[Pkg-gmagick-im-team] imagemagick_6.9.10.14+dfsg-1_source.changes ACCEPTED into unstable

Mon Oct 29 16:50:36 GMT 2018

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 29 Oct 2018 13:13:38 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickcore-6.q16-dev libmagickwand-6.q16-6 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-6 libmagickcore-6.q16hdri-6-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-6 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.10.14+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-6 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-6-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-6.q16hdri-6 - low-level image manipulation library -- quantum depth Q16HDRI
 libmagickcore-6.q16hdri-6-extra - low-level image manipulation library - extra codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-6 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-6 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 907776 910887 910888 910889
Changes:
 imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium
 .
   * New upstream version
   * Fix new privacy breach
   * Fix duplicate files in documentation
   * Fix security bugs:
     + CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of
       coders/msl.c
     + CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the
       coders/bmp.c file can cause a DOS via a crafted bmp file.
     + CVE-2018-18023: A heap-based buffer over-read in the SVGStripString
       function of coders/svg.c, which allows attackers to cause a denial
       of service via a crafted SVG image file.
     + CVE-2018-16645: Fix an excessive memory allocation issue in the functions
       ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c,
       which allows remote attackers to cause a denial of service via
       a crafted image file.
       (Closes: #910889)
     + CVE-2018-16644: Fix a missing check for length in the functions
       ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c,
       which allows remote attackers to cause a denial of service via
       a crafted image.
       (Closes: #910888)
     + CVE-2018-16413: Fix a heap-based buffer over-read in the
       MagickCore/quantum-private.h PushShortPixel function when called
       from the coders/psd.c ParseImageResourceBlocks function.
       (Closes: #910887)
     + CVE-2018-16323: Fix an information disclosure vulnerability that existed
       in ImageMagick when processing XBM images. An attacker could use this
       to expose sensitive information.
       (Closes: #907776)
     + CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c
       ParseImageResourceBlocks function.
     + CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage
       in coders/sgi.c.
     + CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage
       in coders/pdb.c.
     + CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage
       in coders/bgr.c.
     + CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage
       in coders/pcx.c.
Checksums-Sha1:
 972ca44de25be18b0863a731412a8a1bb858138c 5088 imagemagick_6.9.10.14+dfsg-1.dsc
 b89e12b1bb347599a554a0d8956df155bc3e8424 9064460 imagemagick_6.9.10.14+dfsg.orig.tar.xz
 00fd312cce21ed868240aaa98e38b04f3cd3ee2e 220640 imagemagick_6.9.10.14+dfsg-1.debian.tar.xz
 c2af8003036c39e6bcc287c31b5387ee55ab41c7 13028 imagemagick_6.9.10.14+dfsg-1_source.buildinfo
Checksums-Sha256:
 067d2fe88c0a45752ddd4c10abbf8cc378f290e1c72d53c8582896fd36f0f31c 5088 imagemagick_6.9.10.14+dfsg-1.dsc
 20f48004c696eee645c5e468b1ff291ceed2759d9c0ed75eb9e616067cc096fd 9064460 imagemagick_6.9.10.14+dfsg.orig.tar.xz
 9f529960fdca255aa70d120320a1d9db7688c5e3c658b193384b06c2265af97c 220640 imagemagick_6.9.10.14+dfsg-1.debian.tar.xz
 93b5fe1a6162bce2f3a0e053c24126e678fbc160144f19a0aa488c4730f3a3cb 13028 imagemagick_6.9.10.14+dfsg-1_source.buildinfo
Files:
 f465fd83511edb9d141e6ce8f2925e48 5088 graphics optional imagemagick_6.9.10.14+dfsg-1.dsc
 0d020c6128ef3a8bbf4324eda0d550ad 9064460 graphics optional imagemagick_6.9.10.14+dfsg.orig.tar.xz
 0334fca01ab4646eb030bc7c42c756cd 220640 graphics optional imagemagick_6.9.10.14+dfsg-1.debian.tar.xz
 2baf1f1047178cc4688307309220df92 13028 graphics optional imagemagick_6.9.10.14+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlvXOLYACgkQADoaLapB
CF/mag//XEHjTIr1u1zhst4RsdDpNCH5fYfO/NoKQjqzMGdVxF2shg3cIgR8k0cS
3tOI7fbybazecbbni4m2QR83dAO4h9FoeTWKiivlRK9uKggDNu6RnxBfK5Pk5WLz
tUMMOEOxeDIri5IT+csC+bVo+kWH8+iH8oPMp98/QGFP0pysUUTtbmEBpnxyK+OA
MtAWaVXXXcsBa0efjj28j8WSYiIXsYMbmiF1xnpWvZpRI0nntSbAa2IPviaHlwz7
OtfzYVmXz5Ho/9bomzdY7AlNEr4e2nMCIc7iK4lnyoeYwMgaqXfU8uwftMcDFOCg
2QRLIrRYNmVPE3Fr9NYA6BtzVampwUqB6E6PL+5zIN4w08f2YsQIaSstHJep5ofP
MHY3U7RKB/mhsZ+7xVB+ubf0CKOQ55fw+YCorlgq5uT5O4poFpPGful9tM4IW3ot
7SsgPlE6hIyDkVRNejAG7YXaOS2As5xtH2/hVmu42yPjsGhAlgJ901W5QtAniTmV
tra5s+HFGOzklkH50Ocfg2wxuRnWK50FmF2W3KGr1OXh1xU0Mz1Fg85NXan1WGkX
yjBaCFW/q29Vijn2iNOEcSAYz7/mthYC5N40Zg1OJFw9re7dWIcDrwYqdbVC3LIk
n/nbr+javZqJBt7CP+JdApi89Jiksbpzc6uYqczsX/+t8lxWmaI=
=0pvk
-----END PGP SIGNATURE-----

Thank you for your contribution to Debian.