[ubuntu/cosmic-proposed] imagemagick 8:6.9.10.2+dfsg-3ubuntu2 (Accepted)

Corey Bryant corey.bryant at canonical.com
Thu Jul 19 17:57:15 UTC 2018


imagemagick (8:6.9.10.2+dfsg-3ubuntu2) cosmic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
      but is not in main.
    - demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
      Recommends on libjxr-tools to Suggests, as it is in universe.
    - SECURITY UPDATE: memory leak in XMagickCommand
      - debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c.
      - CVE-2018-13153
    - SECURITY UPDATE: Multiple security issues
      - debian/patches/CVE-201[78]*.patch: backport large number of upstream
        security patches. (Note: All patches except CVE-2017-15033 have landed
        upstream in 6.9.10.2).
      - CVE-2017-15033

imagemagick (8:6.9.10.2+dfsg-3) unstable; urgency=high

  * Fix perlmagick (Closes: #903404)

imagemagick (8:6.9.10.2+dfsg-2) unstable; urgency=medium

  * Upload to unstable

imagemagick (8:6.9.10.2+dfsg-1) experimental; urgency=medium

  * Bug fix: "FTBFS on i386: testsuite failure in Magick++/tests/tests.tap
    2", thanks to Sven Joachim (Closes: #893953).
  * Bug fix: "drop libtool-bin from Build-Depends", thanks to Helmut
    Grohne (Closes: #893925).
  * Move to git dpm
  * Move to salsa
  * SO dump
  * Fix security bugs:
    + CVE-2018-9133: Excessive iteration in the DecodeLabImage
      and EncodeLabImage functions (coders/tiff.c), which results
      in a hang (tens of minutes) with a tiny PoC file.
      Remote attackers could leverage this vulnerability
      to cause a denial of service via a crafted tiff file.
      (Closes: #894848)
    + CVE-2018-9133: SetGrayscaleImage in the quantize.c file
      allows attackers to cause a heap-based buffer over-read
      via a crafted file.
    + CVE-2018-11624: the ReadMATImage function in coders/mat.c
      allows attackers to cause a use after free via a crafted file.
    + CVE-2018-11625: the SetGrayscaleImage in the quantize.c
      file allows attackers to cause a heap-based buffer over-read
      via a crafted file.
    + CVE-2018-10177: An infinite loop is present in the
      ReadOneMNGImage function of the coders/png.c file.
      Remote attackers could leverage this vulnerability
      to cause a denial of service via a crafted mng file.
    + CVE-2017-14528: Tested (with and without valgrind) and found immune.
      The TIFFSetProfiles function in coders/tiff.c has incorrect
      expectations about whether LibTIFF TIFFGetField return values
      imply that data validation has occurred, which allows remote attackers
      to cause a denial of service (use-after-free after an invalid call
      to TIFFSetField, and application crash) via a crafted file.
    + CVE-2018-11624: heap-based buffer over-read in IsWEBPImageLossless
      in coders/webp.c.
    + CVE-2018-10805: a memory leak in ReadYCBCRImage in coders/ycbcr.c.
      (Closes: #898218).
    + CVE-2018-10804: a memory leak in WriteTIFFImage in coders/tiff.c.
      (Closes: #898217)
    + CVE-2018-12599: the ReadBMPImage and WriteBMPImage functions
      in coders/bmp.c allow attackers to cause an out of bounds write
      via a crafted file.
    + CVE-2018-12600: the ReadDIBImage and WriteDIBImage in coders/dib.c
      allow attackers to cause an out of bounds write via a crafted file.

imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium

  * Fix security bugs (Closes: #890805):
    + Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c
      does not properly validate the amount of image data in a file,
      which allows remote attackers to cause a denial of service
      (memory allocation failure in the AcquireMagickMemory function
      in MagickCore/memory.c). (Closes: #891291)
    + Fix CVE-2018-7470: The IsWEBPImageLossless function in
      coders/webp.c allows attackers to cause a denial of service
      (segmentation violation) via a crafted file.(Closes: #891420)
    + Fix CVE-2017-17880:  there is a stack-based buffer over-read in
      WriteWEBPImage in coders/webp.c, related to a
      WEBP_DECODER_ABI_VERSION check.
  * Provide transitional packages from arch:any packages.
    (Closes: #893030)

imagemagick (8:6.9.9.34+dfsg-3) unstable; urgency=high

  * Upload to unstable (urgency high due to security issues).

imagemagick (8:6.9.9.34+dfsg-2) experimental; urgency=high

  * Fix FTBFS for s390x where float_t is double

imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high

  * New upstream version
  * Packaging fix:
    + Fix privacy breach.
    + Bump compat level to 11.
    + Bump policy no changes
    + Fix lintian warnings
    + Fix "unnecessary libgraphviz-dev dependency (and graphviz
      suggests?)", thanks to Matthias Klose (Closes: #884444).
    + Remove Vincent Fourmond <fourmond at debian.org> as uploader, thanks
      to him. (Closes: #878679).
    + Aknowledge NMU (Closes: #856601)
  * Fix a few security issues
    + Fix CVE-2017-1000445: NULL pointer dereference in
      the MagickCore component and might lead to denial of service.
      (Closes: #886281)
    + Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
      the function ReadDDSInfo in coders/dds.c, which allows attackers
      to cause a denial of service.
    + Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
      has an integer signedness error leading to excessive memory
      consumption via a crafted DCM file.
      (Closes: #873059)
    + Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
      the function ReadPDBImage in coders/pdb.c, which allows attackers
      to cause a denial of service
      (Closes: #872609)
    + Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
      allows remote attackers to cause a denial of service
      (memory consumption) via a crafted file.
      (Closes: #875338)
    + Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
      in ImageMagick allows remote attackers to cause a
      denial of service (memory consumption) via a crafted VIFF file.
      (Closes: #875339)
    + Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
      allows remote attackers to cause a denial of service
      (memory consumption) via a crafted BMP
      (Closes: #875341)
    + Fix CVE-2017-12875: The WritePixelCachePixels function
      allows remote attackers to cause a denial of service
      (CPU consumption) via a crafted file.
      (Closes: #873871)
    + Fix CVE-2017-12877: Use-after-free vulnerability in
      the DestroyImage function in image.c in ImageMagick allows
      remote attackers to cause a denial of service via a crafted file.
      (Closes: #872373)
    + Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
      function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
      attackers to cause a denial of service (application crash)
      or possibly have unspecified other impact via a crafted file.
      (Closes: #873134)
    + Fix CVE-2017-13061: A length-validation vulnerability was found
      in the function ReadPSDLayersInternal in coders/psd.c,
      which allows attackers to cause a denial of service
      (ReadPSDImage memory exhaustion) via a crafted file
      (Closes: #873131)
    + Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
      offset validation, which allows attackers to cause a denial of service
      (load_tile memory exhaustion) via a crafted file.
      (Closes: #873100)
    + Fix CVE-2017-13134: a heap-based buffer over-read was found in the
      function SFWScan in coders/sfw.c, which allows attackers
      to cause a denial of service via a crafted file.
      (Closes: #873099)
    + Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
      function in MagickCore/draw.c.
      (Closes: #878508)
    + Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
      function in MagickCore/identify.c in ImageMagick allows an attacker
      to perform denial of service by sending a crafted image file.
      (Closes: #875352)
    + Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
      coders/thumbnail.c allows an attacker to cause a denial of service
      (buffer over-read) by sending a crafted JPEG file.
      (Closes: #878507)
    + Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
      ReadCUTImage function in coders/cut.c that could allow an attacker
      to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
      function within the MagickCore/cache.c file) by submitting
      a malformed image file.
      (Closes: #878506)
    + Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
      due to lack of an EOF (End of File) check cause high CPU consumption.
      When a crafted PSD file, which claims a large "extent" field
      in the header but does not contain sufficient backing data,
      is provided, the loop over "length" would consume huge CPU resources,
      since there is no EOF check inside the loop.
      (Closes: #875506)
    + Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
      an integer overflow might occur for the addition operation
      "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
      value than expected. As a result, an infinite loop would occur
      for a crafted TXT file that claims a very large "max_value" value.
      (Closes: #875504)
    + Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
      a lack of an EOF (End of File) check might cause huge CPU consumption.
      When a crafted PSD file, which claims a large "length" field
      in the header but does not contain sufficient backing data,
      is provided, the loop over "length" would consume huge CPU resources,
      since there is no EOF check inside the loop.
      (Closes: #875503)
    + Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
      a lack of an EOF (End of File) check might cause huge CPU consumption.
      When a crafted XBM file, which claims large rows and columns fields
      in the header but does not contain sufficient backing data,
      is provided, the loop over the rows would consume huge CPU resources,
      since there is no EOF check inside the loop.
      (Closes: #875502)
    + Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
      in coders/pcx.c allows remote attackers to cause a denial
      of service or code execution via a crafted file.
      (Closes: #876097)
    + Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
      ReadMPCImage in coders/mpc.c, leading to division by zero
      in GetPixelCacheTileSize in MagickCore/cache.c,
      allowing remote attackers to cause a denial of service
      via a crafted file.
      (Closes: #876099)
    + Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
      in coders/wpg.c, causing CPU exhaustion via a crafted
      wpg image file.
      (Closes: #876105)
    + Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
      mishandles the pixel cache nexus, which allows remote attackers
      to cause a denial of service (NULL pointer dereference
      in the function GetVirtualPixels in MagickCore/cache.c)
      via a crafted file.
      (Closes: #878546)
    + Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
      mishandles certain NULL arrays, which allows attackers to perform
      Denial of Service (NULL pointer dereference and application crash in
      AcquireQuantumMemory within MagickCore/memory.c) by providing a
      crafted Image File as input.
      (Closes: #878545)
    + Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
      in coders/tiff.c.
      (Closes: #878541)
    + Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
      has been reported in coders/tiff.c. An attacker could possibly
      exploit this flaw to disclose potentially sensitive memory
      or cause an application crash.
      (Closes: #878527)
    + Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
      in the function PostscriptDelegateMessage in coders/ps.c.
      (Closes: #877354)
    + Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
      in the function sixel_output_create in coders/sixel.c.
      (Closes: #877355)
    + Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
      in the function sixel_decode in coders/sixel.c.
      (Closes: #878524)
    + Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
      allows remote attackers to cause a denial of service
      (heap-based buffer overflow and application crash)
      or possibly have unspecified other impact via a
      crafted SVG document, a different vulnerability
      than CVE-2017-10928.
      (Closes: #876488)
    + Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
      function in magick/resample-private.h in ImageMagick
      mishandles failed memory allocation, which allows
      remote attackers to cause a denial of service
      (NULL Pointer Dereference in DistortImage in
      MagickCore/distort.c, and application crash)
      via unspecified vectors.
      (Closes: #878547)
    + Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
      allows remote attackers to cause a denial of service
      (infinite loop) via a crafted font file.
      (Closes: #878548)
    + Fix CVE-2017-14989: A use-after-free in RenderFreetype
      in MagickCore/annotate.c allows attackers to crash the application
      via a crafted font file, because the FT_Done_Glyph function
      (from FreeType 2) is called at an incorrect place in the ImageMagick code.
      (Closes: #878562)
    + Fix CVE-2017-15015: NULL pointer dereference vulnerability in
      PDFDelegateMessage in coders/pdf.c.
      (Closes: #878555)
    + Fix CVE-2017-15017: NULL pointer dereference vulnerability
      in ReadOneMNGImage in coders/png.c.
      (Closes: #878554)
    + Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
      the palette uninitialized when processing a GIF file that has
      neither a global nor local palette. If the affected product is
      used as a library loaded into a process that operates on
      interesting data, this data sometimes can be leaked
      via the uninitialized palette.
      (Closes: #878578)
    + Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
      allows remote attackers to cause a denial of service
      (application crash) or possibly have unspecified other impact
      via a crafted file, related to "Conditional jump or move
      depends on uninitialised value(s).
      (Closes: #878579).
    + Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
      does not properly validate the colormap index in a WPG palette,
      which allows remote attackers to cause a denial of service
      (use of uninitialized data or invalid memory allocation)
      or possibly have unspecified other impact via a malformed WPG file.
      (Closes: #881392)
    + Fix CVE-2017-17499: use-after-free in Magick::Image::read
      in Magick++/lib/Image.cpp.
      (Closes: #885339)
    + Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
      heap-based buffer over-read via a crafted file, related to
      ReadOneMNGImage.
      (Closes: #885340)
    + Fix CVE-2017-17681: an infinite loop vulnerability was found
      in the function ReadPSDChannelZip in coders/psd.c, which
      allows attackers to cause a denial of service (CPU exhaustion)
      via a crafted psd image file.
      (Closes: #885941)
    + Fix CVE-2017-17682: large loop vulnerability was found in the
      function ExtractPostscript in coders/wpg.c, which allows attackers
      to cause a denial of service (CPU exhaustion) via a crafted wpg
      image file that triggers a ReadWPGImage call.
      (Closes: #885942)
    + Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
      in coders/png.c, related to length calculation and caused by an
      off-by-one error.
      (Closes: #885125)
    + Fix CVE-2017-17914: a vulnerability was found in the function
      ReadOnePNGImage in coders/png.c, which allows attackers to cause
      a denial of service (ReadOneMNGImage large loop) via a crafted mng
      image file.
      (Closes: #886584)
    + Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
      in the ReadSIXELImage function, related to the sixel_decode function.
      (Closes: #886588)
  * Fix a few unimportant security bugs:
    + Fix CVE-2017-12644 memory leak vulnerability
      in ReadDCMImage in coders\dcm.c
    + Fix CVE-2017-13058 memory leak in WritePCXImage
    + Fix CVE-2017-13059 memory leak in WriteJNGImage
    + Fix CVE-2017-13060 memory leak in ReadMATImage
    + Fix CVE-2017-13062 memory leak vulnerability
      found in the function formatIPTC in coders/meta.c,
      which allows attackers to cause a denial of service
      (WriteMETAImage memory consumption) via a crafted file.
    + Fix CVE-2017-13131 a memory leak vulnerability
      found in the function ReadMIFFImage in coders/miff.c,
      which allows attackers to cause a denial of service
      (memory consumption in NewLinkedList in MagickCore/linked-list.c)
      via a crafted file.
    + Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
      where memory allocation is excessive,
      because it depends only on a length field in a header.
    + Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
      because memory is not freed in certain error cases.
    + Fix CVE-2017-14139: memory leak vulnerability
      in WriteMSLImage in coders/msl.c.
    + Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
    + Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
    + Fix CVE-2017-14326: memory leak vulnerability in the function
      ReadMATImage in coders/mat.c, which allows attackers
      to cause a denial of service via a crafted file.
    + Fix CVE-2017-14342: memory exhaustion vulnerability in
      ReadWPGImage in coders/wpg.c via a crafted wpg image file.
    + Fix CVE-2017-14343: memory leak vulnerability in
      ReadXCFImage in coders/xcf.c via a crafted xcf image file.
    + Fix CVE-2017-14531: memory exhaustion issue in
      ReadSUNImage in coders/sun.c.
    + Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
    + Fix CVE-2017-14684: mory leak vulnerability was found in the
      function ReadVIPSImage in coders/vips.c, which allows
      attackers to cause a denial of service (memory consumption
      in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
      (Closes: #876487)
    + Fix CVE-2017-15016: a NULL pointer dereference vulnerability
      in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
      under Debian).
    + Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
      coders/ycbcr.c.
    + Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
    + Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
    + Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
    + Fix CVE-2017-17680: a memory leak vulnerability was found in
      the function ReadXPMImage in coders/xpm.c, which allows
      attackers to cause a denial of service via a crafted xpm image file.
    + Fix CVE-2017-17881: a memory leak vulnerability was found in
      the function ReadMATImage in coders/mat.c, which allows
      attackers to cause a denial of service via a crafted MAT image file.
    + Fix CVE-2017-17882: a memory leak vulnerability was found in the
      function ReadXPMImage in coders/xpm.c, which allows attackers
      to cause a denial of service via a crafted XPM image file.
    + Fix CVE-2017-17883: a memory leak vulnerability was found in the
      function ReadPGXImage in coders/pgx.c, which allows attackers
      to cause a denial of service via a crafted PGX image file.
    + Fix CVE-2017-17884: a memory leak vulnerability was found in the
      function WriteOnePNGImage in coders/png.c,
      which allows attackers to cause a denial of service via
      a crafted PNG image file.
    + Fix CVE-2017-17885: a memory leak vulnerability was found
      in the function ReadPICTImage in coders/pict.c, which
      allows attackers to cause a denial of service via a crafted
      PICT image file.
    + Fix CVE-2017-17886: a memory leak vulnerability was found
      in the function ReadPSDChannelZip in coders/psd.c,
      which allows attackers to cause a denial of service
      via a crafted psd image file.
    + Fix CVE-2017-17887: a memory leak vulnerability
      was found in the function GetImagePixelCache in magick/cache.c,
      which allows attackers to cause a denial of service via a crafted
      MNG image file that is processed by ReadOneMNGImage.
    + Fix CVE-2017-17934: a memory leaks in coders/msl.c,
      related to MSLPopImage and ProcessMSLScript,
      and associated with mishandling of MSLPushImage calls.
    + Fix CVE-2017-18008: a ├╣emory Leak in ReadPWPImage in coders/pwp.c.
    + Fix CVE-2017-18022: memory leaks in MontageImageCommand
      in MagickWand/montage.c.
    + Fix CVE-2017-18027: a memory leak vulnerability was found
      in the function ReadMATImage in coders/mat.c,
      which allow remote attackers to cause a denial
      of service via a crafted file.
    + Fix CVE-2017-18028: a memory exhaustion vulnerability
      was found in the function ReadTIFFImage in coders/tiff.c,
      which allow remote attackers to cause a denial
      of service via a crafted file.
    + Fix CVE-2017-18029: a memory leak vulnerability was found
      in the function ReadMATImage in coders/mat.c,
      which allow remote attackers to cause a denial of
      service via a crafted file.
    + Fix CVE-2017-6502: a specially crafted webp file
      could lead to a file-descriptor leak in libmagickcore
      (thus, a DoS)
    + Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
      in coders/pattern.c.
    + Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
    + Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
      in coders/dcm.c.
    + Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
      function in coders/json.c, as demonstrated by the
      ReadPSDLayersInternal function in coders/psd.c.
  * Backport fix:
    + Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
      in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
      variable can be overwritten by a new pointer.
      The previous pointer is lost, which leads to a memory leak.
      This allows remote attackers to cause a denial of service.
      (from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)

imagemagick (8:6.9.9.6+dfsg-1) experimental; urgency=medium

  * Bump so due to ABI problem and g++7 (Closes: #871300).
  * New upstream version.
    + Fix CVE-2017-6502, webp buffer overflow. (Closes: #856883).
    + Fix CVE-2017-11751, CVE-2017-11754 and CVE-2017-11755:
      The WritePICONImage function in coders/xpm.c
      allows remote attackers to cause a denial of service (memory leak) via
      a crafted file. (Closes: #870480).
    + CVE-2017-12674: a CPU exhaustion vulnerability was found in
      the function ReadPDBImage in coders/pdb.c, which allows attackers
      to cause a denial of service.
    + CVE-2017-12429: a memory exhaustion vulnerability was found in the
      function ReadMIFFImage in coders/miff.c, which allows attackers
      to cause a denial of service.
    + CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer
      signedness error leading to excessive memory consumption
      via a crafted DCM file.
    + CVE-2017-12433: A memory leak vulnerability was found in
      the function ReadPESImage in coders/pes.c, which allows attackers
      to cause a denial of service, related to ResizeMagickMemory in memory.c.
      (Closes: #872481)
    + CVE-2017-12418:  A memory leaks was found in
      the parse8BIMW and format8BIM functions in coders/meta.c,
      related to the WriteImage function in MagickCore/constitute.c.
      (Closes: #872498)
    + CVE-2017-12644: a memory leak vulnerability was found
      in ReadDCMImage in coders\dcm.c.
  * Update copyright file.
  * Ship ImageMagick man file (Closes: #856997).
  * Remove configuration files installed by mistake in an
    experimental version (Closes: #851627).
  * Bug fix: "Typo in debian/changelog for CVE identifier", thanks to
    Salvatore Bonaccorso (Closes: #864151).

imagemagick (8:6.9.7.4+dfsg-16.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev
    and libmagick++-dev. (Closes: #856601)

Date: Wed, 18 Jul 2018 12:47:06 -0400
Changed-By: Corey Bryant <corey.bryant at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.2+dfsg-3ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 18 Jul 2018 12:47:06 -0400
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickcore-6.q16-dev libmagickwand-6.q16-6 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-6 libmagickcore-6.q16hdri-6-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-6 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.10.2+dfsg-3ubuntu2
Distribution: cosmic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Corey Bryant <corey.bryant at canonical.com>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-6 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-6-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-6.q16hdri-6 - low-level image manipulation library -- quantum depth Q16HDRI
 libmagickcore-6.q16hdri-6-extra - low-level image manipulation library - extra codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-6 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-6 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 851627 856601 856883 856997 864151 870480 871300 872373 872481 872498 872609 873059 873099 873100 873131 873134 873871 875338 875339 875341 875352 875502 875503 875504 875506 876097 876099 876105 876487 876488 877354 877355 878506 878507 878508 878524 878527 878541 878545 878546 878547 878548 878554 878555 878562 878578 878579 878679 881392 884444 885125 885339 885340 885941 885942 886281 886584 886588 890805 891291 891420 893030 893925 893953 894848 898217 898218 903404
Changes:
 imagemagick (8:6.9.10.2+dfsg-3ubuntu2) cosmic; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
       but is not in main.
     - demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
       Recommends on libjxr-tools to Suggests, as it is in universe.
     - SECURITY UPDATE: memory leak in XMagickCommand
       - debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c.
       - CVE-2018-13153
     - SECURITY UPDATE: Multiple security issues
       - debian/patches/CVE-201[78]*.patch: backport large number of upstream
         security patches. (Note: All patches except CVE-2017-15033 have landed
         upstream in 6.9.10.2).
       - CVE-2017-15033
 .
 imagemagick (8:6.9.10.2+dfsg-3) unstable; urgency=high
 .
   * Fix perlmagick (Closes: #903404)
 .
 imagemagick (8:6.9.10.2+dfsg-2) unstable; urgency=medium
 .
   * Upload to unstable
 .
 imagemagick (8:6.9.10.2+dfsg-1) experimental; urgency=medium
 .
   * Bug fix: "FTBFS on i386: testsuite failure in Magick++/tests/tests.tap
     2", thanks to Sven Joachim (Closes: #893953).
   * Bug fix: "drop libtool-bin from Build-Depends", thanks to Helmut
     Grohne (Closes: #893925).
   * Move to git dpm
   * Move to salsa
   * SO dump
   * Fix security bugs:
     + CVE-2018-9133: Excessive iteration in the DecodeLabImage
       and EncodeLabImage functions (coders/tiff.c), which results
       in a hang (tens of minutes) with a tiny PoC file.
       Remote attackers could leverage this vulnerability
       to cause a denial of service via a crafted tiff file.
       (Closes: #894848)
     + CVE-2018-9133: SetGrayscaleImage in the quantize.c file
       allows attackers to cause a heap-based buffer over-read
       via a crafted file.
     + CVE-2018-11624: the ReadMATImage function in coders/mat.c
       allows attackers to cause a use after free via a crafted file.
     + CVE-2018-11625: the SetGrayscaleImage in the quantize.c
       file allows attackers to cause a heap-based buffer over-read
       via a crafted file.
     + CVE-2018-10177: An infinite loop is present in the
       ReadOneMNGImage function of the coders/png.c file.
       Remote attackers could leverage this vulnerability
       to cause a denial of service via a crafted mng file.
     + CVE-2017-14528: Tested (with and without valgrind) and found immune.
       The TIFFSetProfiles function in coders/tiff.c has incorrect
       expectations about whether LibTIFF TIFFGetField return values
       imply that data validation has occurred, which allows remote attackers
       to cause a denial of service (use-after-free after an invalid call
       to TIFFSetField, and application crash) via a crafted file.
     + CVE-2018-11624: heap-based buffer over-read in IsWEBPImageLossless
       in coders/webp.c.
     + CVE-2018-10805: a memory leak in ReadYCBCRImage in coders/ycbcr.c.
       (Closes: #898218).
     + CVE-2018-10804: a memory leak in WriteTIFFImage in coders/tiff.c.
       (Closes: #898217)
     + CVE-2018-12599: the ReadBMPImage and WriteBMPImage functions
       in coders/bmp.c allow attackers to cause an out of bounds write
       via a crafted file.
     + CVE-2018-12600: the ReadDIBImage and WriteDIBImage in coders/dib.c
       allow attackers to cause an out of bounds write via a crafted file.
 .
 imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium
 .
   * Fix security bugs (Closes: #890805):
     + Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c
       does not properly validate the amount of image data in a file,
       which allows remote attackers to cause a denial of service
       (memory allocation failure in the AcquireMagickMemory function
       in MagickCore/memory.c). (Closes: #891291)
     + Fix CVE-2018-7470: The IsWEBPImageLossless function in
       coders/webp.c allows attackers to cause a denial of service
       (segmentation violation) via a crafted file.(Closes: #891420)
     + Fix CVE-2017-17880:  there is a stack-based buffer over-read in
       WriteWEBPImage in coders/webp.c, related to a
       WEBP_DECODER_ABI_VERSION check.
   * Provide transitional packages from arch:any packages.
     (Closes: #893030)
 .
 imagemagick (8:6.9.9.34+dfsg-3) unstable; urgency=high
 .
   * Upload to unstable (urgency high due to security issues).
 .
 imagemagick (8:6.9.9.34+dfsg-2) experimental; urgency=high
 .
   * Fix FTBFS for s390x where float_t is double
 .
 imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high
 .
   * New upstream version
   * Packaging fix:
     + Fix privacy breach.
     + Bump compat level to 11.
     + Bump policy no changes
     + Fix lintian warnings
     + Fix "unnecessary libgraphviz-dev dependency (and graphviz
       suggests?)", thanks to Matthias Klose (Closes: #884444).
     + Remove Vincent Fourmond <fourmond at debian.org> as uploader, thanks
       to him. (Closes: #878679).
     + Aknowledge NMU (Closes: #856601)
   * Fix a few security issues
     + Fix CVE-2017-1000445: NULL pointer dereference in
       the MagickCore component and might lead to denial of service.
       (Closes: #886281)
     + Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
       the function ReadDDSInfo in coders/dds.c, which allows attackers
       to cause a denial of service.
     + Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
       has an integer signedness error leading to excessive memory
       consumption via a crafted DCM file.
       (Closes: #873059)
     + Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
       the function ReadPDBImage in coders/pdb.c, which allows attackers
       to cause a denial of service
       (Closes: #872609)
     + Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
       allows remote attackers to cause a denial of service
       (memory consumption) via a crafted file.
       (Closes: #875338)
     + Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
       in ImageMagick allows remote attackers to cause a
       denial of service (memory consumption) via a crafted VIFF file.
       (Closes: #875339)
     + Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
       allows remote attackers to cause a denial of service
       (memory consumption) via a crafted BMP
       (Closes: #875341)
     + Fix CVE-2017-12875: The WritePixelCachePixels function
       allows remote attackers to cause a denial of service
       (CPU consumption) via a crafted file.
       (Closes: #873871)
     + Fix CVE-2017-12877: Use-after-free vulnerability in
       the DestroyImage function in image.c in ImageMagick allows
       remote attackers to cause a denial of service via a crafted file.
       (Closes: #872373)
     + Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
       function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
       attackers to cause a denial of service (application crash)
       or possibly have unspecified other impact via a crafted file.
       (Closes: #873134)
     + Fix CVE-2017-13061: A length-validation vulnerability was found
       in the function ReadPSDLayersInternal in coders/psd.c,
       which allows attackers to cause a denial of service
       (ReadPSDImage memory exhaustion) via a crafted file
       (Closes: #873131)
     + Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
       offset validation, which allows attackers to cause a denial of service
       (load_tile memory exhaustion) via a crafted file.
       (Closes: #873100)
     + Fix CVE-2017-13134: a heap-based buffer over-read was found in the
       function SFWScan in coders/sfw.c, which allows attackers
       to cause a denial of service via a crafted file.
       (Closes: #873099)
     + Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
       function in MagickCore/draw.c.
       (Closes: #878508)
     + Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
       function in MagickCore/identify.c in ImageMagick allows an attacker
       to perform denial of service by sending a crafted image file.
       (Closes: #875352)
     + Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
       coders/thumbnail.c allows an attacker to cause a denial of service
       (buffer over-read) by sending a crafted JPEG file.
       (Closes: #878507)
     + Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
       ReadCUTImage function in coders/cut.c that could allow an attacker
       to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
       function within the MagickCore/cache.c file) by submitting
       a malformed image file.
       (Closes: #878506)
     + Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
       due to lack of an EOF (End of File) check cause high CPU consumption.
       When a crafted PSD file, which claims a large "extent" field
       in the header but does not contain sufficient backing data,
       is provided, the loop over "length" would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875506)
     + Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
       an integer overflow might occur for the addition operation
       "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
       value than expected. As a result, an infinite loop would occur
       for a crafted TXT file that claims a very large "max_value" value.
       (Closes: #875504)
     + Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
       a lack of an EOF (End of File) check might cause huge CPU consumption.
       When a crafted PSD file, which claims a large "length" field
       in the header but does not contain sufficient backing data,
       is provided, the loop over "length" would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875503)
     + Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
       a lack of an EOF (End of File) check might cause huge CPU consumption.
       When a crafted XBM file, which claims large rows and columns fields
       in the header but does not contain sufficient backing data,
       is provided, the loop over the rows would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875502)
     + Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
       in coders/pcx.c allows remote attackers to cause a denial
       of service or code execution via a crafted file.
       (Closes: #876097)
     + Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
       ReadMPCImage in coders/mpc.c, leading to division by zero
       in GetPixelCacheTileSize in MagickCore/cache.c,
       allowing remote attackers to cause a denial of service
       via a crafted file.
       (Closes: #876099)
     + Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
       in coders/wpg.c, causing CPU exhaustion via a crafted
       wpg image file.
       (Closes: #876105)
     + Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
       mishandles the pixel cache nexus, which allows remote attackers
       to cause a denial of service (NULL pointer dereference
       in the function GetVirtualPixels in MagickCore/cache.c)
       via a crafted file.
       (Closes: #878546)
     + Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
       mishandles certain NULL arrays, which allows attackers to perform
       Denial of Service (NULL pointer dereference and application crash in
       AcquireQuantumMemory within MagickCore/memory.c) by providing a
       crafted Image File as input.
       (Closes: #878545)
     + Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
       in coders/tiff.c.
       (Closes: #878541)
     + Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
       has been reported in coders/tiff.c. An attacker could possibly
       exploit this flaw to disclose potentially sensitive memory
       or cause an application crash.
       (Closes: #878527)
     + Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
       in the function PostscriptDelegateMessage in coders/ps.c.
       (Closes: #877354)
     + Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
       in the function sixel_output_create in coders/sixel.c.
       (Closes: #877355)
     + Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
       in the function sixel_decode in coders/sixel.c.
       (Closes: #878524)
     + Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
       allows remote attackers to cause a denial of service
       (heap-based buffer overflow and application crash)
       or possibly have unspecified other impact via a
       crafted SVG document, a different vulnerability
       than CVE-2017-10928.
       (Closes: #876488)
     + Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
       function in magick/resample-private.h in ImageMagick
       mishandles failed memory allocation, which allows
       remote attackers to cause a denial of service
       (NULL Pointer Dereference in DistortImage in
       MagickCore/distort.c, and application crash)
       via unspecified vectors.
       (Closes: #878547)
     + Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
       allows remote attackers to cause a denial of service
       (infinite loop) via a crafted font file.
       (Closes: #878548)
     + Fix CVE-2017-14989: A use-after-free in RenderFreetype
       in MagickCore/annotate.c allows attackers to crash the application
       via a crafted font file, because the FT_Done_Glyph function
       (from FreeType 2) is called at an incorrect place in the ImageMagick code.
       (Closes: #878562)
     + Fix CVE-2017-15015: NULL pointer dereference vulnerability in
       PDFDelegateMessage in coders/pdf.c.
       (Closes: #878555)
     + Fix CVE-2017-15017: NULL pointer dereference vulnerability
       in ReadOneMNGImage in coders/png.c.
       (Closes: #878554)
     + Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
       the palette uninitialized when processing a GIF file that has
       neither a global nor local palette. If the affected product is
       used as a library loaded into a process that operates on
       interesting data, this data sometimes can be leaked
       via the uninitialized palette.
       (Closes: #878578)
     + Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
       allows remote attackers to cause a denial of service
       (application crash) or possibly have unspecified other impact
       via a crafted file, related to "Conditional jump or move
       depends on uninitialised value(s).
       (Closes: #878579).
     + Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
       does not properly validate the colormap index in a WPG palette,
       which allows remote attackers to cause a denial of service
       (use of uninitialized data or invalid memory allocation)
       or possibly have unspecified other impact via a malformed WPG file.
       (Closes: #881392)
     + Fix CVE-2017-17499: use-after-free in Magick::Image::read
       in Magick++/lib/Image.cpp.
       (Closes: #885339)
     + Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
       heap-based buffer over-read via a crafted file, related to
       ReadOneMNGImage.
       (Closes: #885340)
     + Fix CVE-2017-17681: an infinite loop vulnerability was found
       in the function ReadPSDChannelZip in coders/psd.c, which
       allows attackers to cause a denial of service (CPU exhaustion)
       via a crafted psd image file.
       (Closes: #885941)
     + Fix CVE-2017-17682: large loop vulnerability was found in the
       function ExtractPostscript in coders/wpg.c, which allows attackers
       to cause a denial of service (CPU exhaustion) via a crafted wpg
       image file that triggers a ReadWPGImage call.
       (Closes: #885942)
     + Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
       in coders/png.c, related to length calculation and caused by an
       off-by-one error.
       (Closes: #885125)
     + Fix CVE-2017-17914: a vulnerability was found in the function
       ReadOnePNGImage in coders/png.c, which allows attackers to cause
       a denial of service (ReadOneMNGImage large loop) via a crafted mng
       image file.
       (Closes: #886584)
     + Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
       in the ReadSIXELImage function, related to the sixel_decode function.
       (Closes: #886588)
   * Fix a few unimportant security bugs:
     + Fix CVE-2017-12644 memory leak vulnerability
       in ReadDCMImage in coders\dcm.c
     + Fix CVE-2017-13058 memory leak in WritePCXImage
     + Fix CVE-2017-13059 memory leak in WriteJNGImage
     + Fix CVE-2017-13060 memory leak in ReadMATImage
     + Fix CVE-2017-13062 memory leak vulnerability
       found in the function formatIPTC in coders/meta.c,
       which allows attackers to cause a denial of service
       (WriteMETAImage memory consumption) via a crafted file.
     + Fix CVE-2017-13131 a memory leak vulnerability
       found in the function ReadMIFFImage in coders/miff.c,
       which allows attackers to cause a denial of service
       (memory consumption in NewLinkedList in MagickCore/linked-list.c)
       via a crafted file.
     + Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
       where memory allocation is excessive,
       because it depends only on a length field in a header.
     + Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
       because memory is not freed in certain error cases.
     + Fix CVE-2017-14139: memory leak vulnerability
       in WriteMSLImage in coders/msl.c.
     + Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
     + Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
     + Fix CVE-2017-14326: memory leak vulnerability in the function
       ReadMATImage in coders/mat.c, which allows attackers
       to cause a denial of service via a crafted file.
     + Fix CVE-2017-14342: memory exhaustion vulnerability in
       ReadWPGImage in coders/wpg.c via a crafted wpg image file.
     + Fix CVE-2017-14343: memory leak vulnerability in
       ReadXCFImage in coders/xcf.c via a crafted xcf image file.
     + Fix CVE-2017-14531: memory exhaustion issue in
       ReadSUNImage in coders/sun.c.
     + Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
     + Fix CVE-2017-14684: mory leak vulnerability was found in the
       function ReadVIPSImage in coders/vips.c, which allows
       attackers to cause a denial of service (memory consumption
       in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
       (Closes: #876487)
     + Fix CVE-2017-15016: a NULL pointer dereference vulnerability
       in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
       under Debian).
     + Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
       coders/ycbcr.c.
     + Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
     + Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
     + Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
     + Fix CVE-2017-17680: a memory leak vulnerability was found in
       the function ReadXPMImage in coders/xpm.c, which allows
       attackers to cause a denial of service via a crafted xpm image file.
     + Fix CVE-2017-17881: a memory leak vulnerability was found in
       the function ReadMATImage in coders/mat.c, which allows
       attackers to cause a denial of service via a crafted MAT image file.
     + Fix CVE-2017-17882: a memory leak vulnerability was found in the
       function ReadXPMImage in coders/xpm.c, which allows attackers
       to cause a denial of service via a crafted XPM image file.
     + Fix CVE-2017-17883: a memory leak vulnerability was found in the
       function ReadPGXImage in coders/pgx.c, which allows attackers
       to cause a denial of service via a crafted PGX image file.
     + Fix CVE-2017-17884: a memory leak vulnerability was found in the
       function WriteOnePNGImage in coders/png.c,
       which allows attackers to cause a denial of service via
       a crafted PNG image file.
     + Fix CVE-2017-17885: a memory leak vulnerability was found
       in the function ReadPICTImage in coders/pict.c, which
       allows attackers to cause a denial of service via a crafted
       PICT image file.
     + Fix CVE-2017-17886: a memory leak vulnerability was found
       in the function ReadPSDChannelZip in coders/psd.c,
       which allows attackers to cause a denial of service
       via a crafted psd image file.
     + Fix CVE-2017-17887: a memory leak vulnerability
       was found in the function GetImagePixelCache in magick/cache.c,
       which allows attackers to cause a denial of service via a crafted
       MNG image file that is processed by ReadOneMNGImage.
     + Fix CVE-2017-17934: a memory leaks in coders/msl.c,
       related to MSLPopImage and ProcessMSLScript,
       and associated with mishandling of MSLPushImage calls.
     + Fix CVE-2017-18008: a ├╣emory Leak in ReadPWPImage in coders/pwp.c.
     + Fix CVE-2017-18022: memory leaks in MontageImageCommand
       in MagickWand/montage.c.
     + Fix CVE-2017-18027: a memory leak vulnerability was found
       in the function ReadMATImage in coders/mat.c,
       which allow remote attackers to cause a denial
       of service via a crafted file.
     + Fix CVE-2017-18028: a memory exhaustion vulnerability
       was found in the function ReadTIFFImage in coders/tiff.c,
       which allow remote attackers to cause a denial
       of service via a crafted file.
     + Fix CVE-2017-18029: a memory leak vulnerability was found
       in the function ReadMATImage in coders/mat.c,
       which allow remote attackers to cause a denial of
       service via a crafted file.
     + Fix CVE-2017-6502: a specially crafted webp file
       could lead to a file-descriptor leak in libmagickcore
       (thus, a DoS)
     + Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
       in coders/pattern.c.
     + Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
     + Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
       in coders/dcm.c.
     + Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
       function in coders/json.c, as demonstrated by the
       ReadPSDLayersInternal function in coders/psd.c.
   * Backport fix:
     + Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
       in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
       variable can be overwritten by a new pointer.
       The previous pointer is lost, which leads to a memory leak.
       This allows remote attackers to cause a denial of service.
       (from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)
 .
 imagemagick (8:6.9.9.6+dfsg-1) experimental; urgency=medium
 .
   * Bump so due to ABI problem and g++7 (Closes: #871300).
   * New upstream version.
     + Fix CVE-2017-6502, webp buffer overflow. (Closes: #856883).
     + Fix CVE-2017-11751, CVE-2017-11754 and CVE-2017-11755:
       The WritePICONImage function in coders/xpm.c
       allows remote attackers to cause a denial of service (memory leak) via
       a crafted file. (Closes: #870480).
     + CVE-2017-12674: a CPU exhaustion vulnerability was found in
       the function ReadPDBImage in coders/pdb.c, which allows attackers
       to cause a denial of service.
     + CVE-2017-12429: a memory exhaustion vulnerability was found in the
       function ReadMIFFImage in coders/miff.c, which allows attackers
       to cause a denial of service.
     + CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer
       signedness error leading to excessive memory consumption
       via a crafted DCM file.
     + CVE-2017-12433: A memory leak vulnerability was found in
       the function ReadPESImage in coders/pes.c, which allows attackers
       to cause a denial of service, related to ResizeMagickMemory in memory.c.
       (Closes: #872481)
     + CVE-2017-12418:  A memory leaks was found in
       the parse8BIMW and format8BIM functions in coders/meta.c,
       related to the WriteImage function in MagickCore/constitute.c.
       (Closes: #872498)
     + CVE-2017-12644: a memory leak vulnerability was found
       in ReadDCMImage in coders\dcm.c.
   * Update copyright file.
   * Ship ImageMagick man file (Closes: #856997).
   * Remove configuration files installed by mistake in an
     experimental version (Closes: #851627).
   * Bug fix: "Typo in debian/changelog for CVE identifier", thanks to
     Salvatore Bonaccorso (Closes: #864151).
 .
 imagemagick (8:6.9.7.4+dfsg-16.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev
     and libmagick++-dev. (Closes: #856601)
Checksums-Sha1:
 f89aadaba9577018a59df84e7e10ccf8dcadc63e 5170 imagemagick_6.9.10.2+dfsg-3ubuntu2.dsc
 68626580b67d5736a9e8cfcfed448128d16c4c60 9054712 imagemagick_6.9.10.2+dfsg.orig.tar.xz
 43f217457a40f4fc6cecd940b35f017ccd8f5482 223348 imagemagick_6.9.10.2+dfsg-3ubuntu2.debian.tar.xz
 36a79a7ec5051b730a8f3cb8948a2b4ab3e010d7 8046 imagemagick_6.9.10.2+dfsg-3ubuntu2_source.buildinfo
Checksums-Sha256:
 85fce031abbd31aa9e69acc9ff2a058faf335f86bcdbb14edb08ea24c5b27112 5170 imagemagick_6.9.10.2+dfsg-3ubuntu2.dsc
 69cdaefff8c0a9e4aa3a90ae051f9f2b0e7245e804597ed7dfe04b08e784f858 9054712 imagemagick_6.9.10.2+dfsg.orig.tar.xz
 03521eee8902b781659172c7aca9a8a90b60711808f4c8b75545bde91d6cc763 223348 imagemagick_6.9.10.2+dfsg-3ubuntu2.debian.tar.xz
 a79d6f3b13c6b68c1e337f89f6582b7ea449b35c9b688209cf91a3305c0d2e5e 8046 imagemagick_6.9.10.2+dfsg-3ubuntu2_source.buildinfo
Files:
 9430025bca8e97873bbd96c022480447 5170 graphics optional imagemagick_6.9.10.2+dfsg-3ubuntu2.dsc
 03880166425e5d4e8cb85390fc920eba 9054712 graphics optional imagemagick_6.9.10.2+dfsg.orig.tar.xz
 206df10225bb3e493057dd07f8109561 223348 graphics optional imagemagick_6.9.10.2+dfsg-3ubuntu2.debian.tar.xz
 b4f2850aca173a253ba98e3b64735421 8046 graphics optional imagemagick_6.9.10.2+dfsg-3ubuntu2_source.buildinfo
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENRbRpb8Ad+cUFOGXFbmz7g3N+AYFAltQ0NkACgkQFbmz7g3N
+AZc1xAAoWh18y9WFpwg6UhWQR5QxLuBzJ5XeaD/BEy3WXH5sJjgv3xeleM7O+vR
Z0JwkQ9a0Ty6MjPaznllN0TLdtBMhhFInE4b/7YiFi2YJTZdjwjnYCZ5G7a+j65t
yLu2guvCVi0aTwW7N8tfze6N5ErhWjh2KmUUsN17O6At+kphAMFFYVG1eX56Bm64
X6WLfE+Hkw8TgjzTCMRVcm8Vp/wQ00gpljlsYqQYtifUIDzlAwzZNmGlhHyTOmlv
uLcuVipIQycj7B3dQPDJ6vGbxa6IzGPFUF6AmNr48xzpfLnDlOW4tH7/7XHp0Ql5
yguC5U1kGtTwFGhaRoF68EKKS3r98q4lgUwx3saO3r9MujoFOFws2B34aiK+vBoS
OL2XYTWslfUJy5gBpspA2oQA4nYf/uoBIz1vJqBO03mC+qGWLcutuE2GItkQd+5E
SnorwM7YAuVmiFESW/k+BWJyEIq7BFkILscoYJq1jPtBsw3KEEHtXsK3LrMnahlN
uRGAovoY/D3ccbROSK+IU+S22eFKqUiuvZdEaFW1t1ZJ0Cq3hu0hvQjgeRx21JXx
tEUvOgCdaDqprctAAdXwKOrTd/6Y06FWqyFu39dqahY5MKvUQWadWQVbtZH1T4f3
V7VUK3F3UQeCBeD4+iZpaaVP5Sysi0XGBdm8aqpi1Z48pESK8pc=
=+6JY
-----END PGP SIGNATURE-----


More information about the Cosmic-changes mailing list