-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Jul 2017 17:14:38 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.7.4+dfsg-15 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 870047 870065 870067 870105 870106 870107 870108 870109 870111 870115 870116 870117 870118 870119 870120 Changes: imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high . * Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3", thanks to Adrian Bunk and Gianfranco Costamagna (Closes: #870047). * Security fixes: + CVE-2017-11639 When ImageMagick processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. (Closes: #870065). + CVE-2017-11640 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function (Closes: #870067) + Validate png file. Detect corrupted png early and avoid a crash (Closes: #870105) + Heap buffer overflow in ReadOneMNGImage A crafted file will cause x_off[i] out-of-bound operation vulnerability. (Closes: #870106) + memory exhaustion in ReadOneJNGImage in png.c When identify JNG file that contains chunk data, imagemagick will allocate memory to store the chunk data in function ReadOneJNGImage Due to a lack of valition, memory is not limited for corrupted files. (Closes: #870107) + memory leak in ReadOneJNGImage #550 A crafted file could trigger a memory leak (Closes: #870108) + out-of-bounds read with the MNG CLIP chunk. (Closes: #870109) + coders/png.c: Memory leak Fixed Issue 600 (Closes: #870116) + memory leak in ReadOneJNGImage (upstream 602) Fix a leak triggered by a corrupted file (Closes: #870115) + Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT Some version of libpng need serialization for error recovery of hard lock Could be triggered by a corrupted file (Closes: #870111) + memory leak in ReadOneMNGImage #619 A memory leak vulnerability was found in function ReadOneMNGImage, which allow attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #870117) + memory leak in ReadOneJNGImage #618 Triggered by a corrupted file (Closes: #870118) + bad free in RelinquishMagickMemory (Closes: #870119) + CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage (Closes: #870120) Checksums-Sha1: e4470dc13e08044a41ae849db3ca6fb729a1f43e 5137 imagemagick_6.9.7.4+dfsg-15.dsc 8559e418b654908ef3185d39de794abb2fc78265 248828 imagemagick_6.9.7.4+dfsg-15.debian.tar.xz b2062aa91e3b102960cd268ff286e8f639b1f95e 12823 imagemagick_6.9.7.4+dfsg-15_source.buildinfo Checksums-Sha256: 8ca618e974bafa89ea30fd2da64c3b0e90b18152342ef96d561e9922a0bd3ead 5137 imagemagick_6.9.7.4+dfsg-15.dsc a575c3e343a19e6f5e42cd9a9d56a676dfd2d28c7305b884f18fa73e5d1a5139 248828 imagemagick_6.9.7.4+dfsg-15.debian.tar.xz 0f30cc857cef1b311e4776a03a63308d3c38e863b791b411c6204fbf6d98675c 12823 imagemagick_6.9.7.4+dfsg-15_source.buildinfo Files: 8e27fdd2bbf1babbae525b8ad888ecbd 5137 graphics optional imagemagick_6.9.7.4+dfsg-15.dsc 6f54da3b7e01cef045f5f2158e18ba69 248828 graphics optional imagemagick_6.9.7.4+dfsg-15.debian.tar.xz a8068f184b323efc24f249e550ec4285 12823 graphics optional imagemagick_6.9.7.4+dfsg-15_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAll9EN4ACgkQADoaLapB CF8kEA/+LJzRSxbJtd3eYTZ6rF0LvraLAbNHgtmwAye26v+p7fKcLDtAVY0OOLx7 apTM2T67ex6w0JZg1PQTpdSAKkZlJpX4aW5hWe1FTeYnNm+m47YQoB7biBIN9ZoM D+QGMHctt+UYKHLf/MWYJOozQQH7DZb8k2uQlJkvWDqhNpDHygRb83U6GFF+qwku /yIeEaaSv0EDz4O3oFcc5cdKI0sMxF8NNIv2W3bvM8P4sWlkjnJaWESjhOwf+bPO 1Lqrda2HjhV79wVdv6pFf2f3fOE+4KRWjc1b8/qy9n8H65aZU1dzSdsUWLdMYbOb G/lAbXAO59m8n64WC0PfooVRzUKCu+A+YW8nZbXFZB53fvJ5MpWre7jGHG/Lz9ja S/d7V2oTQKOK/q+fCQiqr7Pl3KMYOUpj0dBAKJ2aRRNo3l7BuSoqLeoIMt4E9EmW nwUZ/QMemem/jktH9JP88Xn/6/sD/IztmSDpMRG6B/+U+/bSbxY7mb7QMiUb8aam 31uVxFmqLJufjxU/xxDjDJrpJKH3QH8iX4CF1OnoSt9Ceyg8BN/a+rzhw/8I4ko6 IMKDEVUwTy1cmPpDIduS/VX+jJR1BVlRSVRe9Jmb3oFo+dGll9y1z4l6cMkH1H8X NELGNEwv64n33N1L9BBzPHf/6QYIov9YiM/USO4gSqTwX2hu75k= =SGwE -----END PGP SIGNATURE-----