[Pkg-gmagick-im-team] imagemagick_6.9.11.60+dfsg-1.5_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sun Feb 5 03:19:26 GMT 2023 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 04 Feb 2023 21:50:44 -0500
Source: imagemagick
Built-For-Profiles: noudeb
Architecture: source
Version: 8:6.9.11.60+dfsg-1.5
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Closes: 996588 1013282 1016442
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.5) unstable; urgency=high
 .
   * Non-maintainer upload
 .
   [ Nishit Majithia ]
   * SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
     remote attacker to cause a denial of service via a crafted image file
     - debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
       to fix division by zeros in coders/jp2.c
     - debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
       to fix division by zeros in magick/resize.c
     - debian/patches/CVE-2021-20244.patch: Avoid division by zero in
       magick/fx.c
     - debian/patches/CVE-2021-20245.patch: Avoid division by zero in
       oders/webp.c
     - debian/patches/CVE-2021-20246.patch: Avoid division by zero in
       magick/resample.c
     - debian/patches/CVE-2021-20309.patch: Avoid division by zero in
       magick/fx.c
     - CVE-2021-20241
     - CVE-2021-20243
     - CVE-2021-20244
     - CVE-2021-20245
     - CVE-2021-20246
     - CVE-2021-20309
   * SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
     imagemagick allow a remote attacker to cause a denial of service or
     possible leak of cryptographic information via a crafted image file
     - debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
       coders/thumbnail.c, division by zero in magick/colorspace.c and
       a potential cipher leak in magick/memory.c
     - CVE-2021-20312
     - CVE-2021-20313
   * SECURITY UPDATE: memory leaks when executing convert command
     - debian/patches/CVE-2021-3574.patch: fix memory leaks
     - CVE-2021-3574
   * SECURITY UPDATE: Security Issue when Configuring the ImageMagick
     Security Policy
     - debian/patches/CVE-2021-39212.patch: Added missing policy checks in
       RegisterStaticModules
     - CVE-2021-39212 (Closes: #996588)
   * SECURITY UPDATE: DoS while processing crafted SVG files
     - debian/patches/CVE-2021-4219.patch: fix denial of service
     - CVE-2021-4219
   * SECURITY UPDATE: use-after-free in magick
     - debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
       dcm.c
     - CVE-2022-1114
   * SECURITY UPDATE: heap-based buffer overflow
     - debian/patches/CVE-2022-28463.patch: fix buffer overflow
     - CVE-2022-28463 (Closes: #1013282)
   * SECURITY UPDATE: out-of-range value
     - debian/patches/CVE-2022-32545.patch: addresses the possibility for the
       use of a value that falls outside the range of an unsigned char in
       coders/psd.c.
     - debian/patches/CVE-2022-32546.patch: addresses the possibility for the
       use of a value that falls outside the range of an unsigned long in
       coders/pcl.c.
     - CVE-2022-32545
     - CVE-2022-32546
   * SECURITY UPDATE: load of misaligned address
     - debian/patches/CVE-2022-32547.patch: addresses the potential for the
       loading of misaligned addresses in magick/property.c.
     - CVE-2022-32547 (Closes: #1016442)
Checksums-Sha1:
 774a622aac13d85ee40aa7bdd9a5747f4ce1d794 5074 imagemagick_6.9.11.60+dfsg-1.5.dsc
 eb27a7b499b7935ad6d16d4c2d3577a6a136b85d 253360 imagemagick_6.9.11.60+dfsg-1.5.debian.tar.xz
 e2bc98426317bb083b9c446091bb60f773cad3c6 12231 imagemagick_6.9.11.60+dfsg-1.5_source.buildinfo
Checksums-Sha256:
 21e3a4ede229ca2ebfc68cbad9ace30238d95a105e8f7ecc47d3dbfc703b408f 5074 imagemagick_6.9.11.60+dfsg-1.5.dsc
 77c786e41d5922e9a13cd468342bf0896f4c7a3ba1c5873a456c0243c699ec83 253360 imagemagick_6.9.11.60+dfsg-1.5.debian.tar.xz
 1eaf9d509de13949e1f44a12fed345249d82f4b84bb1d8cfe6dd704093d824f4 12231 imagemagick_6.9.11.60+dfsg-1.5_source.buildinfo
Files:
 fbdfaeb34e63687288318e88bbf64e00 5074 graphics optional imagemagick_6.9.11.60+dfsg-1.5.dsc
 31476348d2e8c55c79eb6f32afbb1b02 253360 graphics optional imagemagick_6.9.11.60+dfsg-1.5.debian.tar.xz
 c71833158c41a60645a13c70cb9ee394 12231 graphics optional imagemagick_6.9.11.60+dfsg-1.5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmPfHTQACgkQ5mx3Wuv+
bH2AnhAApT+dv/e9eiiMQ6MBxqFnumv32jLyNjUJiBeKoD0VObKi7YGe06eLJ6mN
DX1IvP7qxEflvU0fwb48DIJdVQdizpGpTVJ5p1HDLEhuA8QgU/kgfrUfbcJLKBIL
tb+W06O/UISnm76pNcw1fgklqKkpsiZSPwjG1ITLYbgHW1H0W73ACyy49UKKn/9q
puoGlZj1m33q2Tk9uGL6sAKAFlVg7KTGfALHLvWm0AXV3kNoixDQ4AibLFXaDmSN
w1+LEaigjg/VTM6y/wl7rvcp1jRZe1X6a+pUdz08j30AG4K8LvI1dhpxEGFoMXWA
ZW9N6jL4BpEcy3kwCaYSDWTngwkqJlWgCZi1HEwTC5pAJLkkfMSzWxyW04ytKEkS
qmn6CsZjiT48Ok2+iUTYmqMcbVh9OAclhF9JxWRSus2rbLIjKfe/gwVdM35YAMNH
iOVp1bsl+T0ofd9xpe/QPwYHv5myJU7i9ikonEozknsGtvOXp0ev1bOftNIk9RhE
9ikdGJlHhwwaVnzyPfFmBccTCoYWVFTuIspyZ3dYNytPva6sdg9yxHkvnKB5NzhU
WBU1hGmO6umNyE8S8l6qr8rYt3aUe2sSPQJJJHZcv7bU9pImjI1fOqOsS50j6jGu
nTyYOEIfsuZJcWQjoExnQC2zdnyEB4HWS9Aydr5bxm6gJBDbSxk=
=AMAC
-----END PGP SIGNATURE-----

More information about the Pkg-gmagick-im-team mailing list