Bug#870109: out-of-bounds read with the MNG CLIP chunk.

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1


commit 22e0310345499ffe906c604428f2a3a668942b05
Author: Glenn Randers-Pehrson 
Date:   Mon Jul 10 08:23:01 2017 -0400

Fix potential out-of-bounds read with the MNG CLIP chunk.

Bug#870110: CVE-2017-11538: Memory-Leak in WriteOnePNGImage() coders/png.c #569

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1
forwarded:   https://github.com/ImageMagick/ImageMagick/issues/569

Bug#870108: memory leak in ReadOneJNGImage #550

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1
forwarded:https://github.com/ImageMagick/ImageMagick/issues/550


Version: ImageMagick 7.0.6-1 Q16 x86_64

#./magick identify $FILE

=
==32637==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13488 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d5b9db9 in AcquireImage image.c:169:19
#3 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#4 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#5 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#6 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#7 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#8 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#9 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#10 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#11 0x514f77 in MagickMain magick.c:151:10
#12 0x5149d1 in main magick.c:263:10
#13 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8dc4739f in ReadOneJNGImage png.c:4477:39
#3 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#4 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#5 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#6 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#7 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#8 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#9 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#10 0x514f77 in MagickMain magick.c:151:10
#11 0x5149d1 in main magick.c:263:10
#12 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d5be753 in AcquireImageInfo image.c:347:28
#3 0x7fbe8d5c78c3 in CloneImageInfo image.c:952:14
#4 0x7fbe8d5be688 in SyncImageSettings image.c:4051:21
#5 0x7fbe8d5bbe88 in AcquireImage image.c:290:10
#6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#14 0x514f77 in MagickMain magick.c:151:10
#15 0x5149d1 in main magick.c:263:10
#16 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10
#3 0x7fbe8d3891e4 in AcquirePixelCache cache.c:195:28
#4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
#5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#13 0x514f77 in MagickMain magick.c:151:10
#14 0x5149d1 in main magick.c:263:10
#15 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 512 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10
#3 0x7fbe8d64a44a in AcquirePixelChannelMap pixel.c:101:35
#4 0x7fbe8d5ba77b in AcquireImage image.c:208:22
#5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#13 0x514f77 in MagickMain magick.c:151:10
 

Bug#870106: heap buffer overflow in ReadOneMNGImage

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1
forwarded: https://github.com/ImageMagick/ImageMagick/issues/542

So a crafted file will cause x_off[i] out-of-bound operation vulnerability.

POC: https://github.com/jgj212/poc/blob/master/heap-mng

Bug#870107: memory exhaustion in ReadOneJNGImage in png.c

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1
forwarded: https://github.com/ImageMagick/ImageMagick/issues/549


When identify JNG file that contains chunk data, imagemagick will
allocate memory to store the chunk data in function ReadOneJNGImage

Here is the critical code:

if (length != 0)
  {
chunk=(unsigned char *)
AcquireQuantumMemory(length,sizeof(*chunk));   //length can be
controlled

if (chunk == (unsigned char *) NULL)
  ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");

for (i=0; i < (ssize_t) length; i++)
{
  int
c;

  c=ReadBlobByte(image);
  if (c == EOF)
break;
  chunk[i]=(unsigned char) c;
}

p=chunk;
  }

length can be controlled as follow:

length=ReadBlobMSBLong(image);   //length is from file data
count=(unsigned int) ReadBlob(image,4,(unsigned char *) type);

if (logging != MagickFalse)
  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
"  Reading JNG chunk type %c%c%c%c, length: %.20g",
type[0],type[1],type[2],type[3],(double) length);

if (length > PNG_UINT_31_MAX || count == 0)
  ThrowReaderException(CorruptImageError,"CorruptImage");

So the only limitation is it must smaller than PNG_UINT_31_MAX, it is
still very large.

Also when chunk type is JDAT, it will write chunk data to file as follow:

if (memcmp(type,mng_JDAT,4) == 0)
  {
/* Copy chunk to color_image->blob */

if (logging != MagickFalse)
  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
"Copying JDAT chunk data to color_blob.");

if (length != 0)
  {
(void) WriteBlob(color_image,length,chunk);
//write very large chunk data to file
chunk=(unsigned char *) RelinquishMagickMemory(chunk);
  }

continue;
  }

So a crafted jng file can cause memory exhausted and large I/O.

testcase:
https://github.com/jgj212/poc/blob/master/mem-jng

Credit: ADLab of Venustech

Bug#870105: Lack of validation of png file

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1


Validate png file

Detected corrupted png early and avoid a crash

it is the merge of two upstream patch
aa84944b405acebbeefe871d0f64969b9e9f31ac and
46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3

Bug#870067: CVE-2017-11640

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1
forwarded: https://github.com/ImageMagick/ImageMagick/issues/584

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
in coders/tiff.c.

Bug#870065: CVE-2017-11639

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1
forwarded: https://github.com/ImageMagick/ImageMagick/issues/588

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to a heap-based buffer over-read in the WriteCIPImage() function
in coders/cip.c, related to the GetPixelLuma function in
MagickCore/pixel-accessor.h.

Bug#870021: memory leak in mat coder upstream 617

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/617

Another memory leak in mat coder

Bug#870023: memory leak in mat coder (upstream 624)

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/624

Another memory leak in mat coder

Bug#870022: memory leak in mat coder (upstream 616)

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/616

Another memory leak in mat coder

Bug#870020: assertion failed in DestroyImage due to mat coder

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/610

The mat coder trigger an assertion failure, thus a DOS

Bug#870019: assertion failed in DestroyImageInfo in mat coder

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/598

The mat coder trigger an assertion failure

Bug#870016: retitle

[Bastien ROUCARIES]

contro:: retitle -1 CVE-2017-11644

Bug#870017: memory leak in mat file handler

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/601

In case of corrupted file, cloned image (temporarly image) should be freed

Bug#870015: memory leak in ReadMATImage

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/553

A specail crafted file create a memory leak in MTA file coder

Bug#870016: Memory-Leak in ReadMATImage()

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/587

A specail crafted file create a memory leak in MTA file coder. The
code need to free two buffer
in some exceptionnal circonstance, instead than just one

Bug#870014: assertion failed in DestroyImageInfo

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/547

Bug#870013: Memory leak in mat coder

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14

A memory leak in mat file could be triggerd by a specially crafted file

commit 437a35e57db5ec078f4a3ccbf71f941276e88430
Author: Cristy 
Date:   Sat May 6 13:49:05 2017 -0400

...

Bug#870012: use of uninitialized data in ImageMagick/coders/mat.c

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded:https://github.com/ImageMagick/ImageMagick/issues/362

An issue #131 an out of bounds read involving the mat image format has
been fixed.
After the fixing commits the buffer bImgBuff is large enough to deal
with the PoC file that lead to issue #131.

However, after the fix the coder still accesses uninitialized data
which might pose a security issue or at least a bug. The first
undefined access happens within coders/mat.c:1196 in a call to
calcMinMax(). The back part of the buffer bImgBuff is now large enough
but does seemingly not contain any sensible data.

Bug#869713: done:

[Bastien ROUCARIES]

version: 8:6.9.7.4+dfsg-13


Patch queue contain:
commit 68ec95456c0bf6335579285341493c47f07b32f8
Author: Cristy 
Date:   Thu Jul 6 06:13:54 2017 -0400

wmf file memory leak in CloneDrawInfo

The function CloneDrawInfo in draw.c allows attackers to cause a
denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/544
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869713.
origin: 
https://github.com/ImageMagick/ImageMagick/commit/f37d26336bf13737db45e556c25fc098f8a8b277

(cherry picked from commit f37d26336bf13737db45e556c25fc098f8a8b277)

Bug#869834: CVE-2017-11533: heap buffer overflow in uil coder

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded:https://github.com/ImageMagick/ImageMagick/issues/562

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to a heap-based buffer over-read in the WriteUILImage() function
in coders/uil.c.

Bug#869831: CVE-2017-11536 memory leak in jp2 coder

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded:https://github.com/ImageMagick/ImageMagick/issues/567


When ImageMagick 7.0.6-1 processes a crafted file in convert, it
can lead to a Memory Leak in the WriteJP2Image() function in
coders/jp2.c.

Bug#869830: [imagemagick] lack of validation for jp2 format

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14


Fixed by commit ac23b02ecb741e5de60f5235ea443790c88a0b80
Author: Cristy 
Date:   Sun May 21 11:07:10 2017 -0400

...

commit acee073df34aa4d491bf5cb74d3a15fc80f0a3aa
Author: Cristy 
Date:   Sun May 21 10:54:16 2017 -0400

...

Bug#869827: CVE-2017-11535: heap based overflow in ps.c

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded:https://github.com/ImageMagick/ImageMagick/issues/561


https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4
Imagemagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/bba95cfcc19fa8a261e12692f31279148ad42441


CVE-2017-11535: When ImageMagick 7.0.6-1 processes a crafted file in
convert, it can lead to a heap-based buffer over-read in the
WritePSImage() function in coders/ps.c.

Bug#869796: Fix a leak in mpc file due to corrupted profiles

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/552

This leak is fixed by two commit upstream

Bug#869791: Memory leak for convert logo: logo.mpc

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4

Both commit fix a memory leak. The fix is incomplete without the two commit


commit f5d04fc678f67984a1f8c1008dc8eac8ee7e3629
Author: Cristy 
Date:   Tue Feb 21 18:58:39 2017 -0500

...

commit e5e87c087ed48db886be0ff3aff4041d38218192
Author: Cristy 
Date:   Tue Feb 21 15:25:41 2017 -0500

...

Bug#869769: memory leak in enhance.c

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: 
https://github.com/ImageMagick/ImageMagick/commit/0b13c96bbb4d7ca9b738670524665fa13e5d0dab


Fix a potential memory leak if memory could not be allocated for one
of histogram or stretch_map.
If both cannot be allocated, there is no memory leak. If only one is
allocated and the other fails,
there is a memory leak of the one that could not be allocated. There
is very little chance the allocations would fail, so its low risk.

Bug#869728: Avoid a crash for mpc coder

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded:  
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=31438

Avoid a crash for mpc coder

Bug#869727: Memory exhaustion in mpc coder

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/546

When identify MPC file , imagemagick will allocate memory to store the
data, here is the critical code:
(Mpc.c , in function ReadMPCImage)

 image->colormap=(PixelInfo *) AcquireQuantumMemory(image->colors+1,  //856
  sizeof(*image->colormap));

The “image->colors" can be obtained from local value “options” as
follow, and the options is controlled by image , in other words the
“image->colors" can be read from input file.
image->colors=StringToUnsignedLong(options); //402

The function StringToUnsignedLong convert string to unsigned long
type, but the return value was not checked.
Here is my policy.xml to limit memory usage,but 256MB limit can be bypassed.

Bug#869726: CVE-2017-11532: memory leak in coders/mpc.c.

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/563

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.

Bug#869725: CVE-2017-11531: Memory Leak in coders/histogram.c.

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/566


When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to a Memory Leak in the WriteHISTOGRAMImage() function in
coders/histogram.c.

Bug#867748: Does not affect imagemagick 6 at least some version

[Bastien ROUCARIES]

Hi,

It seems that this bug does not affect unstable/testing/stable.

Could you check for oldstable ?

See upstream comments

Bug#869722: Imagemagick: memory leak in quantize

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/574

This is the second issue fixed by
https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123

Bug#869721: Imagemagick: memory leak in WritePALMImage #574

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/574

This is a double issue. This one if for PALM problem.

Bug#869715: [imagemagick] use after free in ReadWMFImage #555

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/555

When identify WMF file , a crafted file revealed a use-after-free vulnerability.
A piece of memory was allocated in in function wmf_malloc.(api.c)
mem = malloc (size); //482

Free:(api.c, in function wmf_lite_destory )
free (MM->list[MM->count]); //336

Use after free: (wmf.c, in function ReadWMFImage)
if (ddata->draw_info != (DrawInfo *) NULL) //2682
testcase: 
https://github.com/bestshow/p0cs/blob/master/use-after-free-in-ReadWMFImage

Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945

Bug#869713: [imagemagick] memory leak in CloneDrawInfo #544

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/544

The function CloneDrawInfo in draw.c allows attackers to cause a
denial of service (memory leak) via a crafted file.

Bug#869712: CVE-2017-11537: palm fpe

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/560


When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to a Floating Point Exception (FPE) in the WritePALMImage()
function in coders/palm.c, related to an incorrect bits-per-pixel
calculation.

Bug#869711: CVE-2017-11534: wmf memory leak

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/564


When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.

Bug#869210: endless loop in ReadTXTImage

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1  8:6.9.7.4+dfsg-11+deb9u1
control: found -1 8:6.8.9.9-5+deb8u10
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/591

original reported will open a bug

fixed by:
https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078

Bug#869209: [imagemagick] Null-Point reference in WriteOnePNGImage

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1  8:6.9.7.4+dfsg-11+deb9u1
control: found -1 8:6.8.9.9-5+deb8u10
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/586



Original reporter will open a CVE

Bug#796562: lintian: Please identify lack of sanitation compiler/linker flags

[Bastien Roucaries]

Le 20 juillet 2017 08:02:41 GMT+02:00, intrigeri  a écrit 
:
>Control: retitle -1 Please identify lack of UBSAN compiler/linker flags
>
>Jakub Wilk:
>> Relevant thread on oss-security:
>> http://www.openwall.com/lists/oss-security/2016/02/17/9
>
>Right, I was aware of this additional info but failed to update this
>bug report accordingly. Sorry!
>
>tl;dr: "only the UBSAN sanitizer is safe for 'daily use'", as Seth
>(Cc'ed) summed up in
>http://openwall.com/lists/oss-security/2017/07/11/1.
>
>So I'm retitling this bug report to make it about UBSAN only,
>i.e. compiling and linking programs with -fsanitize=undefined.
>Note that by default, UBSAN only displays an error message at runtime
>when a problem is detected, and then resumes execution.

So not safe  Display an error will change  behaviour...

>Seth: are you aware of ways to check if a given binary has UBSAN
>enabled? Or is this something we should add to blhc instead
>of Lintian?
>
>Jakub, does this make sense to you? Do you think this is enough to
>drop the moreinfo tag?
>
>Cheers,

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

Bug#846009: look for FIX_MEs in control and copyright created by npm2deb

[Bastien ROUCARIES]

On Sat, Jul 15, 2017 at 12:02 PM, Chris Lamb  wrote:
> Hi Bastien,
>
>> > Thanks for your review. Whilst I am aware of such algorithms, could you
>> > elaborate on what you mean in concrete terms here?
>>
>> see sub full_text_check function
>
> I see. That way I'm not sure we get the line number though? This is rather a
> nice usability feature IMHO.

No we do not get the line number, but in theory it is possible by
counting the number of \n each time we had a block

>
>
> Best wishes,
>
> --
>   ,''`.
>  : :'  : Chris Lamb, Debian Project Leader
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#846009: look for FIX_MEs in control and copyright created by npm2deb

[Bastien ROUCARIES]

On Fri, Jul 14, 2017 at 9:36 PM, Chris Lamb  wrote:
> Hi Bastien,
>
>> >   
>> > https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=7319953bad3ae5e0e15f778a7ed19dd20241b77c
>>
>> Did you consider to use the sliding windows algo ?
>
> Thanks for your review. Whilst I am aware of such algorithms, could you
> elaborate on what you mean in concrete terms here?

see sub full_text_check function

Instead of reading line per line you could read block by block.

The algortihm assemble the block by pair therefore avoiding boundary problems

Bastien

>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb, Debian Project Leader
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

Bug#846009: look for FIX_MEs in control and copyright created by npm2deb

[Bastien ROUCARIES]

On Tue, Jul 11, 2017 at 11:44 PM, Chris Lamb  wrote:
> tags 846009 + pending
> thanks
>
> Fixed in Git:
>
>   
> https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=7319953bad3ae5e0e15f778a7ed19dd20241b77c

Did you consider to use the sliding windows algo ?

Bastien
>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb, Debian Project Leader
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-
>

Bug#867897: [imagemagick] avoid a memory leak during screenshot

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/556


The last patch prevents a possible memory leak in the event of a
corrupted screenshot.


I do not think it is even an imprtant bug but it is a security one

https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d

Bastien

Bug#867894: [imagemagick] Avoid heap based overflow for jpeg

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/556


https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602

Bug#867893: [imagemagick] clear jpeg memory in order to avoid data leak

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/556


Avoid a data leak

Fixed by

https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11

Bug#867896: [imagemagick] enable heap overflow check for stdin for mpc files

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/556


Enabling seekable streams is required to ensure checking the blob size
works when an image is streamed on stdin. It was an oversight in the
original patch.


Fixed by
https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce

 
https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce

Bug#867826: CPU exhaustion in ReadOneDJVUImage

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/528

Might have a CVE under embargo

Bug#867824: CPU exhaustion in ReadOneJNGImage

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/526

Might have an embargoted CVE

Bastien

Bug#867825: [imagemagick] CPU exhaustion in ReadOneMNGImage

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/527

Might have a CVE under embargado

Bug#867823: memory leak in ReadMATImage in mat.c

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/525

May have an embargoded CVE

Bastien

Bug#867821: memory exhaustion in ReadEPTImage in ept.c

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/524


May have a CVE under embrgo

Bug#867812: [imagemagick] memory exhaustion in ReadDPXImage in dpx.c

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/523

DOS

May have a CVE under embargo

Bug#867811: [imagemagick] memory leak in ReadDIBImage in dib.c

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/522

DOS

May have a CVE under embargo

Bug#867810: [imagemagick] memory exhaustion in ReadCINImage

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/519

memory exhaustion in ReadCINImage

DOS

Carnill can have a CVE under embargo

Bug#867808: [imagemagick] CPU exhaustion in ReadRLEImage

[Bastien ROUCARIES]

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/518


DOS

Fixed by 
https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30

Carnill may have a CVE but under embargo

Bug#867806: [imagemagick] CPU exhaustion in ReadDPXImage

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
X-Debbugs-CC: Salvatore Bonaccorso 
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/509

DOS

Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.

Carnill I suppose they are CVE open but under embargo

Bastien

Bug#867798: assertion failed in WriteBlob

[Bastien ROUCARIES]

Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/506

On version: ImageMagick 7.0.5-10 , a crafted file revealed an
assertion failure in blob.c.

Will report a CVE

Bug#867721: CVE-2017-9501

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/491

An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.

Bug#864653: ITP: node-stream-http -- Streaming http in the browser

[Bastien ROUCARIES]

Package: wnpp
Severity: wishlist
Owner: ro...@debian.org
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-stream-http
  Version : 2.7.1
  Upstream Author : John Hiesey
* URL : https://github.com/jhiesey/stream-http#readme
* License : Expat
  Programming Lang: JavaScript
  Description : Streaming http in browser context

 This module is an implementation of Node's native http module for the
browser. It tries to match  Node's API and behavior as closely as
possible, but some features aren't available, since browsers  don't
give nearly as much control over requests.

This is heavily inspired by, and intended to replace, http-browserify.

 .
 Node.js is an event-based server-side JavaScript engine.

Bug#588537: Patch to test

[Bastien ROUCARIES]

control: tags -1 + moreinfo

Hi

Could you test the following patch ?

Description: Disable descend path in screenshot

If a compositing manager is running the manually pieced together screenshot
taken by using this path might not actually match what's being displayed on
screen.

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: , 
Bug: 
Bug-Debian: http://bugs.debian.org/
Bug-Ubuntu: https://launchpad.net/bugs/
Forwarded: 
Reviewed-By: 
Last-Update: 

Index: imagemagick-6.8.9.9/magick/xwindow.c
===
--- imagemagick-6.8.9.9.orig/magick/xwindow.c
+++ imagemagick-6.8.9.9/magick/xwindow.c
@@ -4992,8 +4992,7 @@ MagickExport Image *XImportImage(const I
 Get image by window id.
   */
   (void) XGrabServer(display);
-  image=XGetWindowImage(display,target,ximage_info->borders,
-ximage_info->descend ? 1U : 0U);
+  image=XGetWindowImage(display,target,ximage_info->borders, 0U);
   (void) XUngrabServer(display);
   if (image == (Image *) NULL)
 ThrowXWindowException(XServerError,"UnableToReadXWindowImage",

Bug#864090: CVE-2017-9409: the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/458

Bug#864087: CVE-2017-9405: the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/457

Bug#864089: CVE-2017-9407: the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/459

Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript

[Bastien ROUCARIES]

On Sat, Jun 3, 2017 at 6:13 PM, Pirate Praveen <prav...@debian.org> wrote:
> On Sat, 27 May 2017 15:34:07 +0200 Bastien ROUCARIES
> <roucaries.bast...@gmail.com> wrote:
>> Moreover test suite fail
>
> Can you push your work to alioth, so others can have a look at the test
> failure as well?
>
> Also if we can mention all copyright notices in debian/copyright, that
> would be sufficient, no need to involve upstream I think.

Done could you check testsuite failure and copyright ?

Bastien
>

Bug#863510: ITP: node-readable-stream -- A stream compatibility library for Node.js and browser

[Bastien ROUCARIES]

Package: wnpp
Severity: wishlist
Owner: ro...@debian.org
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-readable-stream
  Version : 2.2.9
  Upstream Author : FIX_ME upstream author
* URL : https://github.com/nodejs/readable-stream#readme
* License : Expat
  Programming Lang: JavaScript
  Description : A stream compatibility library for Node.js and browser

 This package is a port to browser context of the well know stream API
of Node.js
.
A stream is an abstract interface for working with streaming data in Node.js.
There are many stream objects provided by Node.js. For instance, a request
 to an HTTP server and process.stdout are both stream instances.
 .
 Node.js is an event-based server-side JavaScript engine.

Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript

[Bastien ROUCARIES]

Moreover test suite fail

On Sat, May 27, 2017 at 2:31 PM, Bastien ROUCARIES
<roucaries.bast...@gmail.com> wrote:
> control: forwarded -1
> https://github.com/crypto-browserify/browserify-aes/issues/43
>
> On Sat, May 27, 2017 at 2:23 PM, Bastien ROUCARIES
> <roucaries.bast...@gmail.com> wrote:
>> Hi,
>>
>> On Wed, May 24, 2017 at 5:27 PM, Bastien ROUCARIES
>> <roucaries.bast...@gmail.com> wrote:
>>> On Wed, May 24, 2017 at 8:22 AM, Pirate Praveen <prav...@debian.org> wrote:
>>>> On Thu, 11 May 2017 16:02:36 +0200 Bastien ROUCARIES
>>>> <roucaries.bast...@gmail.com> wrote:
>>>>> * Package name: node-browserify-aes
>>>>
>>>> Are you stuck with this module? Can I take it? Since I'm working almost
>>>> full time on webpack, it would be nice if you file ITP when you actually
>>>> start working on it. Usually it takes an hour for simple modules to be
>>>> packaged and having a whole chain blocked for weeks makes progress slow.
>>>> It is okay for leaf packages that are not blocking.
>>>
>>> I will do this evening if possible
>>
>> They are a few license problem that render undistributable as is.
>> (lack of citation of previous author)
>>
>> Will try to sort it out.
>>
>> Bastien

Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript

[Bastien ROUCARIES]

control: forwarded -1
https://github.com/crypto-browserify/browserify-aes/issues/43

On Sat, May 27, 2017 at 2:23 PM, Bastien ROUCARIES
<roucaries.bast...@gmail.com> wrote:
> Hi,
>
> On Wed, May 24, 2017 at 5:27 PM, Bastien ROUCARIES
> <roucaries.bast...@gmail.com> wrote:
>> On Wed, May 24, 2017 at 8:22 AM, Pirate Praveen <prav...@debian.org> wrote:
>>> On Thu, 11 May 2017 16:02:36 +0200 Bastien ROUCARIES
>>> <roucaries.bast...@gmail.com> wrote:
>>>> * Package name: node-browserify-aes
>>>
>>> Are you stuck with this module? Can I take it? Since I'm working almost
>>> full time on webpack, it would be nice if you file ITP when you actually
>>> start working on it. Usually it takes an hour for simple modules to be
>>> packaged and having a whole chain blocked for weeks makes progress slow.
>>> It is okay for leaf packages that are not blocking.
>>
>> I will do this evening if possible
>
> They are a few license problem that render undistributable as is.
> (lack of citation of previous author)
>
> Will try to sort it out.
>
> Bastien

Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript

[Bastien ROUCARIES]

Hi,

On Wed, May 24, 2017 at 5:27 PM, Bastien ROUCARIES
<roucaries.bast...@gmail.com> wrote:
> On Wed, May 24, 2017 at 8:22 AM, Pirate Praveen <prav...@debian.org> wrote:
>> On Thu, 11 May 2017 16:02:36 +0200 Bastien ROUCARIES
>> <roucaries.bast...@gmail.com> wrote:
>>> * Package name: node-browserify-aes
>>
>> Are you stuck with this module? Can I take it? Since I'm working almost
>> full time on webpack, it would be nice if you file ITP when you actually
>> start working on it. Usually it takes an hour for simple modules to be
>> packaged and having a whole chain blocked for weeks makes progress slow.
>> It is okay for leaf packages that are not blocking.
>
> I will do this evening if possible

They are a few license problem that render undistributable as is.
(lack of citation of previous author)

Will try to sort it out.

Bastien

Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript

[Bastien ROUCARIES]

On Wed, May 24, 2017 at 8:22 AM, Pirate Praveen <prav...@debian.org> wrote:
> On Thu, 11 May 2017 16:02:36 +0200 Bastien ROUCARIES
> <roucaries.bast...@gmail.com> wrote:
>> * Package name: node-browserify-aes
>
> Are you stuck with this module? Can I take it? Since I'm working almost
> full time on webpack, it would be nice if you file ITP when you actually
> start working on it. Usually it takes an hour for simple modules to be
> packaged and having a whole chain blocked for weeks makes progress slow.
> It is okay for leaf packages that are not blocking.

I will do this evening if possible

Bug#863125: A crafted file revealed an assertion failure in blob.c.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/490

Bug#863126: Check for EOF conditions for RLE image format

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4


Waiting for CVE

  origin: 
https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198

Bug#863124: A crafted file revealed an assertion failure in profile.c.

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/489

Bug#863123: Specially crafted arts file could lead to memory leak

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/456

origin: 
https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4
bug: https://github.com/ImageMagick/ImageMagick/issues/456

Bug#863067: imagemagick: should depend on librsvg2-bin

[Bastien ROUCARIES]

Version: 8:6.9.7.4+dfsg-8
On Sun, May 21, 2017 at 10:40 AM, Shanavas M  wrote:
> Package: imagemagick
> V
> Severity: important
>
> Imagemagick fails on svg files if librsvg2-bin is not installed. So 
> imagemagick
> should depend on librsvg2-bin

No you should install limagickcore-extra package

>
>
> -- Package-specific info:
> ImageMagick program version
> ---
> animate:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> compare:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> convert:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> composite:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> conjure:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> display:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> identify:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> import:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> mogrify:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> montage:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
> stream:  ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
>
> -- System Information:
> Debian Release: 9.0
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64
>  (x86_64)
>
> Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages imagemagick depends on:
> ii  imagemagick-6.q16  8:6.9.7.4+dfsg-8
>
> imagemagick recommends no packages.
>
> imagemagick suggests no packages.
>
> -- no debconf information
>

Bug#862967: Will try tomorrow

[Bastien ROUCARIES]

Hi,

I plan to release a stable version tomorrow

Bastien

Bug#862690: Found in unstable/testing/stable

[Bastien ROUCARIES]

control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4

Bug#862653: CVE-2017-8765

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/466

The function named ReadICONImage in coders\icon.c in ImageMagick
7.0.5-5 has a memory leak vulnerability which can cause memory
exhaustion via a crafted ICON file.

Bug#862637: CVE-2017-8830

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/467

he ReadBMPImage function in bmp.c:1379 allows attackers to cause a
denial of service (memory leak) via a crafted file.

Bug#862636: CVE-2017-8357

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/453

 The ReadEPTImage function in ept.c allows attackers to cause a denial
of service (memory leak) via a crafted file.

Bug#862634: CVE-2017-8355

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/450


the ReadMTVImage function in mtv.c allows attackers to cause a denial
of service (memory leak) via a crafted file.

Bug#862635: CVE-2017-8356

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/449


the ReadSUNImage function in sun.c allows attackers to cause a denial
of service (memory leak) via a crafted file.Source

Bug#862633: CVE-2017-8354

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/451

the ReadBMPImage function in bmp.c allows attackers to cause a denial
of service (memory leak) via a crafted file.

Bug#862632: CVE-2017-8353

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/454

ReadPICTImage function in pict.c allows attackers to cause a denial of
service (memory leak) via a crafted file.

Bug#862590: CVE-2017-8352

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/452

  ReadXWDImage function in xwd.c allows attackers to cause a denial of
service (memory leak) via a crafted file.

Bug#862589: CVE-2017-8351

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/448

 he ReadPCDImage function in pcd.c allows attackers to cause a denial
of service (memory leak) via a crafted file.

Bug#862587: CVE-2017-8350

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/447

 the ReadJNGImage function in png.c allows attackers to cause a denial
of service (memory leak) via a crafted file.

Bug#862578: CVE-2017-8348

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/445


ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows
attackers to cause a denial of service (memory leak) via a crafted
file.

Bug#862579: CVE-2017-8349

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/443

The ReadSFWImage function in sfw.c allows attackers to cause a denial
of service (memory leak) via a crafted file.

Bug#862577: CVE-2017-8347

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/441


In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows
attackers to cause a denial of service (memory leak) via a crafted
file.

Bug#862575: CVE-2017-8346

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/440


In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file.

Bug#862572: CVE-2017-8343: he ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.

[Bastien ROUCARIES]

Package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/444


Fixed upstream

Bug#862574: CVE-2017-8344

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/446


In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows
attackers to cause a denial of service (memory leak) via a crafted
file.

Bug#862573: CVE-2017-8345

[Bastien ROUCARIES]

package: src:imagemagick
Version: 8:6.9.7.4+dfsg-6
Severity: important
Tags: security
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.7.7.10-5+deb7u13
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/442

In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak) via a crafted
file.


Fixed upstream

Bug#862440: m4/ax_python.m4 should list recent python3.x versions

[Bastien ROUCARIES]

On Fri, May 12, 2017 at 7:17 PM, Matthias Klose  wrote:
> Packag: src:autoconf-archive
> Version: 20160916-1
> Severity: important
> Tags: sid buster
> User: debian-pyt...@lists.debian.org
> Usertags: python3.6
>
> m4/ax_python.m4 should list recent python3.x versions up to 3.3. Please add
> newer ones as well, maybe up to 3.7 (already used in Python development) or 
> 3.8.
>  The missing python3 versions will make packages fail to build which are
> supporting all Python 3 versions in Debian.
>

Should be fixed before releaser or we could do a point release?

Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript

[Bastien ROUCARIES]

Package: wnpp
Severity: wishlist
Owner: ro...@debian.org
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: node-browserify-aes
  Version : 1.0.6
  Upstream Author :
* URL : https://github.com/crypto-browserify/browserify-aes
* License : Expat
  Programming Lang: JavaScript
  Description : aes cipher in pure javascript

 This package implements the AES cipher in pure javascript.
 .
 The Advanced Encryption Standard (AES), also known by its original
name Rijndael is a specification for the encryption of electronic data
established by the U.S. National Institute of Standards and Technology
(NIST) in 2001.
.
AES is based on a design principle known as a substitution-permutation
network, a combination of both substitution and permutation, and is
fast in both software and hardware
 .
 Node.js is an event-based server-side JavaScript engine.

Bug#861812: ITP: node-evp-bytestokey -- secure key derivation algorithm from openssl

[Bastien ROUCARIES]

Uploaded

On Thu, May 11, 2017 at 8:12 AM, Pirate Praveen <prav...@debian.org> wrote:
> On Thu, 4 May 2017 11:50:59 +0200 Bastien ROUCARIES
> <roucaries.bast...@gmail.com> wrote:
>> * Package name: node-evp-bytestokey
>
> Any difficulty with the package? Its blocking further progress on
> crypto-browserify. If you are busy, I can take it.
>

Bug#860735: CVE-2017-7942: memory leak in avs does not affect old version

[Bastien ROUCARIES]

control: notfound -1,8:6.6.0.4-3
control: notfound -1 8:6.7.7.10-5
control: notfound -1 8:6.8.9.9-5
control: notfound -1 8:6.8.9.9-5+deb8u8
control: notfound -1 8:6.7.7.10-5+deb7u13
>
> Due to code change not affected