[Pkg-gmagick-im-team] imagemagick vulnerabilities in testing
Hugo Lefeuvre
hle at debian.org
Tue Aug 13 13:58:51 BST 2019
Dear ImageMagick maintainers,
I have prepared a jessie update addressing some of the recent
vulnerabilities reported for imagemagick:
imagemagick (8:6.8.9.9-5+deb8u17) jessie-security; urgency=medium
* Non-maintainer upload by the LTS Security Team.
* CVE-2019-13304, CVE-2019-13305, CVE-2019-13306: multiple stack-based
buffer overflows up to 10 bytes in WritePNMImage (coders/pnm.c) (Closes: #931449).
* CVE-2019-12974: NULL pointer dereference in ReadPANGOImage and
ReadVIDImage (coders/pango.c and coders/vid.c) (Closes: #931196).
* CVE-2019-13135: use of uninitialized value in ReadCUTImage
(coders/cut.c) (Closes: #932079).
* CVE-2019-13295, CVE-2019-13297: heap-based buffer over-reads in
AdaptiveThresholdImage (magick/threshold.c) (Closes: #931457).
* CVE-2019-13391, CVE-2019-13308: heap-based buffer overflows in
ComplexImage (magick/fourier.c) (Closes: #931447).
-- Hugo Lefeuvre <hle at debian.org> Tue, 13 Aug 2019 10:20:30 +0200
I will coordinate with the security team for stretch and buster.
Are you planning to address these issues in testing? Is there anything I
can do to help?
cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20190813/36e960fe/attachment.sig>
More information about the Pkg-gmagick-im-team
mailing list