Package: manpages-dev
Version: 4.13-3
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Justification: more than 20 security bugs filled in other package
control: clone -1 -2
control: reaffect -2 glibc-doc
Please document the implication of system.3 and
Package: src:pdfsandwich
version: 0.1.6-1
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Hi,
pdfsandwish use totally previsible file name like
/tmp/pdfsandwich_inputfileea1150.pdf[11]
Security team could you open a CVE ?
Upsteam should use for instance
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: graveTags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability
http://www.talosintelligence.com/reports/TALOS-2016-0216/
Fixed by:
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: fixed -1 8:6.9.6.2+dfsg-2
control: forwarded -1
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: notfound -1 8:6.9.6.2+dfsg-2
moreinfo
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: notfound -1 8:6.9.6.2+dfsg-2
Found by code review of changleog
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: found -1 8:6.9.6.2+dfsg-2
API abuse lead to sigv
fixed in
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: found -1 8:6.9.6.2+dfsg-2
Lead to segfault
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: found -1 8:6.9.6.2+dfsg-2
Moreinformation https://github.com/ImageMagick/ImageMagick/issues/301
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: important
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: found -1 8:6.9.6.2+dfsg-2
control: tag -1 fixed-in-experimental
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: important
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
bug: https://github.com/ImageMagick/ImageMagick/issues/129
bug-ubuntu:
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
Avoid a DOS by better checking overflow
Package: src:imagemagick
version: 8:6.9.6.2+dfsg-2
Severity: important
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: found -1 8:6.8.9.9-5+deb8u5
control: tags -1 + fixed-upstream
Package: src:imagemagick
version: 8:6.9.6.2+dfsg-2
Severity: important
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
control: found -1 8:6.8.9.9-5+deb8u5
control: tags -1 + fixed-upstream
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: important
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
commit c668a174e039905b4df1aaea96fcf087b8526575
Author: Cristy
Date: Wed
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: important
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
This will avoid a buffer overflow
Found during git tree review
origin;
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: important
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
Imagemagick write path does not check return of fputc.
Therefore it could return success of conversion
Package: src:imagemagick
version: 8:6.8.9.9-5+deb8u5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5+deb7u7
Found by code review a buffer overflow in imagemagick tiff file handling
Upstream commit
Package: src:imagemagick
version: 8:6.7.7.10-4
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
imagemagick mogrify heap use after free
https://github.com/ImageMagick/ImageMagick/issues/281
Package: src:imagemagick
version: 8:6.7.7.10-4
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
According to upstream changelog a new bug
buffer overflow in SGI coders (bug report from
pwchen of tencent
Author: Cristy
Package: src:imagemagick
version: 8:6.7.7.10-4
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
commit 0c00b5cc2b572c5ad4ecf6582dada1d9991ce0e9
Author: Cristy
Date: Sun Aug 28 09:28:02 2016 -0400
Prevent runtime
Package: src:imagemagick
version: 8:6.7.7.10-4
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
commit 10b3823a7619ed22d42764733eb052c4159bc8c1
Author: Cristy
Date: Tue Aug 23 17:41:17 2016 -0400
Prevent buffer
Package: src:imagemagick
version: 8:6.7.7.10-4
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
According to upstream changelog a new
commit f983dcdf9c178e0cbc49608a78713c5669aa1bb5
Author: Cristy
Date: Wed Aug 24
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Canged the JPEG writer to raise a warning when the exif profile
exceeds 65533 bytes and truncate it.
Avoid out of bound on malformed jpeg file
(cherry
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Prevent possible stack overflow
Prevent stack overflow by checking if string is null
(cherry picked from commit
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
RLE check for pixel offset less than 0
Heap overflow report from Craig Young
(cherry picked from commit
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
commit 68c13e10ab0415f1215f1e869ee851b373a3db70
Author: Cristy
Date: Tue May 17 15:05:03 2016 -0400
Segfault in
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Prevent buffer overflow in draw.c
Thanks to Max Thrane, an insuffisant allocation of bezier buffer
was dectected. Increase
the size of buffer
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Imagemagick version prior of february 2016 does not correctly release memory
There is a resource leak in AcquireVirtualMemory resulting in major
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
lack of validation of pixel.red, pixel.green, and pixel.blue
error in the for statement in the "Compute pixel scaling table" part
of the ReadDCMImage
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
error in the for statement in the "Compute pixel scaling table" part
of the ReadDCMImage function
This is the same fix upstream than CVE-2016-5689
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
control: fixed -1 6.9.4-3
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
CVE-2016-5689 lack of required NULL pointer checks in the DCM parser
___
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Several bugs in the WPG parser could lead to a heap overflow and
random invalid memory writes. These bugs only seem to appear when a
memory limit is set.
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3=26861
___
Secure-testing-team mailing list
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: fixed -1 8:6.7.7.10-5+deb7u7
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick
before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
The DrawImage function in MagickCore/draw.c in ImageMagick before
6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in
attempting to locate the
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Fix an out of bound in psd file
Origin: upstream,
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Fix an out of bound in generic decoder
Origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Fix an out of bound in generic decoder
Origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Fix a wpg file out of bound
Origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
bug:
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Fix handling of psd file
Added check for out of bounds read
(https://github.com/ImageMagick/ImageMagick/issues/109).
[Upstream commit is
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
This is a partial bug fix
Bug: https://github.com/ImageMagick/ImageMagick/issues/107
origin: upstream,
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Bug: https://github.com/ImageMagick/ImageMagick/issues/104
Bug: https://github.com/ImageMagick/ImageMagick/issues/103
Bug-ubuntu:
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Bug: https://github.com/ImageMagick/ImageMagick/issues/104
Bug: https://github.com/ImageMagick/ImageMagick/issues/103
Bug-ubuntu:
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Split of 823750
Fix a outofbound access for psd file
Added extra check to fix
https://github.com/ImageMagick/ImageMagick/issues/93
origin:
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Split of 823750
Fix a heap buffer overflow in psd file handling
Bug: https://github.com/ImageMagick/ImageMagick/issues/92.
Origin:
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Split of 823750
bug: https://github.com/ImageMagick/ImageMagick/issues/90
bug-ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Split of 823750
Avoid a SIGABRT in sun file handling
This is a partial fix for malformed sun file
Bug:
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Split of 823750
Fix a buffer overflow in sun file handling
Bug: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3=26838
Origin: Upstream,
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Split of 823750
Added check for bit depth 1 for PSD file
This is a partial fix of out-of-bounds read in coders/psd.c:797
ReadPSDChannelPixels
It fix psd
Package: imagemagick
Version: 8:6.8.9.9-2
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: tags -1 + fixed-upstream
control: forwarded -1
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3t=26456
Some special crafted jpeg file lead to
Package: libjpeg62-turbo
Version: 1:1.3.1-10
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: affects -1 imagemagick
Special crafted jpeg files lead to stack smashing and lead to at least a dos
(maybe remote due to imagick).
Source file are
Package: gitolite3
control: tags -1 + patch
Ok now the patch please apply
--- Setup.pm.old 2013-07-10 08:17:36.0 +0200
+++ Setup.pm 2013-10-28 22:25:05.976114145 +0100
@@ -165,5 +165,5 @@
repo gitolite-admin
RW+ = %ADMIN
-repo testing
-RW+ = @all
+# repo testing
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: minor
Tags: patch security upsteam fixed-upstream
Forwarded:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3t=23117p=96934#p96934
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
If MAGICK_TMPDIR point to non existant
Package: phpmyadmin
Version: 4:3.3.9.2-1
Severity: important
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
phpmyadmin installed with avahi-daemon broadcast the phpmyadmin adress by
installing a /etc/avahi/services
Please do not do service discovery without admin
55 matches
Mail list logo