTM2T67ex6w0JZg1PQTpdSAKkZlJpX4aW5hWe1FTeYnNm+m47YQoB7biBIN9ZoM
D+QGMHctt+UYKHLf/MWYJOozQQH7DZb8k2uQlJkvWDqhNpDHygRb83U6GFF+qwku
/yIeEaaSv0EDz4O3oFcc5cdKI0sMxF8NNIv2W3bvM8P4sWlkjnJaWESjhOwf+bPO
1Lqrda2HjhV79wVdv6pFf2f3fOE+4KRWjc1b8/qy9n8H65aZU1dzSdsUWLdMYbOb
G/lAbXAO59m8n64WC0PfooVRzUKCu+A+YW8nZbXFZB53fvJ5MpWre7jGHG/Lz9ja
S/d7V2oTQKOK/q+fCQiqr7Pl3KMYOUpj0dBAKJ2aRRNo3l7BuSoqLeoIMt4E9EmW
nwUZ/QMemem/jktH9JP88Xn/6/sD/IztmSDpMRG6B/+U+/bSbxY7mb7QMiUb8aam
31uVxFmqLJufjxU/xxDjDJrpJKH3QH8iX4CF1OnoSt9Ceyg8BN/a+rzhw/8I4ko6
IMKDEVUwTy1cmPpDIduS/VX+jJR1BVlRSVRe9Jmb3oFo+dGll9y1z4l6cMkH1H8X
NELGNEwv64n33N1L9BBzPHf/6QYIov9YiM/USO4gSqTwX2hu75k=
=SGwE
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-gmagick-im-team
mailing list