Back to imagemagick PTS page

Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 23 Feb 2024 17:32:08 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: imagemagick_6.9.11.60+dfsg-1.6+deb12u1_source.changes
Debian-source: imagemagick
Debian-suite: proposed-updates
Debian-version: 8:6.9.11.60+dfsg-1.6+deb12u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=z6P3UwXzgal3OWYifp4bnt+Nvv/40nMlLzo4Kb3WYyU=; b=OOliV7gHFLVXzAWxSEPuQD0FX6 w/RkXKT1jCZ4ogLnGi6tgLIEUt3dUH+htzjEsFEn1lS9AiU9oSgpi1jiyRT/HF9ab5o/yVk6SSNPI c9MNIXWPcycvBukr8A0wtVCuaPCvP6Lr3/nLP6QbpPCsACnQ8CeU+dIp+qQDxzbdu+yC+8Hblrqfq pCoVCh7V7fVFC9COapvJclSrGwYy1rH9pU39TFgPDg6ad7J7T7Ma2XavKaV3JDpDP4v9TxXUSmFMz AJIQokrJa5HV1VU26JCOQu6xsBZzAejzduFURDJ3izGfbSqDeKHaRi8o3LfRRLwK2BTGw5FOyqhyB vBEJEP3A==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1rdZP6-00GFRi-UO@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 12 Feb 2024 20:15:47 +0000
Source: imagemagick
Architecture: source
Version: 8:6.9.11.60+dfsg-1.6+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1013282 1036999
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.6+deb12u1) bookworm-security; urgency=high
 .
   * Acknowledge NMU
   * Fix CVE-2021-3610 heap buffer overflow vulnerability in TIFF coder
   * Fix an heap buffer overflow in TIFF coder
   * Fix uninitialised value passing in TIFFGetField
   * Fix stack overflow in TIFF coder
   * Early exit in case of malformed TIFF file
   * Fix buffer overrun in TIFF coder
   * Fix unitialised value in TIFF coder
   * Fix CVE-2022-1115: Heap based overflow in
     TIFF coder (Closes: #1013282)
   * Fix uninitialised value in TIFF coders
   * Use salsa-ci
   * Fix CVE-2023-1289: A specially created SVG file loaded itself and
     causes a segmentation fault. This flaw allows a remote attacker
     to pass a specially crafted SVG file that leads to a segmentation
     fault, generating many trash files in "/tmp," resulting in
     a denial of service. When ImageMagick crashes,
     it generates a lot of trash files. These trash files
     can be large if the SVG file contains many render actions.
     In a denial of service attack, if a remote attacker uploads an SVG file
     of size t, ImageMagick generates files of size 103*t.
     If an attacker uploads a 100M SVG, the server will generate about 10G.
   * Fix CVE-2023-1906: A heap-based buffer overflow issue was
     discovered in ImageMagick's ImportMultiSpectralQuantum() function
     in MagickCore/quantum-import.c. An attacker could pass specially
     crafted file to convert, triggering an out-of-bounds read error,
     allowing an application to crash, resulting in a denial of service.
   * Fix CVE-2023-34151: Imagemagick was vulnerable due to
     an undefined behaviors of casting double to size_t in svg, mvg
     and other coders. (Closes: #1036999)
   * Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
     was found in coders/tiff.c in ImageMagick. This issue
     may allow a local attacker to trick the user into opening
     a specially crafted file, resulting in an application crash
     and denial of service.
   * Fix CVE-2023-5341: A heap use-after-free flaw was found in
     coders/bmp.c
Checksums-Sha1:
 6622115f5257a7e728056152f4b806b50c9a36ba 5131 imagemagick_6.9.11.60+dfsg-1.6+deb12u1.dsc
 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 099247f6a7601427b123abb75ff2f9895794ae57 264292 imagemagick_6.9.11.60+dfsg-1.6+deb12u1.debian.tar.xz
 96e9900a5dcc40ec1b7e34074c2c7ef1b81cd184 30898 imagemagick_6.9.11.60+dfsg-1.6+deb12u1_amd64.buildinfo
Checksums-Sha256:
 743092dc6ff5e41c150695215d1649557dcd5b7eac2ed4795ce5e7b4009a958f 5131 imagemagick_6.9.11.60+dfsg-1.6+deb12u1.dsc
 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 4ffc4f35cdf1a21e175d5e791c096767b4db12e2a00a335df2f7a615aa4d9141 264292 imagemagick_6.9.11.60+dfsg-1.6+deb12u1.debian.tar.xz
 9618fd0514f03af02d5e709a2ee7f8a1ec591f0e18b0764a5f5f87fd1e30042c 30898 imagemagick_6.9.11.60+dfsg-1.6+deb12u1_amd64.buildinfo
Files:
 b8185323af6c75536275a8d84f557fb6 5131 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u1.dsc
 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz
 7fa57d0d30392ec182249a5ac240b0fc 264292 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u1.debian.tar.xz
 21b5af2f739093766560be0091c35f27 30898 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmXPqzQRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+eWg/9EnzIP6+okBJab3hMFrU93UDpScGAeT3D
etohWACjZzFt2AQDgEomCWXqAAB0+96Px8OdjJjZa8gPEbvts4oXN7gNpPzK/4n/
F1w1RvU5VTkJ5xLtJI3KBVi7Ojc+H7z0kh92onelXEWv2xFlKR2VWfFixSHmLAMt
IXCRP+uePzUFSOBBHmnf+v+yEgvWi+WHOPZDU+fZNcwRQg6GRdG3JUFakC+k0bd5
JUkSNMr1FQW8tVrGCMBQ/aOuvStT174rAgSqLh8CkoPOb6Ab/uD6is735C71bFfT
hNPnW6mGfXrdiJwf+FAoQhzi/EBy31XTvxKd6asb3OA8dfOGrM7usf15mHIR8Qd9
VXdQ+OhKFRVi8XHXcTGogTQtwcA8Y1qwUe9OzHHMMCaCYq8hvArd1RjdXAmFetjU
eF6QVvFX3hmKpzC3+NoOy3QUbJMnF8ByTfyGasZgB+cktsi/+ynpePG57itE+FEM
NSjT59be0Vyg6H1hvkQ3LUbTwWRkdp5qauAaTh6kDIJkuXTTDJlmn22P0pE8U7f3
pqNwQWv7mhQ/9FwuQWSLzgGk528gMIqbhhJR2uh+LywbyR9+z7jQ4zJSd6G03y2F
ABM4EVVYCOfx6T5WhirOCJfkvq5WSLwEbGLk0v/uRDmcJ1FcjAWnh5GmuiyG0P7u
r/QKX5YC4Os=
=ba+U
-----END PGP SIGNATURE-----

Attachment: pgp3r9rYOL8GW.pgp
Description: PGP signature