Bug#870109: out-of-bounds read with the MNG CLIP chunk.
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 commit 22e0310345499ffe906c604428f2a3a668942b05 Author: Glenn Randers-PehrsonDate: Mon Jul 10 08:23:01 2017 -0400 Fix potential out-of-bounds read with the MNG CLIP chunk.
Bug#870110: CVE-2017-11538: Memory-Leak in WriteOnePNGImage() coders/png.c #569
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 forwarded: https://github.com/ImageMagick/ImageMagick/issues/569
Bug#870108: memory leak in ReadOneJNGImage #550
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 forwarded:https://github.com/ImageMagick/ImageMagick/issues/550 Version: ImageMagick 7.0.6-1 Q16 x86_64 #./magick identify $FILE = ==32637==ERROR: LeakSanitizer: detected memory leaks Direct leak of 13488 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d5b9db9 in AcquireImage image.c:169:19 #3 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #4 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #5 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #6 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #7 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #8 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #9 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #10 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #11 0x514f77 in MagickMain magick.c:151:10 #12 0x5149d1 in main magick.c:263:10 #13 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Direct leak of 13024 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8dc4739f in ReadOneJNGImage png.c:4477:39 #3 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #4 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #5 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #6 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #7 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #8 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #9 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #10 0x514f77 in MagickMain magick.c:151:10 #11 0x5149d1 in main magick.c:263:10 #12 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 13024 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d5be753 in AcquireImageInfo image.c:347:28 #3 0x7fbe8d5c78c3 in CloneImageInfo image.c:952:14 #4 0x7fbe8d5be688 in SyncImageSettings image.c:4051:21 #5 0x7fbe8d5bbe88 in AcquireImage image.c:290:10 #6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #14 0x514f77 in MagickMain magick.c:151:10 #15 0x5149d1 in main magick.c:263:10 #16 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 9096 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10 #3 0x7fbe8d3891e4 in AcquirePixelCache cache.c:195:28 #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16 #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #13 0x514f77 in MagickMain magick.c:151:10 #14 0x5149d1 in main magick.c:263:10 #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 512 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10 #3 0x7fbe8d64a44a in AcquirePixelChannelMap pixel.c:101:35 #4 0x7fbe8d5ba77b in AcquireImage image.c:208:22 #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #13 0x514f77 in MagickMain magick.c:151:10
Bug#870106: heap buffer overflow in ReadOneMNGImage
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 forwarded: https://github.com/ImageMagick/ImageMagick/issues/542 So a crafted file will cause x_off[i] out-of-bound operation vulnerability. POC: https://github.com/jgj212/poc/blob/master/heap-mng
Bug#870107: memory exhaustion in ReadOneJNGImage in png.c
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 forwarded: https://github.com/ImageMagick/ImageMagick/issues/549 When identify JNG file that contains chunk data, imagemagick will allocate memory to store the chunk data in function ReadOneJNGImage Here is the critical code: if (length != 0) { chunk=(unsigned char *) AcquireQuantumMemory(length,sizeof(*chunk)); //length can be controlled if (chunk == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); for (i=0; i < (ssize_t) length; i++) { int c; c=ReadBlobByte(image); if (c == EOF) break; chunk[i]=(unsigned char) c; } p=chunk; } length can be controlled as follow: length=ReadBlobMSBLong(image); //length is from file data count=(unsigned int) ReadBlob(image,4,(unsigned char *) type); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), " Reading JNG chunk type %c%c%c%c, length: %.20g", type[0],type[1],type[2],type[3],(double) length); if (length > PNG_UINT_31_MAX || count == 0) ThrowReaderException(CorruptImageError,"CorruptImage"); So the only limitation is it must smaller than PNG_UINT_31_MAX, it is still very large. Also when chunk type is JDAT, it will write chunk data to file as follow: if (memcmp(type,mng_JDAT,4) == 0) { /* Copy chunk to color_image->blob */ if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "Copying JDAT chunk data to color_blob."); if (length != 0) { (void) WriteBlob(color_image,length,chunk); //write very large chunk data to file chunk=(unsigned char *) RelinquishMagickMemory(chunk); } continue; } So a crafted jng file can cause memory exhausted and large I/O. testcase: https://github.com/jgj212/poc/blob/master/mem-jng Credit: ADLab of Venustech
Bug#870105: Lack of validation of png file
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 Validate png file Detected corrupted png early and avoid a crash it is the merge of two upstream patch aa84944b405acebbeefe871d0f64969b9e9f31ac and 46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
Bug#870067: CVE-2017-11640
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 forwarded: https://github.com/ImageMagick/ImageMagick/issues/584 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
Bug#870065: CVE-2017-11639
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 forwarded: https://github.com/ImageMagick/ImageMagick/issues/588 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.
Bug#870021: memory leak in mat coder upstream 617
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/617 Another memory leak in mat coder
Bug#870023: memory leak in mat coder (upstream 624)
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/624 Another memory leak in mat coder
Bug#870022: memory leak in mat coder (upstream 616)
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/616 Another memory leak in mat coder
Bug#870020: assertion failed in DestroyImage due to mat coder
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/610 The mat coder trigger an assertion failure, thus a DOS
Bug#870019: assertion failed in DestroyImageInfo in mat coder
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/598 The mat coder trigger an assertion failure
Bug#870016: retitle
contro:: retitle -1 CVE-2017-11644
Bug#870017: memory leak in mat file handler
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/601 In case of corrupted file, cloned image (temporarly image) should be freed
Bug#870015: memory leak in ReadMATImage
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/553 A specail crafted file create a memory leak in MTA file coder
Bug#870016: Memory-Leak in ReadMATImage()
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/587 A specail crafted file create a memory leak in MTA file coder. The code need to free two buffer in some exceptionnal circonstance, instead than just one
Bug#870014: assertion failed in DestroyImageInfo
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/547
Bug#870013: Memory leak in mat coder
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 A memory leak in mat file could be triggerd by a specially crafted file commit 437a35e57db5ec078f4a3ccbf71f941276e88430 Author: CristyDate: Sat May 6 13:49:05 2017 -0400 ...
Bug#870012: use of uninitialized data in ImageMagick/coders/mat.c
Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded:https://github.com/ImageMagick/ImageMagick/issues/362 An issue #131 an out of bounds read involving the mat image format has been fixed. After the fixing commits the buffer bImgBuff is large enough to deal with the PoC file that lead to issue #131. However, after the fix the coder still accesses uninitialized data which might pose a security issue or at least a bug. The first undefined access happens within coders/mat.c:1196 in a call to calcMinMax(). The back part of the buffer bImgBuff is now large enough but does seemingly not contain any sensible data.
Bug#869713: done:
version: 8:6.9.7.4+dfsg-13 Patch queue contain: commit 68ec95456c0bf6335579285341493c47f07b32f8 Author: CristyDate: Thu Jul 6 06:13:54 2017 -0400 wmf file memory leak in CloneDrawInfo The function CloneDrawInfo in draw.c allows attackers to cause a denial of service (memory leak) via a crafted file. bug: https://github.com/ImageMagick/ImageMagick/issues/544 bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869713. origin: https://github.com/ImageMagick/ImageMagick/commit/f37d26336bf13737db45e556c25fc098f8a8b277 (cherry picked from commit f37d26336bf13737db45e556c25fc098f8a8b277)
Bug#869834: CVE-2017-11533: heap buffer overflow in uil coder
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded:https://github.com/ImageMagick/ImageMagick/issues/562 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
Bug#869831: CVE-2017-11536 memory leak in jp2 coder
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded:https://github.com/ImageMagick/ImageMagick/issues/567 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.
Bug#869830: [imagemagick] lack of validation for jp2 format
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 Fixed by commit ac23b02ecb741e5de60f5235ea443790c88a0b80 Author: CristyDate: Sun May 21 11:07:10 2017 -0400 ... commit acee073df34aa4d491bf5cb74d3a15fc80f0a3aa Author: Cristy Date: Sun May 21 10:54:16 2017 -0400 ...
Bug#869827: CVE-2017-11535: heap based overflow in ps.c
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded:https://github.com/ImageMagick/ImageMagick/issues/561 https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4 Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/bba95cfcc19fa8a261e12692f31279148ad42441 CVE-2017-11535: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.
Bug#869796: Fix a leak in mpc file due to corrupted profiles
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/552 This leak is fixed by two commit upstream
Bug#869791: Memory leak for convert logo: logo.mpc
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 Both commit fix a memory leak. The fix is incomplete without the two commit commit f5d04fc678f67984a1f8c1008dc8eac8ee7e3629 Author: CristyDate: Tue Feb 21 18:58:39 2017 -0500 ... commit e5e87c087ed48db886be0ff3aff4041d38218192 Author: Cristy Date: Tue Feb 21 15:25:41 2017 -0500 ...
Bug#869769: memory leak in enhance.c
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/commit/0b13c96bbb4d7ca9b738670524665fa13e5d0dab Fix a potential memory leak if memory could not be allocated for one of histogram or stretch_map. If both cannot be allocated, there is no memory leak. If only one is allocated and the other fails, there is a memory leak of the one that could not be allocated. There is very little chance the allocations would fail, so its low risk.
Bug#869728: Avoid a crash for mpc coder
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=31438 Avoid a crash for mpc coder
Bug#869727: Memory exhaustion in mpc coder
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/546 When identify MPC file , imagemagick will allocate memory to store the data, here is the critical code: (Mpc.c , in function ReadMPCImage) image->colormap=(PixelInfo *) AcquireQuantumMemory(image->colors+1, //856 sizeof(*image->colormap)); The “image->colors" can be obtained from local value “options” as follow, and the options is controlled by image , in other words the “image->colors" can be read from input file. image->colors=StringToUnsignedLong(options); //402 The function StringToUnsignedLong convert string to unsigned long type, but the return value was not checked. Here is my policy.xml to limit memory usage,but 256MB limit can be bypassed.
Bug#869726: CVE-2017-11532: memory leak in coders/mpc.c.
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/563 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
Bug#869725: CVE-2017-11531: Memory Leak in coders/histogram.c.
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/566 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.
Bug#867748: Does not affect imagemagick 6 at least some version
Hi, It seems that this bug does not affect unstable/testing/stable. Could you check for oldstable ? See upstream comments
Bug#869722: Imagemagick: memory leak in quantize
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/574 This is the second issue fixed by https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123
Bug#869721: Imagemagick: memory leak in WritePALMImage #574
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/574 This is a double issue. This one if for PALM problem.
Bug#869715: [imagemagick] use after free in ReadWMFImage #555
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/555 When identify WMF file , a crafted file revealed a use-after-free vulnerability. A piece of memory was allocated in in function wmf_malloc.(api.c) mem = malloc (size); //482 Free:(api.c, in function wmf_lite_destory ) free (MM->list[MM->count]); //336 Use after free: (wmf.c, in function ReadWMFImage) if (ddata->draw_info != (DrawInfo *) NULL) //2682 testcase: https://github.com/bestshow/p0cs/blob/master/use-after-free-in-ReadWMFImage Fixed by: https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945
Bug#869713: [imagemagick] memory leak in CloneDrawInfo #544
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/544 The function CloneDrawInfo in draw.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#869712: CVE-2017-11537: palm fpe
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/560 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
Bug#869711: CVE-2017-11534: wmf memory leak
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/564 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
Bug#869210: endless loop in ReadTXTImage
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.9.7.4+dfsg-11+deb9u1 control: found -1 8:6.8.9.9-5+deb8u10 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/591 original reported will open a bug fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
Bug#869209: [imagemagick] Null-Point reference in WriteOnePNGImage
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.9.7.4+dfsg-11+deb9u1 control: found -1 8:6.8.9.9-5+deb8u10 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/586 Original reporter will open a CVE
Bug#796562: lintian: Please identify lack of sanitation compiler/linker flags
Le 20 juillet 2017 08:02:41 GMT+02:00, intrigeria écrit : >Control: retitle -1 Please identify lack of UBSAN compiler/linker flags > >Jakub Wilk: >> Relevant thread on oss-security: >> http://www.openwall.com/lists/oss-security/2016/02/17/9 > >Right, I was aware of this additional info but failed to update this >bug report accordingly. Sorry! > >tl;dr: "only the UBSAN sanitizer is safe for 'daily use'", as Seth >(Cc'ed) summed up in >http://openwall.com/lists/oss-security/2017/07/11/1. > >So I'm retitling this bug report to make it about UBSAN only, >i.e. compiling and linking programs with -fsanitize=undefined. >Note that by default, UBSAN only displays an error message at runtime >when a problem is detected, and then resumes execution. So not safe Display an error will change behaviour... >Seth: are you aware of ways to check if a given binary has UBSAN >enabled? Or is this something we should add to blhc instead >of Lintian? > >Jakub, does this make sense to you? Do you think this is enough to >drop the moreinfo tag? > >Cheers, -- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Bug#846009: look for FIX_MEs in control and copyright created by npm2deb
On Sat, Jul 15, 2017 at 12:02 PM, Chris Lambwrote: > Hi Bastien, > >> > Thanks for your review. Whilst I am aware of such algorithms, could you >> > elaborate on what you mean in concrete terms here? >> >> see sub full_text_check function > > I see. That way I'm not sure we get the line number though? This is rather a > nice usability feature IMHO. No we do not get the line number, but in theory it is possible by counting the number of \n each time we had a block > > > Best wishes, > > -- > ,''`. > : :' : Chris Lamb, Debian Project Leader > `. `'` la...@debian.org / chris-lamb.co.uk >`-
Bug#846009: look for FIX_MEs in control and copyright created by npm2deb
On Fri, Jul 14, 2017 at 9:36 PM, Chris Lambwrote: > Hi Bastien, > >> > >> > https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=7319953bad3ae5e0e15f778a7ed19dd20241b77c >> >> Did you consider to use the sliding windows algo ? > > Thanks for your review. Whilst I am aware of such algorithms, could you > elaborate on what you mean in concrete terms here? see sub full_text_check function Instead of reading line per line you could read block by block. The algortihm assemble the block by pair therefore avoiding boundary problems Bastien > > Regards, > > -- > ,''`. > : :' : Chris Lamb, Debian Project Leader > `. `'` la...@debian.org / chris-lamb.co.uk >`-
Bug#846009: look for FIX_MEs in control and copyright created by npm2deb
On Tue, Jul 11, 2017 at 11:44 PM, Chris Lambwrote: > tags 846009 + pending > thanks > > Fixed in Git: > > > https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=7319953bad3ae5e0e15f778a7ed19dd20241b77c Did you consider to use the sliding windows algo ? Bastien > > > Regards, > > -- > ,''`. > : :' : Chris Lamb, Debian Project Leader > `. `'` la...@debian.org / chris-lamb.co.uk >`- >
Bug#867897: [imagemagick] avoid a memory leak during screenshot
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/556 The last patch prevents a possible memory leak in the event of a corrupted screenshot. I do not think it is even an imprtant bug but it is a security one https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d Bastien
Bug#867894: [imagemagick] Avoid heap based overflow for jpeg
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/556 https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602
Bug#867893: [imagemagick] clear jpeg memory in order to avoid data leak
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/556 Avoid a data leak Fixed by https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11
Bug#867896: [imagemagick] enable heap overflow check for stdin for mpc files
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/556 Enabling seekable streams is required to ensure checking the blob size works when an image is streamed on stdin. It was an oversight in the original patch. Fixed by https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
Bug#867826: CPU exhaustion in ReadOneDJVUImage
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/528 Might have a CVE under embargo
Bug#867824: CPU exhaustion in ReadOneJNGImage
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/526 Might have an embargoted CVE Bastien
Bug#867825: [imagemagick] CPU exhaustion in ReadOneMNGImage
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/527 Might have a CVE under embargado
Bug#867823: memory leak in ReadMATImage in mat.c
Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/525 May have an embargoded CVE Bastien
Bug#867821: memory exhaustion in ReadEPTImage in ept.c
Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/524 May have a CVE under embrgo
Bug#867812: [imagemagick] memory exhaustion in ReadDPXImage in dpx.c
Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/523 DOS May have a CVE under embargo
Bug#867811: [imagemagick] memory leak in ReadDIBImage in dib.c
Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/522 DOS May have a CVE under embargo
Bug#867810: [imagemagick] memory exhaustion in ReadCINImage
Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/519 memory exhaustion in ReadCINImage DOS Carnill can have a CVE under embargo
Bug#867808: [imagemagick] CPU exhaustion in ReadRLEImage
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/518 DOS Fixed by https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 Carnill may have a CVE but under embargo
Bug#867806: [imagemagick] CPU exhaustion in ReadDPXImage
Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/509 DOS Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295. This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small. Carnill I suppose they are CVE open but under embargo Bastien
Bug#867798: assertion failed in WriteBlob
Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/506 On version: ImageMagick 7.0.5-10 , a crafted file revealed an assertion failure in blob.c. Will report a CVE
Bug#867721: CVE-2017-9501
package: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/491 An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
Bug#864653: ITP: node-stream-http -- Streaming http in the browser
Package: wnpp Severity: wishlist Owner: ro...@debian.org X-Debbugs-CC: debian-de...@lists.debian.org * Package name: node-stream-http Version : 2.7.1 Upstream Author : John Hiesey * URL : https://github.com/jhiesey/stream-http#readme * License : Expat Programming Lang: JavaScript Description : Streaming http in browser context This module is an implementation of Node's native http module for the browser. It tries to match Node's API and behavior as closely as possible, but some features aren't available, since browsers don't give nearly as much control over requests. This is heavily inspired by, and intended to replace, http-browserify. . Node.js is an event-based server-side JavaScript engine.
Bug#588537: Patch to test
control: tags -1 + moreinfo Hi Could you test the following patch ? Description: Disable descend path in screenshot If a compositing manager is running the manually pieced together screenshot taken by using this path might not actually match what's being displayed on screen. --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin:, Bug: Bug-Debian: http://bugs.debian.org/ Bug-Ubuntu: https://launchpad.net/bugs/ Forwarded: Reviewed-By: Last-Update: Index: imagemagick-6.8.9.9/magick/xwindow.c === --- imagemagick-6.8.9.9.orig/magick/xwindow.c +++ imagemagick-6.8.9.9/magick/xwindow.c @@ -4992,8 +4992,7 @@ MagickExport Image *XImportImage(const I Get image by window id. */ (void) XGrabServer(display); - image=XGetWindowImage(display,target,ximage_info->borders, -ximage_info->descend ? 1U : 0U); + image=XGetWindowImage(display,target,ximage_info->borders, 0U); (void) XUngrabServer(display); if (image == (Image *) NULL) ThrowXWindowException(XServerError,"UnableToReadXWindowImage",
Bug#864090: CVE-2017-9409: the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/458
Bug#864087: CVE-2017-9405: the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/457
Bug#864089: CVE-2017-9407: the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/459
Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript
On Sat, Jun 3, 2017 at 6:13 PM, Pirate Praveen <prav...@debian.org> wrote: > On Sat, 27 May 2017 15:34:07 +0200 Bastien ROUCARIES > <roucaries.bast...@gmail.com> wrote: >> Moreover test suite fail > > Can you push your work to alioth, so others can have a look at the test > failure as well? > > Also if we can mention all copyright notices in debian/copyright, that > would be sufficient, no need to involve upstream I think. Done could you check testsuite failure and copyright ? Bastien >
Bug#863510: ITP: node-readable-stream -- A stream compatibility library for Node.js and browser
Package: wnpp Severity: wishlist Owner: ro...@debian.org X-Debbugs-CC: debian-de...@lists.debian.org * Package name: node-readable-stream Version : 2.2.9 Upstream Author : FIX_ME upstream author * URL : https://github.com/nodejs/readable-stream#readme * License : Expat Programming Lang: JavaScript Description : A stream compatibility library for Node.js and browser This package is a port to browser context of the well know stream API of Node.js . A stream is an abstract interface for working with streaming data in Node.js. There are many stream objects provided by Node.js. For instance, a request to an HTTP server and process.stdout are both stream instances. . Node.js is an event-based server-side JavaScript engine.
Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript
Moreover test suite fail On Sat, May 27, 2017 at 2:31 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > control: forwarded -1 > https://github.com/crypto-browserify/browserify-aes/issues/43 > > On Sat, May 27, 2017 at 2:23 PM, Bastien ROUCARIES > <roucaries.bast...@gmail.com> wrote: >> Hi, >> >> On Wed, May 24, 2017 at 5:27 PM, Bastien ROUCARIES >> <roucaries.bast...@gmail.com> wrote: >>> On Wed, May 24, 2017 at 8:22 AM, Pirate Praveen <prav...@debian.org> wrote: >>>> On Thu, 11 May 2017 16:02:36 +0200 Bastien ROUCARIES >>>> <roucaries.bast...@gmail.com> wrote: >>>>> * Package name: node-browserify-aes >>>> >>>> Are you stuck with this module? Can I take it? Since I'm working almost >>>> full time on webpack, it would be nice if you file ITP when you actually >>>> start working on it. Usually it takes an hour for simple modules to be >>>> packaged and having a whole chain blocked for weeks makes progress slow. >>>> It is okay for leaf packages that are not blocking. >>> >>> I will do this evening if possible >> >> They are a few license problem that render undistributable as is. >> (lack of citation of previous author) >> >> Will try to sort it out. >> >> Bastien
Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript
control: forwarded -1 https://github.com/crypto-browserify/browserify-aes/issues/43 On Sat, May 27, 2017 at 2:23 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > Hi, > > On Wed, May 24, 2017 at 5:27 PM, Bastien ROUCARIES > <roucaries.bast...@gmail.com> wrote: >> On Wed, May 24, 2017 at 8:22 AM, Pirate Praveen <prav...@debian.org> wrote: >>> On Thu, 11 May 2017 16:02:36 +0200 Bastien ROUCARIES >>> <roucaries.bast...@gmail.com> wrote: >>>> * Package name: node-browserify-aes >>> >>> Are you stuck with this module? Can I take it? Since I'm working almost >>> full time on webpack, it would be nice if you file ITP when you actually >>> start working on it. Usually it takes an hour for simple modules to be >>> packaged and having a whole chain blocked for weeks makes progress slow. >>> It is okay for leaf packages that are not blocking. >> >> I will do this evening if possible > > They are a few license problem that render undistributable as is. > (lack of citation of previous author) > > Will try to sort it out. > > Bastien
Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript
Hi, On Wed, May 24, 2017 at 5:27 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > On Wed, May 24, 2017 at 8:22 AM, Pirate Praveen <prav...@debian.org> wrote: >> On Thu, 11 May 2017 16:02:36 +0200 Bastien ROUCARIES >> <roucaries.bast...@gmail.com> wrote: >>> * Package name: node-browserify-aes >> >> Are you stuck with this module? Can I take it? Since I'm working almost >> full time on webpack, it would be nice if you file ITP when you actually >> start working on it. Usually it takes an hour for simple modules to be >> packaged and having a whole chain blocked for weeks makes progress slow. >> It is okay for leaf packages that are not blocking. > > I will do this evening if possible They are a few license problem that render undistributable as is. (lack of citation of previous author) Will try to sort it out. Bastien
Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript
On Wed, May 24, 2017 at 8:22 AM, Pirate Praveen <prav...@debian.org> wrote: > On Thu, 11 May 2017 16:02:36 +0200 Bastien ROUCARIES > <roucaries.bast...@gmail.com> wrote: >> * Package name: node-browserify-aes > > Are you stuck with this module? Can I take it? Since I'm working almost > full time on webpack, it would be nice if you file ITP when you actually > start working on it. Usually it takes an hour for simple modules to be > packaged and having a whole chain blocked for weeks makes progress slow. > It is okay for leaf packages that are not blocking. I will do this evening if possible
Bug#863125: A crafted file revealed an assertion failure in blob.c.
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/490
Bug#863126: Check for EOF conditions for RLE image format
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 Waiting for CVE origin: https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198
Bug#863124: A crafted file revealed an assertion failure in profile.c.
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/489
Bug#863123: Specially crafted arts file could lead to memory leak
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/456 origin: https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4 bug: https://github.com/ImageMagick/ImageMagick/issues/456
Bug#863067: imagemagick: should depend on librsvg2-bin
Version: 8:6.9.7.4+dfsg-8 On Sun, May 21, 2017 at 10:40 AM, Shanavas Mwrote: > Package: imagemagick > V > Severity: important > > Imagemagick fails on svg files if librsvg2-bin is not installed. So > imagemagick > should depend on librsvg2-bin No you should install limagickcore-extra package > > > -- Package-specific info: > ImageMagick program version > --- > animate: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > compare: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > convert: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > composite: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > conjure: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > display: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > identify: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > import: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > mogrify: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > montage: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > stream: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org > > -- System Information: > Debian Release: 9.0 > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 > (x86_64) > > Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages imagemagick depends on: > ii imagemagick-6.q16 8:6.9.7.4+dfsg-8 > > imagemagick recommends no packages. > > imagemagick suggests no packages. > > -- no debconf information >
Bug#862967: Will try tomorrow
Hi, I plan to release a stable version tomorrow Bastien
Bug#862690: Found in unstable/testing/stable
control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4
Bug#862653: CVE-2017-8765
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/466 The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.
Bug#862637: CVE-2017-8830
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/467 he ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862636: CVE-2017-8357
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/453 The ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862634: CVE-2017-8355
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/450 the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862635: CVE-2017-8356
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/449 the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.Source
Bug#862633: CVE-2017-8354
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/451 the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862632: CVE-2017-8353
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/454 ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862590: CVE-2017-8352
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/452 ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862589: CVE-2017-8351
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/448 he ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862587: CVE-2017-8350
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/447 the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862578: CVE-2017-8348
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/445 ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862579: CVE-2017-8349
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/443 The ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862577: CVE-2017-8347
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/441 In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862575: CVE-2017-8346
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/440 In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862572: CVE-2017-8343: he ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/444 Fixed upstream
Bug#862574: CVE-2017-8344
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/446 In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Bug#862573: CVE-2017-8345
package: src:imagemagick Version: 8:6.9.7.4+dfsg-6 Severity: important Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/442 In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Fixed upstream
Bug#862440: m4/ax_python.m4 should list recent python3.x versions
On Fri, May 12, 2017 at 7:17 PM, Matthias Klosewrote: > Packag: src:autoconf-archive > Version: 20160916-1 > Severity: important > Tags: sid buster > User: debian-pyt...@lists.debian.org > Usertags: python3.6 > > m4/ax_python.m4 should list recent python3.x versions up to 3.3. Please add > newer ones as well, maybe up to 3.7 (already used in Python development) or > 3.8. > The missing python3 versions will make packages fail to build which are > supporting all Python 3 versions in Debian. > Should be fixed before releaser or we could do a point release?
Bug#862339: ITP: node-browserify-aes -- aes cipher in pure javascript
Package: wnpp Severity: wishlist Owner: ro...@debian.org X-Debbugs-CC: debian-de...@lists.debian.org * Package name: node-browserify-aes Version : 1.0.6 Upstream Author : * URL : https://github.com/crypto-browserify/browserify-aes * License : Expat Programming Lang: JavaScript Description : aes cipher in pure javascript This package implements the AES cipher in pure javascript. . The Advanced Encryption Standard (AES), also known by its original name Rijndael is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. . AES is based on a design principle known as a substitution-permutation network, a combination of both substitution and permutation, and is fast in both software and hardware . Node.js is an event-based server-side JavaScript engine.
Bug#861812: ITP: node-evp-bytestokey -- secure key derivation algorithm from openssl
Uploaded On Thu, May 11, 2017 at 8:12 AM, Pirate Praveen <prav...@debian.org> wrote: > On Thu, 4 May 2017 11:50:59 +0200 Bastien ROUCARIES > <roucaries.bast...@gmail.com> wrote: >> * Package name: node-evp-bytestokey > > Any difficulty with the package? Its blocking further progress on > crypto-browserify. If you are busy, I can take it. >
Bug#860735: CVE-2017-7942: memory leak in avs does not affect old version
control: notfound -1,8:6.6.0.4-3 control: notfound -1 8:6.7.7.10-5 control: notfound -1 8:6.8.9.9-5 control: notfound -1 8:6.8.9.9-5+deb8u8 control: notfound -1 8:6.7.7.10-5+deb7u13 > > Due to code change not affected