Hi, since this is my first stab at imagemagick it would be great if someone could have a look at the attached debdiff. It's based on the
https://anonscm.debian.org/git/collab-maint/debian-lts/imagemagick.git git repo. The check the verify that the CVEs are fixed and it's not totally broken are here: https://github.com/agx/imagemagick-checks This might evolve into proper autopkgtests in the future. Cheers, -- Guido
diff --git a/debian/changelog b/debian/changelog index c71897e0f..ee16d0b69 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,23 @@ +imagemagick (8:6.7.7.10-5+deb7u11) wheezy-security; urgency=medium + + [ Emilio Pozuelo Monfort ] + * Non-maintainer upload by the LTS Security Team. + * debian/patches/0127-CVE-2016-8677.patch: + + Drop incomplete fix. + * debian/patches/0128-CVE-2016-8707.patch: + + Refreshed. + * 0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch: + + Add complete fix for CVE-2016-8677. + + [ Guido Günther ] + * Fix recent security issues. + CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 + CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 + (Closes: #851485, #851483, #851380, #851383, #851382, + #851381, #851376, #851374) + + -- Guido Günther <[email protected]> Sat, 28 Jan 2017 18:33:48 +0100 + imagemagick (8:6.7.7.10-5+deb7u10) wheezy-security; urgency=high * Non-maintainer upload by the LTS Security Team. diff --git a/debian/patches/0127-CVE-2016-8677.patch b/debian/patches/0127-CVE-2016-8677.patch deleted file mode 100644 index 5c297c1a2..000000000 --- a/debian/patches/0127-CVE-2016-8677.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 524349d2b3fed7fa0e53de2c908458474eb24418 Mon Sep 17 00:00:00 2001 -From: Cristy <[email protected]> -Date: Thu, 15 Sep 2016 20:26:36 -0400 -Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/268 - ---- - coders/tiff.c | 131 +++++++++++++++++++++++++++++----------------------------- - 1 file changed, 65 insertions(+), 66 deletions(-) - ---- a/coders/tiff.c -+++ b/coders/tiff.c -@@ -1678,7 +1678,8 @@ static Image *ReadTIFFImage(const ImageI - } - SetQuantumImageType(image,quantum_type); - next_tiff_frame: -- quantum_info=DestroyQuantumInfo(quantum_info); -+ if (quantum_info != (QuantumInfo *) NULL) -+ quantum_info=DestroyQuantumInfo(quantum_info); - if ((photometric == PHOTOMETRIC_LOGL) || - (photometric == PHOTOMETRIC_MINISBLACK) || - (photometric == PHOTOMETRIC_MINISWHITE)) diff --git a/debian/patches/0128-CVE-2016-8707.patch b/debian/patches/0128-CVE-2016-8707.patch index 711a8cd8a..472d16260 100644 --- a/debian/patches/0128-CVE-2016-8707.patch +++ b/debian/patches/0128-CVE-2016-8707.patch @@ -23,7 +23,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. (reference www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=21288). --- a/coders/tiff.c +++ b/coders/tiff.c -@@ -866,7 +866,7 @@ static Image *ReadTIFFImage(const ImageI +@@ -866,7 +866,7 @@ width; unsigned char @@ -32,7 +32,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. /* Open image. -@@ -1223,7 +1223,13 @@ static Image *ReadTIFFImage(const ImageI +@@ -1223,7 +1223,13 @@ method=ReadTileMethod; quantum_info->endian=LSBEndian; quantum_type=RGBQuantum; @@ -47,7 +47,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. switch (method) { case ReadSingleSampleMethod: -@@ -1294,7 +1300,6 @@ static Image *ReadTIFFImage(const ImageI +@@ -1294,7 +1300,6 @@ TIFFClose(tiff); ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); } @@ -55,7 +55,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. for (y=0; y < (ssize_t) image->rows; y++) { int -@@ -1303,14 +1308,14 @@ static Image *ReadTIFFImage(const ImageI +@@ -1303,14 +1308,14 @@ register PixelPacket *restrict q; @@ -72,7 +72,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. (void) length; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; -@@ -1352,7 +1357,6 @@ static Image *ReadTIFFImage(const ImageI +@@ -1352,7 +1357,6 @@ TIFFClose(tiff); ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); } @@ -80,7 +80,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. for (y=0; y < (ssize_t) image->rows; y++) { int -@@ -1361,14 +1365,14 @@ static Image *ReadTIFFImage(const ImageI +@@ -1361,14 +1365,14 @@ register PixelPacket *restrict q; @@ -97,7 +97,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) -@@ -1397,7 +1401,7 @@ static Image *ReadTIFFImage(const ImageI +@@ -1397,7 +1401,7 @@ status; status=TIFFReadPixels(tiff,bits_per_sample,(tsample_t) i,y,(char *) @@ -106,7 +106,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. if (status == -1) break; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); -@@ -1423,7 +1427,7 @@ static Image *ReadTIFFImage(const ImageI +@@ -1423,7 +1427,7 @@ default: quantum_type=UndefinedQuantum; break; } length=ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, @@ -115,7 +115,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } -@@ -1460,13 +1464,13 @@ static Image *ReadTIFFImage(const ImageI +@@ -1460,13 +1464,13 @@ break; if (i == 0) { @@ -131,11 +131,11 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy. for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(q,ScaleCharToQuantum((unsigned char) -@@ -1676,6 +1680,7 @@ static Image *ReadTIFFImage(const ImageI +@@ -1676,6 +1680,7 @@ break; } } + tiff_pixels=(unsigned char *) RelinquishMagickMemory(tiff_pixels); SetQuantumImageType(image,quantum_type); next_tiff_frame: - if (quantum_info != (QuantumInfo *) NULL) + quantum_info=DestroyQuantumInfo(quantum_info); diff --git a/debian/patches/0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch b/debian/patches/0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch new file mode 100644 index 000000000..a705f9830 --- /dev/null +++ b/debian/patches/0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch @@ -0,0 +1,81 @@ +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1129,6 +1129,34 @@ + if ((option == (const char *) NULL) || + (IsMagickTrue(option) != MagickFalse)) + TIFFGetEXIFProperties(tiff,image); ++ quantum_info=(QuantumInfo *) NULL; ++ if ((photometric == PHOTOMETRIC_PALETTE) && ++ (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) ++ { ++ size_t ++ colors; ++ ++ colors=(size_t) GetQuantumRange(bits_per_sample)+1; ++ if (AcquireImageColormap(image,colors) == MagickFalse) ++ { ++ TIFFClose(tiff); ++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); ++ } ++ } ++ if (units == RESUNIT_INCH) ++ image->units=PixelsPerInchResolution; ++ if (units == RESUNIT_CENTIMETER) ++ image->units=PixelsPerCentimeterResolution; ++ value=(unsigned short) image->scene; ++ (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages); ++ image->scene=value; ++ if (image_info->ping != MagickFalse) ++ { ++ if (image_info->number_scenes != 0) ++ if (image->scene >= (image_info->scene+image_info->number_scenes-1)) ++ break; ++ goto next_tiff_frame; ++ } + /* + Allocate memory for the image and pixel buffer. + */ +@@ -1189,33 +1217,6 @@ + if (image->matte != MagickFalse) + (void) SetImageProperty(image,"tiff:alpha", + associated_alpha != MagickFalse ? "associated" : "unassociated"); +- if ((photometric == PHOTOMETRIC_PALETTE) && +- (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) +- { +- size_t +- colors; +- +- colors=(size_t) GetQuantumRange(bits_per_sample)+1; +- if (AcquireImageColormap(image,colors) == MagickFalse) +- { +- TIFFClose(tiff); +- ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); +- } +- } +- if (units == RESUNIT_INCH) +- image->units=PixelsPerInchResolution; +- if (units == RESUNIT_CENTIMETER) +- image->units=PixelsPerCentimeterResolution; +- value=(unsigned short) image->scene; +- (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages); +- image->scene=value; +- if (image_info->ping != MagickFalse) +- { +- if (image_info->number_scenes != 0) +- if (image->scene >= (image_info->scene+image_info->number_scenes-1)) +- break; +- goto next_tiff_frame; +- } + status=SetImageExtent(image,image->columns,image->rows); + if (status == MagickFalse) + { +@@ -1714,7 +1715,8 @@ + tiff_pixels=(unsigned char *) RelinquishMagickMemory(tiff_pixels); + SetQuantumImageType(image,quantum_type); + next_tiff_frame: +- quantum_info=DestroyQuantumInfo(quantum_info); ++ if (quantum_info != (QuantumInfo *) NULL) ++ quantum_info=DestroyQuantumInfo(quantum_info); + if ((photometric == PHOTOMETRIC_LOGL) || + (photometric == PHOTOMETRIC_MINISBLACK) || + (photometric == PHOTOMETRIC_MINISWHITE)) diff --git a/debian/patches/CVE-2016-10144.patch b/debian/patches/CVE-2016-10144.patch new file mode 100644 index 000000000..afdb50324 --- /dev/null +++ b/debian/patches/CVE-2016-10144.patch @@ -0,0 +1,23 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <[email protected]> +Date: Fri, 27 Jan 2017 17:02:40 +0100 +Subject: CVE-2016-10144 + +Upstream-Commit: 97566cf2806c0a5a86e884c96831a0c3b1ec6c20 +Closes: #851485 +--- + coders/ipl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/ipl.c b/coders/ipl.c +index 70dbeb7..b18dad5 100644 +--- a/coders/ipl.c ++++ b/coders/ipl.c +@@ -543,6 +543,8 @@ static MagickBooleanType WriteIPLImage(const ImageInfo *image_info,Image *image) + + + quantum_info=AcquireQuantumInfo(image_info, image); ++ if (quantum_info == (QuantumInfo *) NULL) ++ ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed"); + if ((quantum_info->format == UndefinedQuantumFormat) && + (IsHighDynamicRangeImage(image,&image->exception) != MagickFalse)) + SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); diff --git a/debian/patches/CVE-2016-10145.patch b/debian/patches/CVE-2016-10145.patch new file mode 100644 index 000000000..2abd02bd8 --- /dev/null +++ b/debian/patches/CVE-2016-10145.patch @@ -0,0 +1,27 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <[email protected]> +Date: Fri, 27 Jan 2017 17:02:40 +0100 +Subject: CVE-2016-10145 + +Upstream-Commit: d23beebe7b1179fb75db1e85fbca3100e49593d9 +Closes: #851483 +--- + coders/wpg.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/coders/wpg.c b/coders/wpg.c +index 851155c..de54cf5 100644 +--- a/coders/wpg.c ++++ b/coders/wpg.c +@@ -769,9 +769,9 @@ static Image *ExtractPostscript(Image *image,const ImageInfo *image_info, + /* printf("Detected:%s \n",magic_info->name); */ + if(exception->severity != UndefinedException) goto FINISH_UNL; + if(magic_info->name == (char *) NULL) goto FINISH_UNL; +- +- (void) strncpy(clone_info->magick,magic_info->name,MaxTextExtent); +- ++ ++ (void) strncpy(clone_info->magick,magic_info->name,MaxTextExtent-1); ++ + /* Read nested image */ + /*FormatString(clone_info->filename,"%s:%s",magic_info->name,postscript_file);*/ + FormatLocaleString(clone_info->filename,MaxTextExtent,"%s",postscript_file); diff --git a/debian/patches/CVE-2016-10146.patch b/debian/patches/CVE-2016-10146.patch new file mode 100644 index 000000000..d50e6dd2e --- /dev/null +++ b/debian/patches/CVE-2016-10146.patch @@ -0,0 +1,23 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <[email protected]> +Date: Fri, 27 Jan 2017 17:02:40 +0100 +Subject: CVE-2016-10146 + +Upstream-Commit: aeff00de228bc5a158c2a975ab47845d8a1db456 +Closes: #851380 +--- + coders/caption.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/caption.c b/coders/caption.c +index cff62c8..4cc9fdb 100644 +--- a/coders/caption.c ++++ b/coders/caption.c +@@ -255,7 +255,7 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info, + (void) FormatLocaleString(geometry,MaxTextExtent,"%+g%+g", + image->columns-(metrics.bounds.x2+draw_info->stroke_width/2.0), + metrics.ascent+draw_info->stroke_width/2.0); +- draw_info->geometry=AcquireString(geometry); ++ (void) CloneString(&draw_info->geometry,geometry); + } + status=AnnotateImage(image,draw_info); + draw_info=DestroyDrawInfo(draw_info); diff --git a/debian/patches/CVE-2016-4563.patch b/debian/patches/CVE-2016-4563.patch index 8aed31cf2..101f97c57 100644 --- a/debian/patches/CVE-2016-4563.patch +++ b/debian/patches/CVE-2016-4563.patch @@ -1,6 +1,16 @@ +From: ImageMagick Packaging Team <[email protected]> +Date: Fri, 27 Jan 2017 14:25:39 +0100 +Subject: CVE-2016-4563 + +--- + magick/draw.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/magick/draw.c b/magick/draw.c +index 6c92824..6ca4c1f 100644 --- a/magick/draw.c +++ b/magick/draw.c -@@ -5979,13 +5979,25 @@ +@@ -5979,13 +5979,25 @@ static PrimitiveInfo *TraceStrokePolygon(const DrawInfo *draw_info, } if (q >= (ssize_t) (max_strokes-6*BezierQuantum-360)) { diff --git a/debian/patches/CVE-2017-5506.patch b/debian/patches/CVE-2017-5506.patch new file mode 100644 index 000000000..a70c5b1f2 --- /dev/null +++ b/debian/patches/CVE-2017-5506.patch @@ -0,0 +1,31 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <[email protected]> +Date: Fri, 27 Jan 2017 17:02:40 +0100 +Subject: CVE-2017-5506 + +Reference: https://github.com/ImageMagick/ImageMagick/issues/354 +Upstream-Commit: 6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb +Closes: #851383 +--- + magick/profile.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/magick/profile.c b/magick/profile.c +index 153750e..87b3452 100644 +--- a/magick/profile.c ++++ b/magick/profile.c +@@ -1599,11 +1599,11 @@ MagickExport MagickBooleanType SyncImageProfiles(Image *image) + /* + The directory entry contains an offset. + */ +- offset=(ssize_t) ((int) ReadProfileLong(endian,q+8)); +- if ((ssize_t) (offset+number_bytes) < offset) +- continue; /* prevent overflow */ +- if ((size_t) (offset+number_bytes) > length) ++ offset=(ssize_t) ReadProfileLong(endian,q+8); ++ if ((offset < 0) || ((size_t) (offset+number_bytes) > length)) + continue; ++ if (~length < number_bytes) ++ continue; /* prevent overflow */ + p=(unsigned char *) (exif+offset); + } + switch (tag_value) diff --git a/debian/patches/CVE-2017-5507.patch b/debian/patches/CVE-2017-5507.patch new file mode 100644 index 000000000..dd93ef530 --- /dev/null +++ b/debian/patches/CVE-2017-5507.patch @@ -0,0 +1,43 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <[email protected]> +Date: Fri, 27 Jan 2017 17:02:40 +0100 +Subject: CVE-2017-5507 + +We can drop the full second hunk of the upstream fix since the resouce +framework is not there and SetImageExtent (besides the pixel cache +handling that we want to skip) only verifies that rows and cols are != 0 +which is done in ReadMPCImage already. + +Upstream-commit: 4493d9ca1124564da17f9b628ef9d0f1a6be9738 +Closes: #851382 +--- + coders/mpc.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git a/coders/mpc.c b/coders/mpc.c +index 6c3207c..443542e 100644 +--- a/coders/mpc.c ++++ b/coders/mpc.c +@@ -825,7 +825,9 @@ static Image *ReadMPCImage(const ImageInfo *image_info,ExceptionInfo *exception) + /* + Create image colormap. + */ +- if (AcquireImageColormap(image,image->colors) == MagickFalse) ++ image->colormap=(PixelPacket *) AcquireQuantumMemory(image->colors+1, ++ sizeof(*image->colormap)); ++ if (image->colormap == (PixelPacket *) NULL) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + if (image->colors != 0) + { +@@ -914,12 +916,6 @@ static Image *ReadMPCImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0)) + if (image->scene >= (image_info->scene+image_info->number_scenes-1)) + break; +- status=SetImageExtent(image,image->columns,image->rows); +- if (status == MagickFalse) +- { +- InheritException(exception,&image->exception); +- return(DestroyImageList(image)); +- } + /* + Attach persistent pixel cache. + */ diff --git a/debian/patches/CVE-2017-5508.patch b/debian/patches/CVE-2017-5508.patch new file mode 100644 index 000000000..ee1660619 --- /dev/null +++ b/debian/patches/CVE-2017-5508.patch @@ -0,0 +1,26 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <[email protected]> +Date: Fri, 27 Jan 2017 17:02:40 +0100 +Subject: CVE-2017-5508 + +Upstream-Commit: 379e21cd32483df6e128147af3bc4ce1f82eb9c4 +Closes: #851381 +--- + coders/tiff.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index ca6d774..8a831ae 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1254,8 +1254,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + method=ReadTileMethod; + quantum_info->endian=LSBEndian; + quantum_type=RGBQuantum; +- tiff_pixels=(unsigned char *) AcquireMagickMemory(TIFFScanlineSize(tiff)+ +- sizeof(uint32)); ++ tiff_pixels=(unsigned char *) AcquireMagickMemory(MagickMax( ++ TIFFScanlineSize(tiff),(size_t) (image->columns*samples_per_pixel* ++ pow(2.0,ceil(log(bits_per_sample)/log(2.0)))))); + if (tiff_pixels == (unsigned char *) NULL) + { + TIFFClose(tiff); diff --git a/debian/patches/CVE-2017-5510.patch b/debian/patches/CVE-2017-5510.patch new file mode 100644 index 000000000..aac0597ed --- /dev/null +++ b/debian/patches/CVE-2017-5510.patch @@ -0,0 +1,23 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <[email protected]> +Date: Fri, 27 Jan 2017 17:02:40 +0100 +Subject: CVE-2017-5510 + +Upstream commit: e87af64b1ff1635a32d9b6162f1b0e260fb54ed9 +Closes: #851376 +--- + coders/psd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/psd.c b/coders/psd.c +index 2001aa8..98725bb 100644 +--- a/coders/psd.c ++++ b/coders/psd.c +@@ -1790,7 +1790,7 @@ static void WriteOneChannel(const PSDInfo *psd_info,const ImageInfo *image_info, + ? MagickTrue : MagickFalse; + packet_size=next_image->depth > 8UL ? 2UL : 1UL; + (void) packet_size; +- quantum_info=AcquireQuantumInfo(image_info,image); ++ quantum_info=AcquireQuantumInfo(image_info,next_image); + pixels=GetQuantumPixels(quantum_info); + for (y=0; y < (ssize_t) next_image->rows; y++) + { diff --git a/debian/patches/CVE-2017-5511.patch b/debian/patches/CVE-2017-5511.patch new file mode 100644 index 000000000..68ec77cda --- /dev/null +++ b/debian/patches/CVE-2017-5511.patch @@ -0,0 +1,22 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <[email protected]> +Date: Fri, 27 Jan 2017 17:02:40 +0100 +Subject: CVE-2017-5511 + +Upstream-Commit: 7d65a814ac76bd04760072c33e452371692ee790 +Closes: #851374 +--- + coders/psd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/coders/psd.c b/coders/psd.c +index 98725bb..4b7d23c 100644 +--- a/coders/psd.c ++++ b/coders/psd.c +@@ -1182,6 +1182,7 @@ static Image *ReadPSDImage(const ImageInfo *image_info,ExceptionInfo *exception) + Layer name. + */ + length=(size_t) ReadBlobByte(image); ++ length=(size_t) (unsigned char) ReadBlobByte(image); + for (j=0; j < (ssize_t) length; j++) + layer_info[i].name[j]=(unsigned char) ReadBlobByte(image); + layer_info[i].name[j]='\0'; diff --git a/debian/patches/series b/debian/patches/series index 3f101a98d..36eea6b42 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,3 @@ -# debian/source/git-patches exported from git by quilt-patches-deb-export-hook 0001-Fix-CVE-2012-3437-ImageMagick-Magick_png_malloc-size.patch 0002-Fix-security-bug-685903-libmagick-5-Fails-an-asserti.patch 0003-Fix-security-bug-685903-libmagick-5-Fails-an-asserti.patch @@ -104,7 +103,6 @@ CVE-2016-4563.patch 0123-Bug-833730-Prevent-buffer-overflow-in-draw.c.patch 0124-Bug-833735-Fix-loading-arbitrary-module-from-user-side.patch 0125-CVE-2016-7799.patch -0127-CVE-2016-8677.patch 0128-CVE-2016-8707.patch 0129-CVE-2016-8862.patch 0130-CVE-2016-9556.patch @@ -120,3 +118,12 @@ CVE-2016-4563.patch 0139-Bug-845244-Added-check-for-invalid-number-of-frames-in-mat-file.patch 0140-Bug-845246-Partial-fix-for-out-of-bound-access-of-mat-file.patch 0141-Bug-845196-Check-return-of-write-function-bis.patch +0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch +CVE-2016-10144.patch +CVE-2016-10145.patch +CVE-2016-10146.patch +CVE-2017-5506.patch +CVE-2017-5507.patch +CVE-2017-5508.patch +CVE-2017-5510.patch +CVE-2017-5511.patch
