Accepted imagemagick 8:6.7.7.10-5+deb7u5 (source i386 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 23 May 2016 10:23:44 +1000
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source i386 all
Version: 8:6.7.7.10-5+deb7u5
Distribution: wheezy-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Brian May <bam@debian.org>
Description:
imagemagick - image manipulation programs
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
libmagick++5 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore5 - low-level image manipulation library
libmagickcore5-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand5 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 823542
Changes:
imagemagick (8:6.7.7.10-5+deb7u5) wheezy-security; urgency=high
.
* Non-maintainer upload by the Debian LTS Team.
* ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT,
SHOW, WIN, and PLT are disabled via policy.xml file, since they are
vulnerable to code injection. This mitigates CVE-2016-3714,
CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718.
Since ImageMagick reverts to its internal SVG renderer (which uses
MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg
is included. Closes: 823542. In addition, some other actions were
taken with respect to these vulnerabilities:
- Drop the PLT/Gnuplot decoder, which was vulnerable to command
injection.
- Some sanitization for input filenames in http/https delegates is
added.
- Indirect filename are now authorized by policy.
- Indirect reads with label:@ are prevented.
- Less secure coders (such as MVG, TEXT, and MSL) require explicit
reference in the filename (e.g. mvg:my-graph.mvg).
Checksums-Sha1:
d07495fde5c38d0f982b9a902289ffa10d1d4553 3156 imagemagick_6.7.7.10-5+deb7u5.dsc
acb4f2647a19895abb2af5bd1379b0cca151c58a 10473522 imagemagick_6.7.7.10.orig.tar.bz2
2f8177925c67d90961c90006a4b9b542ac96a2a5 147097 imagemagick_6.7.7.10-5+deb7u5.debian.tar.bz2
9c0f199b8247f23daf6af1fedda8cc1289b54dd5 285384 imagemagick_6.7.7.10-5+deb7u5_i386.deb
08255c8c1a0e7145b9b33cbaccc9c835d53b6524 5937056 imagemagick-dbg_6.7.7.10-5+deb7u5_i386.deb
031876e5d9e65a0a3eeb33e9276018e6be89bac2 128860 imagemagick-common_6.7.7.10-5+deb7u5_all.deb
46ac1314965b48cbcf0660c4ef31251be4a08e52 5797852 imagemagick-doc_6.7.7.10-5+deb7u5_all.deb
a0be9fd91d79b7f65c18c19ad082668241b66808 2017412 libmagickcore5_6.7.7.10-5+deb7u5_i386.deb
9ed9da77c075e2a96bae195b02c35dfcd9d225df 162994 libmagickcore5-extra_6.7.7.10-5+deb7u5_i386.deb
3d2262c89a4f15a44a0405183e8622a68290b840 1322480 libmagickcore-dev_6.7.7.10-5+deb7u5_i386.deb
a2ccd8ef328d9f1060128cefe976ecab5c816638 419032 libmagickwand5_6.7.7.10-5+deb7u5_i386.deb
e5de67ab382bf85a4671f3936b1a237718139bf6 505780 libmagickwand-dev_6.7.7.10-5+deb7u5_i386.deb
08a3b1932d83dbb4bdc34ce4cbb14813f3f8de1e 246142 libmagick++5_6.7.7.10-5+deb7u5_i386.deb
5c1a1ab1cd1d157d00f761b1e65e3c3d3b8e02a9 281380 libmagick++-dev_6.7.7.10-5+deb7u5_i386.deb
bf41a2a595c78671a08c49f96b0edd50ebb057da 246042 perlmagick_6.7.7.10-5+deb7u5_i386.deb
Checksums-Sha256:
7fdf16bce8c52e1ccb5f3973c656cf16b39091f9757f2027e03bdcd0f9fbc433 3156 imagemagick_6.7.7.10-5+deb7u5.dsc
05fb23824b1c90ac35259715c94c65fb5cda6969eb597a7637762d8cf3998fda 10473522 imagemagick_6.7.7.10.orig.tar.bz2
091bcdfa6830eb4b9956311c789eb766aa040e21b69d6ea6c91b37c60fa91917 147097 imagemagick_6.7.7.10-5+deb7u5.debian.tar.bz2
9c45d117366ff8d6c80de2a9d864d6a9db0cc2f25fe3df33c837b8ff2af1d128 285384 imagemagick_6.7.7.10-5+deb7u5_i386.deb
0d474f7bc57aa98dd52cb2aa698be4d2e67a4be81a99b8df0753e8b3feef4883 5937056 imagemagick-dbg_6.7.7.10-5+deb7u5_i386.deb
aa5285b9a4384307242bafb16d92571125f93cdcdc880c6e067999f72f88a0b4 128860 imagemagick-common_6.7.7.10-5+deb7u5_all.deb
876a953e0fbabc9bedbc942839e30e2963f839a7434fd8786308259421c51f0d 5797852 imagemagick-doc_6.7.7.10-5+deb7u5_all.deb
3e5d49e5642a34869212bca5b4cf128e869266d0a78003bc9b329dfd5253b205 2017412 libmagickcore5_6.7.7.10-5+deb7u5_i386.deb
9f9a1db24e2fbbcfe50f682d71d2bf4cf26850caac6696de75d61a7284effc0c 162994 libmagickcore5-extra_6.7.7.10-5+deb7u5_i386.deb
1559059f853de94ba220cd30bc5b0f0b6b7b0d5b058303b8206315cc02cb7250 1322480 libmagickcore-dev_6.7.7.10-5+deb7u5_i386.deb
5fff0c50904e3c48767ff63d2e527e9c411535c3e393bd2d8fee067dd10bdf50 419032 libmagickwand5_6.7.7.10-5+deb7u5_i386.deb
ca29aeef11f977f40eee24020db3be7c50d4822c788cfea91b725c2f52e838fe 505780 libmagickwand-dev_6.7.7.10-5+deb7u5_i386.deb
d27834a313831b365d5a9af95988537a0b3aa31c45379683932d222a0d80b4f7 246142 libmagick++5_6.7.7.10-5+deb7u5_i386.deb
7903ed276e888b7ad42d4ac482f13df34534c83b6b0d01b1f378f3e2b95ced9e 281380 libmagick++-dev_6.7.7.10-5+deb7u5_i386.deb
72272642a82d113214e8c88d02f4bf37a45da9f1aaded9a77c175efb319a2a5f 246042 perlmagick_6.7.7.10-5+deb7u5_i386.deb
Files:
fe237dd4427ec83c56b00a9f5d3a82d0 3156 graphics optional imagemagick_6.7.7.10-5+deb7u5.dsc
fb64a68853b7dd279075c7f2e17a8302 10473522 graphics optional imagemagick_6.7.7.10.orig.tar.bz2
62004621caa508357569f842638c0766 147097 graphics optional imagemagick_6.7.7.10-5+deb7u5.debian.tar.bz2
c6906cddc46e856a83d0a816828aa092 285384 graphics optional imagemagick_6.7.7.10-5+deb7u5_i386.deb
1529665c523dcf11c87c74f363b0ea17 5937056 debug extra imagemagick-dbg_6.7.7.10-5+deb7u5_i386.deb
a61046c834cc1171811aabadd4d0212e 128860 graphics optional imagemagick-common_6.7.7.10-5+deb7u5_all.deb
abd86607a0496245645bdcfdd1a343db 5797852 doc optional imagemagick-doc_6.7.7.10-5+deb7u5_all.deb
333c72321fd7b17bc88c02655f5c886e 2017412 libs optional libmagickcore5_6.7.7.10-5+deb7u5_i386.deb
fbd53681f8370b6e50c1a650104d07ca 162994 libs optional libmagickcore5-extra_6.7.7.10-5+deb7u5_i386.deb
5b4b8a617f6b85a28bc5bdc013c084ad 1322480 libdevel optional libmagickcore-dev_6.7.7.10-5+deb7u5_i386.deb
6d243b600d2fe79c5c4f45bd7a3f886e 419032 libs optional libmagickwand5_6.7.7.10-5+deb7u5_i386.deb
29e73a644c4dd9d265e92a51d80d0b1b 505780 libdevel optional libmagickwand-dev_6.7.7.10-5+deb7u5_i386.deb
8de74c6bba29c8d50c8208614385f013 246142 libs optional libmagick++5_6.7.7.10-5+deb7u5_i386.deb
29f963c6f6e846f3422827c86878cb1e 281380 libdevel optional libmagick++-dev_6.7.7.10-5+deb7u5_i386.deb
63b9485b7053819b445e84633b5965d3 246042 perl optional perlmagick_6.7.7.10-5+deb7u5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXQmHYAAoJEBeEV3+BH26s5REP/i7gXbD4ng/uGU4hWr4exF+p
NqrXT0bm5Uz9bkHmnZRj2fNtQbxaNUAaFLPYjxBctjCDvHWVWC1hkdt+c08+wsnx
QcRaHXhG07AoIhfgUhvklId9PshrqaZ5/BfqKkpeBY4h8zK93MGnmjEoctzIkj4I
YxcAuIh3y2GkEqOsrnsvrrApdMkYbGWIL2AePMIWIpuX1AW8cAbX9RfXXxAZeJvo
AefzoLBizzH0izdE9X8fhUkMLuu4DMFiu+eexbMWMw8MoX9gA+37RbSrJfp6ld4r
DWdbLfah1RDFA0mkG9IEs5s9aBagtH1tD9KUHcjt9MS2861rB1nAWxeynR9F7Hj3
q7fzrjpov1a5ubf6v8ncILpALu04vTHXl3fGSU45othiSZq6w+i/kTlM7+/qPcc3
4GIHmUoqFcoxLyFz0tgX30/xoXKfu8TITG0Fzr6ryjsaB5xpLxeaxgdjZX6qfFac
3J1kT0LjDjeUEBaCxZ21jei9UqmXsU/gBa0/cZcdTcaovrDeUJFm695Yf8rW0J9F
u248/8muq20SEtjOlICw/MIreL0fgoPwYDnZhyW5XhKLNbhuHx3BIM9CPxRnsHpj
P6RWxeAYQahIWLDX79zy31SpKB72chv7mZVFUBqeCUjBeIHlWowW4H4ny5GiR1Ay
uTLrVH45aEbVGF4JGZjS
=5hT6
-----END PGP SIGNATURE-----