[Secure-testing-team] Bug#882222: Document security problems with system.3 and popen.3 (argument injection)

Package: manpages-dev Version: 4.13-3 Severity: grave Tags: security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Justification: more than 20 security bugs filled in other package control: clone -1 -2 control: reaffect -2 glibc-doc Please document the implication of system.3 and

[Secure-testing-team] Bug#855142: tmpfile are not random

Package: src:pdfsandwich version: 0.1.6-1 Severity: grave Tags: security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Hi, pdfsandwish use totally previsible file name like /tmp/pdfsandwich_inputfileea1150.pdf[11] Security team could you open a CVE ? Upsteam should use for instance

[Secure-testing-team] Bug#848139: CVE-2016-8707 ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: graveTags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability http://www.talosintelligence.com/reports/TALOS-2016-0216/ Fixed by:

[Secure-testing-team] Bug#845634: CVE-2016-8862: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: fixed -1 8:6.9.6.2+dfsg-2 control: forwarded -1

[Secure-testing-team] Bug#845246: mat file out of bound

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: notfound -1 8:6.9.6.2+dfsg-2 moreinfo

[Secure-testing-team] Bug#845244: Add check for invalid mat file

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: notfound -1 8:6.9.6.2+dfsg-2 Found by code review of changleog

[Secure-testing-team] Bug#845243: null pointer passed as argument 2, which is declared to never be null

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 API abuse lead to sigv fixed in

[Secure-testing-team] Bug#845241: Prevent fault in MSL interpreter

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 Lead to segfault

[Secure-testing-team] Bug#845242: Heap buffer overflow in heap-buffer-overflow in IsPixelGray

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 Moreinformation https://github.com/ImageMagick/ImageMagick/issues/301

[Secure-testing-team] Bug#845239: Fixed memory leak in psd file handling

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 control: tag -1 fixed-in-experimental

[Secure-testing-team] Bug#845212: Fix out of bound read in viff file handling

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 bug: https://github.com/ImageMagick/ImageMagick/issues/129 bug-ubuntu:

[Secure-testing-team] Bug#845213: Suspend exception processing if there are too many exceptions

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 Avoid a DOS by better checking overflow

[Secure-testing-team] Bug#845206: CVE-2016-8677: memory allocate failure in AcquireQuantumPixels

Package: src:imagemagick version: 8:6.9.6.2+dfsg-2 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.8.9.9-5+deb8u5 control: tags -1 + fixed-upstream

[Secure-testing-team] Bug#845204: CVE-2016-8678: heap-based buffer overflow in IsPixelMonochrome

Package: src:imagemagick version: 8:6.9.6.2+dfsg-2 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.8.9.9-5+deb8u5 control: tags -1 + fixed-upstream

[Secure-testing-team] Bug#845202: Better check for bufferoverflow for TIFF handling

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 commit c668a174e039905b4df1aaea96fcf087b8526575 Author: Cristy Date: Wed

[Secure-testing-team] Bug#845198: Check validity of extend during TIFF file reading

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 This will avoid a buffer overflow Found during git tree review origin;

[Secure-testing-team] Bug#845196: Check return of write function

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 Imagemagick write path does not check return of fputc. Therefore it could return success of conversion

[Secure-testing-team] Bug#845195: Imagemagick (jessie and older) buffer overlfow

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 Found by code review a buffer overflow in imagemagick tiff file handling Upstream commit

[Secure-testing-team] Bug#840435: CVE-2016-7906

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org imagemagick mogrify heap use after free https://github.com/ImageMagick/ImageMagick/issues/281

[Secure-testing-team] Bug#836776: SGI security bug

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org According to upstream changelog a new bug buffer overflow in SGI coders (bug report from pwchen of tencent Author: Cristy

[Secure-testing-team] Bug#836174: Prevent runtime error: divide by zero

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org commit 0c00b5cc2b572c5ad4ecf6582dada1d9991ce0e9 Author: Cristy Date: Sun Aug 28 09:28:02 2016 -0400 Prevent runtime

[Secure-testing-team] Bug#836172: Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders (bug report from Donghai Zhu)

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org commit 10b3823a7619ed22d42764733eb052c4159bc8c1 Author: Cristy Date: Tue Aug 23 17:41:17 2016 -0400 Prevent buffer

[Secure-testing-team] Bug#836171: TIFF divide by zero

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org According to upstream changelog a new commit f983dcdf9c178e0cbc49608a78713c5669aa1bb5 Author: Cristy Date: Wed Aug 24

[Secure-testing-team] Bug#834501: Outofbound in exif (jpeg) reader

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Canged the JPEG writer to raise a warning when the exif profile exceeds 65533 bytes and truncate it. Avoid out of bound on malformed jpeg file (cherry

[Secure-testing-team] Bug#833812: Prevent possible stack overflow

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Prevent possible stack overflow Prevent stack overflow by checking if string is null (cherry picked from commit

[Secure-testing-team] Bug#833744: RLE check for pixel offset less than 0

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org RLE check for pixel offset less than 0 Heap overflow report from Craig Young (cherry picked from commit

[Secure-testing-team] Bug#833743: Segfault in ReadRLEImage

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org commit 68c13e10ab0415f1215f1e869ee851b373a3db70 Author: Cristy Date: Tue May 17 15:05:03 2016 -0400 Segfault in

[Secure-testing-team] Bug#833730: Buffer overflow in draw.c

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Prevent buffer overflow in draw.c Thanks to Max Thrane, an insuffisant allocation of bezier buffer was dectected. Increase the size of buffer

[Secure-testing-team] Bug#833101: DOS by not releasing memory

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Imagemagick version prior of february 2016 does not correctly release memory There is a resource leak in AcquireVirtualMemory resulting in major

[Secure-testing-team] Bug#833044: CVE-2016-5691 DCM file bug lack of validation of pixel.red, pixel.green, and pixel.blue

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org lack of validation of pixel.red, pixel.green, and pixel.blue error in the for statement in the "Compute pixel scaling table" part of the ReadDCMImage

[Secure-testing-team] Bug#833043: CVE-2016-5690

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org error in the for statement in the "Compute pixel scaling table" part of the ReadDCMImage function This is the same fix upstream than CVE-2016-5689

[Secure-testing-team] Bug#833042: CVE-2016-5689 lack of required NULL pointer checks in the DCM parser

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security control: fixed -1 6.9.4-3 X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org CVE-2016-5689 lack of required NULL pointer checks in the DCM parser ___

[Secure-testing-team] Bug#833003: CVE-2016-5688 WPG file issue

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Several bugs in the WPG parser could lead to a heap overflow and random invalid memory writes. These bugs only seem to appear when a memory limit is set.

[Secure-testing-team] Bug#832944: Avoid a DOS for DDS file

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org http://www.imagemagick.org/discourse-server/viewtopic.php?f=3=26861 ___ Secure-testing-team mailing list

[Secure-testing-team] Bug#832887: CVE-2016-4563 The TraceStrokePolygon function in MagickCore/draw.c

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: fixed -1 8:6.7.7.10-5+deb7u7 The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the

[Secure-testing-team] Bug#832888: CVE-2016-4564

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the

[Secure-testing-team] Bug#832787: Fix an out of bound in psd file

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Fix an out of bound in psd file Origin: upstream,

[Secure-testing-team] Bug#832785: Fix an out of bound in generic decoder

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Fix an out of bound in generic decoder Origin: upstream, https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd

[Secure-testing-team] Bug#832783: Fix an out of bound in generic decoder

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Fix an out of bound in generic decoder Origin: upstream, https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd

[Secure-testing-team] Bug#832780: Fix a wpg file out of bound

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Fix a wpg file out of bound Origin: upstream, https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a bug:

[Secure-testing-team] Bug#832776: Fix handling of psd file

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Fix handling of psd file Added check for out of bounds read (https://github.com/ImageMagick/ImageMagick/issues/109). [Upstream commit is

[Secure-testing-team] Bug#832633: Fix a pbd file out of bound access

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org This is a partial bug fix Bug: https://github.com/ImageMagick/ImageMagick/issues/107 origin: upstream,

[Secure-testing-team] Bug#832505: xcf out of bound acess

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Bug: https://github.com/ImageMagick/ImageMagick/issues/104 Bug: https://github.com/ImageMagick/ImageMagick/issues/103 Bug-ubuntu:

[Secure-testing-team] Bug#832504: Fix an out of bound in xcf file handling

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Bug: https://github.com/ImageMagick/ImageMagick/issues/104 Bug: https://github.com/ImageMagick/ImageMagick/issues/103 Bug-ubuntu:

[Secure-testing-team] Bug#832475: Fix a outofbound access for psd file

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Split of 823750 Fix a outofbound access for psd file Added extra check to fix https://github.com/ImageMagick/ImageMagick/issues/93 origin:

[Secure-testing-team] Bug#832474: Fix a heap buffer overflow in psd file handling

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Split of 823750 Fix a heap buffer overflow in psd file handling Bug: https://github.com/ImageMagick/ImageMagick/issues/92. Origin:

[Secure-testing-team] Bug#832469: HDR file overflow

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Split of 823750 bug: https://github.com/ImageMagick/ImageMagick/issues/90 bug-ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213

[Secure-testing-team] Bug#832465: SUN file ABRT signal

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Split of 823750 Avoid a SIGABRT in sun file handling This is a partial fix for malformed sun file Bug:

[Secure-testing-team] Bug#832464: SUN file handling

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Split of 823750 Fix a buffer overflow in sun file handling Bug: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3=26838 Origin: Upstream,

[Secure-testing-team] Bug#832457: Out-of-bounds read in coders/psd.c:797 ReadPSDChannelPixels

Package: imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org Split of 823750 Added check for bit depth 1 for PSD file This is a partial fix of out-of-bounds read in coders/psd.c:797 ReadPSDChannelPixels It fix psd

[Secure-testing-team] Bug#768494: [imagemagick] Some special crafted jpeg file could lead to DOS

Package: imagemagick Version: 8:6.8.9.9-2 Severity: normal Tags: security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: tags -1 + fixed-upstream control: forwarded -1 http://www.imagemagick.org/discourse-server/viewtopic.php?f=3t=26456 Some special crafted jpeg file lead to

[Secure-testing-team] Bug#768369: [libjpeg62-turbo] [DOS] Stack smashing

Package: libjpeg62-turbo Version: 1:1.3.1-10 Severity: serious Tags: security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org control: affects -1 imagemagick Special crafted jpeg files lead to stack smashing and lead to at least a dos (maybe remote due to imagick). Source file are

[Secure-testing-team] [gitolite3] Patch

Package: gitolite3 control: tags -1 + patch Ok now the patch please apply --- Setup.pm.old 2013-07-10 08:17:36.0 +0200 +++ Setup.pm 2013-10-28 22:25:05.976114145 +0100 @@ -165,5 +165,5 @@ repo gitolite-admin RW+ = %ADMIN -repo testing -RW+ = @all +# repo testing

[Secure-testing-team] Bug#704901: [imagemagick] Null deference during creation of tempory file

Package: imagemagick Version: 8:6.7.7.10-5 Severity: minor Tags: patch security upsteam fixed-upstream Forwarded: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3t=23117p=96934#p96934 X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org If MAGICK_TMPDIR point to non existant

[Secure-testing-team] Bug#616310: [phpmyadmin] Please do not broadcast the existance of phpadmin with avahi

Package: phpmyadmin Version: 4:3.3.9.2-1 Severity: important Tags: security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org phpmyadmin installed with avahi-daemon broadcast the phpmyadmin adress by installing a /etc/avahi/services Please do not do service discovery without admin