Your message dated Fri, 09 Feb 2018 22:35:39 +0000
with message-id <e1ekhgd-000cf9...@fasolo.debian.org>
and subject line Bug#878545: fixed in imagemagick 8:6.9.9.34+dfsg-1
has caused the Debian Bug report #878545,
regarding imagemagick: CVE-2017-14505
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878545
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.8.9.9-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/716

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14505[0]:
| DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1
| mishandles certain NULL arrays, which allows attackers to perform
| Denial of Service (NULL pointer dereference and application crash in
| AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted
| Image File as input.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14505
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14505
[1] https://github.com/ImageMagick/ImageMagick/issues/716

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.9.34+dfsg-1

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 08 Feb 2018 13:38:05 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-5 
libmagickcore-6.q16-5-extra libmagickcore-6.q16-dev libmagickwand-6.q16-5 
libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-5 
libmagickcore-6.q16hdri-5-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-5 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source
Version: 8:6.9.9.34+dfsg-1
Distribution: experimental
Urgency: high
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-5 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-5-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-6.q16hdri-5 - low-level image manipulation library -- quantum 
depth Q16HDRI
 libmagickcore-6.q16hdri-5-extra - low-level image manipulation library - extra 
codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - 
development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-5 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-5 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files 
(Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 856601 872373 872609 873059 873099 873100 873131 873134 873871 875338 
875339 875341 875352 875502 875503 875504 875506 876097 876099 876105 876487 
876488 877354 877355 878506 878507 878508 878524 878527 878541 878545 878546 
878547 878548 878554 878555 878562 878578 878579 878679 881392 884444 885125 
885339 885340 885941 885942 886281 886584 886588
Changes:
 imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high
 .
   * New upstream version
   * Packaging fix:
     + Fix privacy breach.
     + Bump compat level to 11.
     + Bump policy no changes
     + Fix lintian warnings
     + Fix "unnecessary libgraphviz-dev dependency (and graphviz
       suggests?)", thanks to Matthias Klose (Closes: #884444).
     + Remove Vincent Fourmond <fourm...@debian.org> as uploader, thanks
       to him. (Closes: #878679).
     + Aknowledge NMU (Closes: #856601)
   * Fix a few security issues
     + Fix CVE-2017-1000445: NULL pointer dereference in
       the MagickCore component and might lead to denial of service.
       (Closes: #886281)
     + Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
       the function ReadDDSInfo in coders/dds.c, which allows attackers
       to cause a denial of service.
     + Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
       has an integer signedness error leading to excessive memory
       consumption via a crafted DCM file.
       (Closes: #873059)
     + Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
       the function ReadPDBImage in coders/pdb.c, which allows attackers
       to cause a denial of service
       (Closes: #872609)
     + Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
       allows remote attackers to cause a denial of service
       (memory consumption) via a crafted file.
       (Closes: #875338)
     + Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
       in ImageMagick allows remote attackers to cause a
       denial of service (memory consumption) via a crafted VIFF file.
       (Closes: #875339)
     + Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
       allows remote attackers to cause a denial of service
       (memory consumption) via a crafted BMP
       (Closes: #875341)
     + Fix CVE-2017-12875: The WritePixelCachePixels function
       allows remote attackers to cause a denial of service
       (CPU consumption) via a crafted file.
       (Closes: #873871)
     + Fix CVE-2017-12877: Use-after-free vulnerability in
       the DestroyImage function in image.c in ImageMagick allows
       remote attackers to cause a denial of service via a crafted file.
       (Closes: #872373)
     + Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
       function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
       attackers to cause a denial of service (application crash)
       or possibly have unspecified other impact via a crafted file.
       (Closes: #873134)
     + Fix CVE-2017-13061: A length-validation vulnerability was found
       in the function ReadPSDLayersInternal in coders/psd.c,
       which allows attackers to cause a denial of service
       (ReadPSDImage memory exhaustion) via a crafted file
       (Closes: #873131)
     + Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
       offset validation, which allows attackers to cause a denial of service
       (load_tile memory exhaustion) via a crafted file.
       (Closes: #873100)
     + Fix CVE-2017-13134: a heap-based buffer over-read was found in the
       function SFWScan in coders/sfw.c, which allows attackers
       to cause a denial of service via a crafted file.
       (Closes: #873099)
     + Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
       function in MagickCore/draw.c.
       (Closes: #878508)
     + Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
       function in MagickCore/identify.c in ImageMagick allows an attacker
       to perform denial of service by sending a crafted image file.
       (Closes: #875352)
     + Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
       coders/thumbnail.c allows an attacker to cause a denial of service
       (buffer over-read) by sending a crafted JPEG file.
       (Closes: #878507)
     + Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
       ReadCUTImage function in coders/cut.c that could allow an attacker
       to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
       function within the MagickCore/cache.c file) by submitting
       a malformed image file.
       (Closes: #878506)
     + Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
       due to lack of an EOF (End of File) check cause high CPU consumption.
       When a crafted PSD file, which claims a large "extent" field
       in the header but does not contain sufficient backing data,
       is provided, the loop over "length" would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875506)
     + Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
       an integer overflow might occur for the addition operation
       "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
       value than expected. As a result, an infinite loop would occur
       for a crafted TXT file that claims a very large "max_value" value.
       (Closes: #875504)
     + Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
       a lack of an EOF (End of File) check might cause huge CPU consumption.
       When a crafted PSD file, which claims a large "length" field
       in the header but does not contain sufficient backing data,
       is provided, the loop over "length" would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875503)
     + Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
       a lack of an EOF (End of File) check might cause huge CPU consumption.
       When a crafted XBM file, which claims large rows and columns fields
       in the header but does not contain sufficient backing data,
       is provided, the loop over the rows would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875502)
     + Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
       in coders/pcx.c allows remote attackers to cause a denial
       of service or code execution via a crafted file.
       (Closes: #876097)
     + Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
       ReadMPCImage in coders/mpc.c, leading to division by zero
       in GetPixelCacheTileSize in MagickCore/cache.c,
       allowing remote attackers to cause a denial of service
       via a crafted file.
       (Closes: #876099)
     + Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
       in coders/wpg.c, causing CPU exhaustion via a crafted
       wpg image file.
       (Closes: #876105)
     + Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
       mishandles the pixel cache nexus, which allows remote attackers
       to cause a denial of service (NULL pointer dereference
       in the function GetVirtualPixels in MagickCore/cache.c)
       via a crafted file.
       (Closes: #878546)
     + Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
       mishandles certain NULL arrays, which allows attackers to perform
       Denial of Service (NULL pointer dereference and application crash in
       AcquireQuantumMemory within MagickCore/memory.c) by providing a
       crafted Image File as input.
       (Closes: #878545)
     + Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
       in coders/tiff.c.
       (Closes: #878541)
     + Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
       has been reported in coders/tiff.c. An attacker could possibly
       exploit this flaw to disclose potentially sensitive memory
       or cause an application crash.
       (Closes: #878527)
     + Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
       in the function PostscriptDelegateMessage in coders/ps.c.
       (Closes: #877354)
     + Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
       in the function sixel_output_create in coders/sixel.c.
       (Closes: #877355)
     + Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
       in the function sixel_decode in coders/sixel.c.
       (Closes: #878524)
     + Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
       allows remote attackers to cause a denial of service
       (heap-based buffer overflow and application crash)
       or possibly have unspecified other impact via a
       crafted SVG document, a different vulnerability
       than CVE-2017-10928.
       (Closes: #876488)
     + Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
       function in magick/resample-private.h in ImageMagick
       mishandles failed memory allocation, which allows
       remote attackers to cause a denial of service
       (NULL Pointer Dereference in DistortImage in
       MagickCore/distort.c, and application crash)
       via unspecified vectors.
       (Closes: #878547)
     + Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
       allows remote attackers to cause a denial of service
       (infinite loop) via a crafted font file.
       (Closes: #878548)
     + Fix CVE-2017-14989: A use-after-free in RenderFreetype
       in MagickCore/annotate.c allows attackers to crash the application
       via a crafted font file, because the FT_Done_Glyph function
       (from FreeType 2) is called at an incorrect place in the ImageMagick 
code.
       (Closes: #878562)
     + Fix CVE-2017-15015: NULL pointer dereference vulnerability in
       PDFDelegateMessage in coders/pdf.c.
       (Closes: #878555)
     + Fix CVE-2017-15017: NULL pointer dereference vulnerability
       in ReadOneMNGImage in coders/png.c.
       (Closes: #878554)
     + Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
       the palette uninitialized when processing a GIF file that has
       neither a global nor local palette. If the affected product is
       used as a library loaded into a process that operates on
       interesting data, this data sometimes can be leaked
       via the uninitialized palette.
       (Closes: #878578)
     + Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
       allows remote attackers to cause a denial of service
       (application crash) or possibly have unspecified other impact
       via a crafted file, related to "Conditional jump or move
       depends on uninitialised value(s).
       (Closes: #878579).
     + Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
       does not properly validate the colormap index in a WPG palette,
       which allows remote attackers to cause a denial of service
       (use of uninitialized data or invalid memory allocation)
       or possibly have unspecified other impact via a malformed WPG file.
       (Closes: #881392)
     + Fix CVE-2017-17499: use-after-free in Magick::Image::read
       in Magick++/lib/Image.cpp.
       (Closes: #885339)
     + Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
       heap-based buffer over-read via a crafted file, related to
       ReadOneMNGImage.
       (Closes: #885340)
     + Fix CVE-2017-17681: an infinite loop vulnerability was found
       in the function ReadPSDChannelZip in coders/psd.c, which
       allows attackers to cause a denial of service (CPU exhaustion)
       via a crafted psd image file.
       (Closes: #885941)
     + Fix CVE-2017-17682: large loop vulnerability was found in the
       function ExtractPostscript in coders/wpg.c, which allows attackers
       to cause a denial of service (CPU exhaustion) via a crafted wpg
       image file that triggers a ReadWPGImage call.
       (Closes: #885942)
     + Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
       in coders/png.c, related to length calculation and caused by an
       off-by-one error.
       (Closes: #885125)
     + Fix CVE-2017-17914: a vulnerability was found in the function
       ReadOnePNGImage in coders/png.c, which allows attackers to cause
       a denial of service (ReadOneMNGImage large loop) via a crafted mng
       image file.
       (Closes: #886584)
     + Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
       in the ReadSIXELImage function, related to the sixel_decode function.
       (Closes: #886588)
   * Fix a few unimportant security bugs:
     + Fix CVE-2017-12644 memory leak vulnerability
       in ReadDCMImage in coders\dcm.c
     + Fix CVE-2017-13058 memory leak in WritePCXImage
     + Fix CVE-2017-13059 memory leak in WriteJNGImage
     + Fix CVE-2017-13060 memory leak in ReadMATImage
     + Fix CVE-2017-13062 memory leak vulnerability
       found in the function formatIPTC in coders/meta.c,
       which allows attackers to cause a denial of service
       (WriteMETAImage memory consumption) via a crafted file.
     + Fix CVE-2017-13131 a memory leak vulnerability
       found in the function ReadMIFFImage in coders/miff.c,
       which allows attackers to cause a denial of service
       (memory consumption in NewLinkedList in MagickCore/linked-list.c)
       via a crafted file.
     + Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
       where memory allocation is excessive,
       because it depends only on a length field in a header.
     + Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
       because memory is not freed in certain error cases.
     + Fix CVE-2017-14139: memory leak vulnerability
       in WriteMSLImage in coders/msl.c.
     + Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
     + Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
     + Fix CVE-2017-14326: memory leak vulnerability in the function
       ReadMATImage in coders/mat.c, which allows attackers
       to cause a denial of service via a crafted file.
     + Fix CVE-2017-14342: memory exhaustion vulnerability in
       ReadWPGImage in coders/wpg.c via a crafted wpg image file.
     + Fix CVE-2017-14343: memory leak vulnerability in
       ReadXCFImage in coders/xcf.c via a crafted xcf image file.
     + Fix CVE-2017-14531: memory exhaustion issue in
       ReadSUNImage in coders/sun.c.
     + Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
     + Fix CVE-2017-14684: mory leak vulnerability was found in the
       function ReadVIPSImage in coders/vips.c, which allows
       attackers to cause a denial of service (memory consumption
       in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
       (Closes: #876487)
     + Fix CVE-2017-15016: a NULL pointer dereference vulnerability
       in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
       under Debian).
     + Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
       coders/ycbcr.c.
     + Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
     + Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
     + Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
     + Fix CVE-2017-17680: a memory leak vulnerability was found in
       the function ReadXPMImage in coders/xpm.c, which allows
       attackers to cause a denial of service via a crafted xpm image file.
     + Fix CVE-2017-17881: a memory leak vulnerability was found in
       the function ReadMATImage in coders/mat.c, which allows
       attackers to cause a denial of service via a crafted MAT image file.
     + Fix CVE-2017-17882: a memory leak vulnerability was found in the
       function ReadXPMImage in coders/xpm.c, which allows attackers
       to cause a denial of service via a crafted XPM image file.
     + Fix CVE-2017-17883: a memory leak vulnerability was found in the
       function ReadPGXImage in coders/pgx.c, which allows attackers
       to cause a denial of service via a crafted PGX image file.
     + Fix CVE-2017-17884: a memory leak vulnerability was found in the
       function WriteOnePNGImage in coders/png.c,
       which allows attackers to cause a denial of service via
       a crafted PNG image file.
     + Fix CVE-2017-17885: a memory leak vulnerability was found
       in the function ReadPICTImage in coders/pict.c, which
       allows attackers to cause a denial of service via a crafted
       PICT image file.
     + Fix CVE-2017-17886: a memory leak vulnerability was found
       in the function ReadPSDChannelZip in coders/psd.c,
       which allows attackers to cause a denial of service
       via a crafted psd image file.
     + Fix CVE-2017-17887: a memory leak vulnerability
       was found in the function GetImagePixelCache in magick/cache.c,
       which allows attackers to cause a denial of service via a crafted
       MNG image file that is processed by ReadOneMNGImage.
     + Fix CVE-2017-17934: a memory leaks in coders/msl.c,
       related to MSLPopImage and ProcessMSLScript,
       and associated with mishandling of MSLPushImage calls.
     + Fix CVE-2017-18008: a ùemory Leak in ReadPWPImage in coders/pwp.c.
     + Fix CVE-2017-18022: memory leaks in MontageImageCommand
       in MagickWand/montage.c.
     + Fix CVE-2017-18027: a memory leak vulnerability was found
       in the function ReadMATImage in coders/mat.c,
       which allow remote attackers to cause a denial
       of service via a crafted file.
     + Fix CVE-2017-18028: a memory exhaustion vulnerability
       was found in the function ReadTIFFImage in coders/tiff.c,
       which allow remote attackers to cause a denial
       of service via a crafted file.
     + Fix CVE-2017-18029: a memory leak vulnerability was found
       in the function ReadMATImage in coders/mat.c,
       which allow remote attackers to cause a denial of
       service via a crafted file.
     + Fix CVE-2017-6502: a specially crafted webp file
       could lead to a file-descriptor leak in libmagickcore
       (thus, a DoS)
     + Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
       in coders/pattern.c.
     + Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
     + Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
       in coders/dcm.c.
     + Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
       function in coders/json.c, as demonstrated by the
       ReadPSDLayersInternal function in coders/psd.c.
   * Backport fix:
     + Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
       in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
       variable can be overwritten by a new pointer.
       The previous pointer is lost, which leads to a memory leak.
       This allows remote attackers to cause a denial of service.
       (from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)
Checksums-Sha1:
 019151a2eed984c20284cd3430d0cea81fa618e6 5122 imagemagick_6.9.9.34+dfsg-1.dsc
 bac50ed3a85fa095472370d57f9c76c88a0e445a 9047920 
imagemagick_6.9.9.34+dfsg.orig.tar.xz
 205d49483312479b02ca7ca9da28ef44714f446f 218000 
imagemagick_6.9.9.34+dfsg-1.debian.tar.xz
 e759d647494139eeb4f0f130264085c4b7a538bc 29140 
imagemagick_6.9.9.34+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 201b79b2f8337c30216f6c918d0040b4d5c0d460bba36162f324ac78d55e9b5e 5122 
imagemagick_6.9.9.34+dfsg-1.dsc
 ef0554a2e27cc8d039da5f7c6178bc889a896f3892d7d3ee48fc83cad579b590 9047920 
imagemagick_6.9.9.34+dfsg.orig.tar.xz
 e63ce64ca2364c4bdb1cce8c10d1dffe92598615cb7d937fa0b057446bbc614a 218000 
imagemagick_6.9.9.34+dfsg-1.debian.tar.xz
 fe9909a20a00867089a25b70631f32ba26a7c5441e0f07b2fcb2ffae905fe545 29140 
imagemagick_6.9.9.34+dfsg-1_amd64.buildinfo
Files:
 4ab0613bdfae5e8b1aa46d3854d636ea 5122 graphics optional 
imagemagick_6.9.9.34+dfsg-1.dsc
 2fb2d6622e1ab0ca0182a00089ad1dff 9047920 graphics optional 
imagemagick_6.9.9.34+dfsg.orig.tar.xz
 33ca0bae16ca48676b3853fcaad6de9f 218000 graphics optional 
imagemagick_6.9.9.34+dfsg-1.debian.tar.xz
 a7012245af4ed8de530066d85bee46ca 29140 graphics optional 
imagemagick_6.9.9.34+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlp+HVAACgkQADoaLapB
CF9IBg//YV9mQaUY5n7rLLfMqV+eyM0gDIbHQzQ5YAS8rc8cRAExPV4tKBk7TT9S
yJkuKKkxSgYIPzdnQH5kkxmf1ddv0XYSWdLgUQxnSFkp2FdaVEbXwSqoVT8sMSVj
XAEY93sStNXVaXoeY0IjRY+9jw6rsKXmWcd5x4sg77UZ5SJms4D4EFAplIzRWCV+
kk0uV6EEWlOZzOeBTENoDGhvm6wXUZ39vPXk0+j6kJFKjAt143hPj/Oltmn8UkrL
YIvEEr1hjMExoo1AWl80YiVGoBg08jgU+TGGbeDsXnxdwBZc2rVUHbHFKXhOP+x2
j6v8Xc5+RhgUODXs2aThmB/MnXoirxAG/yXoHCDRkLGg/7d8AEGzm9XCmlbIvtss
HCM4cHaIsPnigh7TsA4kJzfFscaXVtYyilUnSiYVzby16RdXE8ydZwUedIQOezSU
3fovU9zhXQgD/btBKf4Lc5Mup4mZ08jSHC79IjiB6ja2Fqe0uoVBf2ZW4XLpUCrd
7rwTtorHuBwyfbEmDFl0DJKvAtW4KnJHonkGnKSrX7zLFh29hv1I/afzolbhsOG4
5o4pFY6MynuwNpakHgWukKF96EBsR4Wztx6XZm+CPpfKSMfzGZ7ODidEoW/YFnP1
g15vtUlNjl+Yt+JOHFQ13VhyyYELNMPWZGK2xKGHdYZc5to6gh0=
=+P95
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to