Accepted imagemagick 8:6.7.7.10-5+deb7u8 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Nov 2016 00:30:16 -0500
Source: imagemagick
Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick
Architecture: source amd64 all
Version: 8:6.7.7.10-5+deb7u8
Distribution: wheezy-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
imagemagick - image manipulation programs
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libmagick++-dev - object-oriented C++ interface to ImageMagick - development files
libmagick++5 - object-oriented C++ interface to ImageMagick
libmagickcore-dev - low-level image manipulation library - development files
libmagickcore5 - low-level image manipulation library
libmagickcore5-extra - low-level image manipulation library - extra codecs
libmagickwand-dev - image manipulation library - development files
libmagickwand5 - image manipulation library
perlmagick - Perl interface to the ImageMagick graphics routines
Closes: 773980 833730 833735 833744 834183 834501 836172
Changes:
imagemagick (8:6.7.7.10-5+deb7u8) wheezy-security; urgency=high
.
[ Ben Hutchings ]
* Non-maintainer upload by the LTS Team
* Avoid a SEGV due to a corrupted pnm file (CVE-2014-9805)
* Added missing calls to RelinquishUniqueFileResource (CVE-2014-9806)
* Fix a double free in pdb coder (CVE-2014-9807)
* Fix handling of corrupted dpc and xwd image (CVE-2014-9808, CVE-2014-9809)
* Bail out early in case of malformed dpx file (CVE-2014-9810)
* Avoid SEGV in malformed xwd file (CVE-2014-9811)
* Avoid a NULL dereference in ps handling (CVE-2014-9812)
* Avoid out of bound access in xwd file handling
* Fix a SEGV with corrupted viff image (CVE-2014-9813)
* Fix a null pointer dereference in wpg file handling (CVE-2014-9814)
* Do not continue on corrupted wpg file (CVE-2014-9815)
* Avoid a out of bound access in viff image (CVE-2014-9816)
* Avoid a heap buffer overflow in pdb file handling (CVE-2014-9817)
* Avoid an out of bound acess on malformed sun file (CVE-2014-9818)
* Avoid heap overflow in palm and xpm files (CVE-2014-9819, CVE-2014-9821)
* Fix heap overflow in quantum.c, palm image handling and psd image handling
(CVE-2014-9822, CVE-2014-9823, CVE-2014-9824)
* Do not try to read corrupted sun image (CVE-2014-9826)
* Fix corrupted (too many colors) psd file (CVE-2014-9828)
* Fix out of bound access in sun image handling (CVE-2014-9829)
* Fix handling of corrupted sun and wpg file (CVE-2014-9830, CVE-2014-9831)
* Fix heap overflow in pcx file, psd, pict and wpf files and DOS in xpm file
(CVE-2014-9832, CVE-2014-9833, CVE-2014-9834, CVE-2014-9835, CVE-2014-9836)
* Additional PNM sanity checks (CVE-2014-9837)
* Robustify xmp and pnm reader
* Detect allocation error earlier (CVE-2014-9838)
* Avoid a crash in coders/rle.c
* Avoid an overflow in ConstrainColormapIndex (CVE-2014-9839)
* Avoid an out of bound access in palm file (CVE-2014-9840)
* Fix another crash in xpm parser (Closes: #773980)
* Fixed boundary checks in DecodePSDPixels (CVE-2014-9843)
* Fix another out of bound problem in rle file (CVE-2014-9844)
* Fix crash due to corrupted dib file (CVE-2014-9845)
* Added checks to prevent overflow in rle file (CVE-2014-9846)
* Impose a limit of 10 million columns or rows in an input PNG
* Avoid heap overflow in rle file
* Don't try to handle a "previous" image in the JNG decoder (CVE-2014-9847)
* Avoid a memory leak in quantum management (CVE-2014-9848)
* Avoid a crash in png coder (CVE-2014-9849)
* Fix mis-applied patch for CVE-2016-3714
.
[ Roberto C. Sanchez ]
* Prevent buffer overflow in PDB, MAP, and CALS coders (Closes: #836172)
* Avoid out of bound for malformed jpeg files (Closes: #834501)
* Prevent memory use after free (Closes: #834183)
* RLE check for pixel offset less than 0 (Closes: #833744)
* In psd file handling fixed parsing resource block and
avoid a crash (CVE-2014-9851)
* Avoid a memory leak in rle file handling (CVE-2014-9853)
* During identification of image do not fill memory (CVE-2014-9854)
* Fix DOS due to corrupted DDS files (CVE-2014-9907)
* Fix a buffer overflow and a SEGV in sun file handling (CVE-2015-8957)
* Avoid a SIGABRT in sun file handling (CVE-2015-8958)
* Fix a DOS for corrupted DDS file (CVE-2015-8959)
* Prevent buffer overflow in magick/draw.c (CVE-2016-4562, CVE-2016-4564)
* Prevent possible buffer overflow when reading TIFF images (CVE-2016-5010)
* Fix out of bounds memory read for DDS files (CVE-2016-5687)
* Fix out of bound access for corrupted WPG file (CVE-2016-5688)
* Add additional checks to DCM reader to prevent data-driven faults
(CVE-2016-5689, CVE-2016-5690, CVE-2016-5691)
* Improve checking of EXIF profile to prevent integer overflow
(CVE-2016-5841, CVE-2016-5842)
* Prevent buffer overflow in properties reading (CVE-2016-6491)
* Avoid a buffer overflow in bmp file reader (CVE-2016-6823)
* Fix SGI file buffer overflow (CVE-2016-7101)
* Fix an out-of-bounds read in coders/psd.c (CVE-2016-7514)
* Fix rle file handling for corrupted file (CVE-2016-7515)
* Fix multiple out of bounds problems in rle, pict, viff and sun
files (CVE-2016-7516, CVE-2016-7517, CVE-2016-7518, CVE-2016-7519)
* Fix a heap overflow in hdr file handling (CVE-2016-7520)
* Fix a heap buffer overflow in psd file handling (CVE-2016-7521)
* Fix an out of bound access for malformed psd file (CVE-2016-7522)
* Fix a meta file out of bounds access (CVE-2016-7523, CVE-2016-7524)
* Fix an out of bound access in wpg file coder
(CVE-2016-7526, CVE-2016-7527)
* Fix out of bound access for viff file coder (CVE-2016-7528)
* Fix an out of bound access in xcf file coder (CVE-2016-7529)
* Fix out of bound in quantum handling (CVE-2016-7530)
* Fix a pbd file out of bound access (CVE-2016-7531)
* Fix handling of corrupted psd file (CVE-2016-7532)
* Fix a wpg file out of bound for corrupted file (CVE-2016-7533)
* Fix an out of bound access in generic decoder (CVE-2016-7534)
* Fix an out of bound access for corrupted psd file (CVE-2016-7535)
* Fix a SEGV reported in corrupted profile handling (CVE-2016-7536)
* Fix an out of bound access for corrupted pdb file (CVE-2016-7537)
* Fix a SIGABRT for corrupted pdb file (CVE-2016-7538)
* Fix potential DOS by not releasing memory (CVE-2016-7539)
* Prevent buffer overflow in draw.c (Closes: #833730)
* Fix loading arbitrary module from user side (Closes: #833735)
Checksums-Sha1:
9a878bd6e04b4c51a65bd68c30ac10192e0e3a98 3156 imagemagick_6.7.7.10-5+deb7u8.dsc
659e36c61ff544b685816950846373ff79e199fd 186236 imagemagick_6.7.7.10-5+deb7u8.debian.tar.bz2
308269e5a3afeb394b3127e8036d9032924e8e60 289016 imagemagick_6.7.7.10-5+deb7u8_amd64.deb
c997aa0b089a2bbaaab8d55f6bb2d88d5218144b 6296980 imagemagick-dbg_6.7.7.10-5+deb7u8_amd64.deb
0605ab3e5f00d80b9971f7e1d29531f5b49741b0 131510 imagemagick-common_6.7.7.10-5+deb7u8_all.deb
de504a59be2a69144a77dee26196ff94754b2486 5801672 imagemagick-doc_6.7.7.10-5+deb7u8_all.deb
4782c66d0a1a994f3491ab4e321f299c4204cbe9 2112468 libmagickcore5_6.7.7.10-5+deb7u8_amd64.deb
8b3af7da74752e3c2271a051313170e3621bca76 167804 libmagickcore5-extra_6.7.7.10-5+deb7u8_amd64.deb
5b68045134f28a92dcc471eea9d19d700b2fb8de 1388570 libmagickcore-dev_6.7.7.10-5+deb7u8_amd64.deb
88bc5c5f783e700c6b4d12a0fb0c0f947c996bf8 465076 libmagickwand5_6.7.7.10-5+deb7u8_amd64.deb
676bea2453063ba1ccf920481a70baeb3eb031ba 546728 libmagickwand-dev_6.7.7.10-5+deb7u8_amd64.deb
4401e8a7469cea51e43219ee2f62c4833af8b2f6 239820 libmagick++5_6.7.7.10-5+deb7u8_amd64.deb
cbd16691da3f51d63e35e0f3cac4203f6b681015 287626 libmagick++-dev_6.7.7.10-5+deb7u8_amd64.deb
82fd9f01072fa2d3565f3a8c82224884d7dbef23 258856 perlmagick_6.7.7.10-5+deb7u8_amd64.deb
Checksums-Sha256:
252668269d3d09d9e1860ac8128daf94819233f1e750e65b55634a3abe884395 3156 imagemagick_6.7.7.10-5+deb7u8.dsc
c6272307761dc4d5bddb111bea80e2d67e080a8d440fc82f0c0a1d849b36e4d0 186236 imagemagick_6.7.7.10-5+deb7u8.debian.tar.bz2
7103ee7d44090d21ed4ec3bd1e74bcf3317644bcd3e3bbc28f6da7b72c6083c2 289016 imagemagick_6.7.7.10-5+deb7u8_amd64.deb
b269f7a885aaefc6fba137a9adf847216292176e5c382052edf15d2cad2308f0 6296980 imagemagick-dbg_6.7.7.10-5+deb7u8_amd64.deb
1605a2876b3e71ad3af8415729d71ace6246c8c8741b5947f1e5d4a2e03a2708 131510 imagemagick-common_6.7.7.10-5+deb7u8_all.deb
6ddc683d087f01b5999536464cbd4c5fd68928277038a7cd8211e2c7952707ed 5801672 imagemagick-doc_6.7.7.10-5+deb7u8_all.deb
f7da7163642e38780444a252ec08ee231c333e722e04c215c972077f76dae265 2112468 libmagickcore5_6.7.7.10-5+deb7u8_amd64.deb
b4b8f853f44c3a4649cabb869481f5236347799fa9c7e41ec1bc67a1835fea2e 167804 libmagickcore5-extra_6.7.7.10-5+deb7u8_amd64.deb
19a734cb4370862d96442cdfdefa5020f4c83d0627a5c9fc07898e75f433071b 1388570 libmagickcore-dev_6.7.7.10-5+deb7u8_amd64.deb
e91912316976ada6619f00ee6d2d016fd1007bab029c11243c5f1d45da95ae71 465076 libmagickwand5_6.7.7.10-5+deb7u8_amd64.deb
d087eeb6568c66b8238e7d270e50deeaf312a94c44e6a89be35c3398fd9e8d0b 546728 libmagickwand-dev_6.7.7.10-5+deb7u8_amd64.deb
ce7aea9800609749e39417f27f1f57d8e11095bdcc16a57d568187f93084b145 239820 libmagick++5_6.7.7.10-5+deb7u8_amd64.deb
da1aa860bc4ded4688b5bf3b5aac6f47f9c3f782a40910d47dc55005fe3492b3 287626 libmagick++-dev_6.7.7.10-5+deb7u8_amd64.deb
f9619489a412d0e8218e6d0e0e85655b6c52721b531088d0f0964116aa00db00 258856 perlmagick_6.7.7.10-5+deb7u8_amd64.deb
Files:
967740b8fc58d561ee018ade15f7f6fe 3156 graphics optional imagemagick_6.7.7.10-5+deb7u8.dsc
4de52886efb5ad2307f86dcb112e1dfa 186236 graphics optional imagemagick_6.7.7.10-5+deb7u8.debian.tar.bz2
f1b7c0059cb9d691eeba1b4780d8f8df 289016 graphics optional imagemagick_6.7.7.10-5+deb7u8_amd64.deb
e1b998b3da1ef75eb8968852854c503d 6296980 debug extra imagemagick-dbg_6.7.7.10-5+deb7u8_amd64.deb
a1193d4d8e43e1e2049e8cb9dd43e437 131510 graphics optional imagemagick-common_6.7.7.10-5+deb7u8_all.deb
f1e203108eb5287d25148d700d39f374 5801672 doc optional imagemagick-doc_6.7.7.10-5+deb7u8_all.deb
0334e49381d9e6f0fe62a91044ed76a9 2112468 libs optional libmagickcore5_6.7.7.10-5+deb7u8_amd64.deb
c281f4b34e4c293ecdee1ce0ee898cf8 167804 libs optional libmagickcore5-extra_6.7.7.10-5+deb7u8_amd64.deb
3c1d0591c1b682c46f4ec960801bbcb0 1388570 libdevel optional libmagickcore-dev_6.7.7.10-5+deb7u8_amd64.deb
0c1a54f55cb0c5be3ae3aa73b8486d8d 465076 libs optional libmagickwand5_6.7.7.10-5+deb7u8_amd64.deb
527202a7cc9153725851a2facd4c9de9 546728 libdevel optional libmagickwand-dev_6.7.7.10-5+deb7u8_amd64.deb
a7ca11a51b151801ca412f3155311d3f 239820 libs optional libmagick++5_6.7.7.10-5+deb7u8_amd64.deb
0508be5c638ace76f1da30b1b5881737 287626 libdevel optional libmagick++-dev_6.7.7.10-5+deb7u8_amd64.deb
eff6fff1398e58b40ca94e6227f09ab1 258856 perl optional perlmagick_6.7.7.10-5+deb7u8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJYQQNdAAoJECzXeF7dp7IPkCMP/0FIIJ58t7btsoLKOdHk+Wrg
BQIDhQ2tzALcqWTwsnvpj3v/qNoGhu5uVaFwMj3EHmSM+8EQJDa369KNs5dcLuIV
N9Iec48TnFfcVrIZdf73kGiesHI2PzkhiErVH8YEfHGTbJzSCU4RkTqhB4fe7Bt/
BdUBuJQj7FrhJWyEbAkQn9OpzNi5+ZIjy33fjKw24i125vh7TJwJ8+YhUqKa37I+
bgoDEebujHKHwNXuWNC6GnVqyJ1SrX2x6rlX1pifGdDmqYSXd/iIkDjIkQvKUw41
RBDFSBw4Wa02wXx+SZKdIltZubryZoqg4kzbjeZ/iulhCOHu+kyAkhsTkvf6DO3f
o26ngluBlFagyUw5uCTDR8dlptX3+Xq2OItt2WDlPbKWPvTiclrjSgi/PY2eJvxD
kMNVMdKm3BJM6RsfRKoz4vE6exjneW3U8PWsME3soM+bTeq4nGwdTKpDYN2djf3H
Koe/4ZKiaYrTaJG+xnCAJJaH8JtiNSqIny8tiqKAOfgJ8F/QTKDfrwinQBD1lf+0
wzct4ekPuM7fkNdIJcvV6/5qUU0hIufTIl95HDJTCGYExtydULIKTQ1V4naoWqJI
o6PKt859QoUFCK6CvSGhru2eINjBiA8eKhZhfqJLiN6hUZWg05Mhg9w8FGYAq6Ca
kFep3INWvZVXDlB16JWz
=yg2/
-----END PGP SIGNATURE-----