[ubuntu/disco-proposed] imagemagick 8:6.9.10.14+dfsg-7ubuntu1 (Accepted)
Jeremy Bicha
jbicha at ubuntu.com
Tue Nov 13 04:56:14 UTC 2018
imagemagick (8:6.9.10.14+dfsg-7ubuntu1) disco; urgency=medium
* Sync with Debian. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main. See bug 711061
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Dropped changes:
- Stop installing the Debian-specific .desktop for the display program.
+ 'imagemagick' is no longer installed by default for default Ubuntu
so let's try dropping this change for now.
- CVE-2017-15033.patch: patch applied in new release
imagemagick (8:6.9.10.14+dfsg-7) unstable; urgency=medium
* Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev,
libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne
(Closes: #912833).
imagemagick (8:6.9.10.14+dfsg-6) unstable; urgency=high
* Bug fix: "libmagickcore-6.q16-dev missing Depends:
libmagickcore-6-arch-config", thanks to Helmut Grohne (Closes:
#912679).
imagemagick (8:6.9.10.14+dfsg-5) unstable; urgency=high
* Use jdupes instead of rdfind in order to avoid link to build dir
* Bug fix: "Please remove me from uploaders", thanks to Vincent Fourmond
(Closes: #897293).
* Bump policy (no changes)
imagemagick (8:6.9.10.14+dfsg-4) unstable; urgency=medium
* Use salsa in control
* Add Pre-depends on dpkg for versioned provides
* Bug fix: "make foreign dependencies on transitional -dev packages
satisfiable", thanks to Helmut Grohne (Closes: #893030).
imagemagick (8:6.9.10.14+dfsg-3) unstable; urgency=medium
* Fix FTBFS due to == in control.
imagemagick (8:6.9.10.14+dfsg-2) unstable; urgency=medium
* Bug fix: "imagemagick binary-all FTBFS: rdfind: Command not found",
thanks to Adrian Bunk (Closes: #912309).
* Use ${binary:Version} instead of hard coded version for compat dev
packages.
imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium
* New upstream version
* Fix new privacy breach
* Fix duplicate files in documentation
* Fix security bugs:
+ CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of
coders/msl.c
+ CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the
coders/bmp.c file can cause a DOS via a crafted bmp file.
+ CVE-2018-18023: A heap-based buffer over-read in the SVGStripString
function of coders/svg.c, which allows attackers to cause a denial
of service via a crafted SVG image file.
+ CVE-2018-16645: Fix an excessive memory allocation issue in the functions
ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c,
which allows remote attackers to cause a denial of service via
a crafted image file.
(Closes: #910889)
+ CVE-2018-16644: Fix a missing check for length in the functions
ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c,
which allows remote attackers to cause a denial of service via
a crafted image.
(Closes: #910888)
+ CVE-2018-16413: Fix a heap-based buffer over-read in the
MagickCore/quantum-private.h PushShortPixel function when called
from the coders/psd.c ParseImageResourceBlocks function.
(Closes: #910887)
+ CVE-2018-16323: Fix an information disclosure vulnerability that existed
in ImageMagick when processing XBM images. An attacker could use this
to expose sensitive information.
(Closes: #907776)
+ CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c
ParseImageResourceBlocks function.
+ CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage
in coders/sgi.c.
+ CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage
in coders/pdb.c.
+ CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage
in coders/bgr.c.
+ CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage
in coders/pcx.c.
Date: Mon, 12 Nov 2018 23:51:56 -0500
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.14+dfsg-7ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 12 Nov 2018 23:51:56 -0500
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickcore-6.q16-dev libmagickwand-6.q16-6 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-6 libmagickcore-6.q16hdri-6-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-6 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.10.14+dfsg-7ubuntu1
Distribution: disco
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-6 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-6-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-6 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-6-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-6 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-6 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 893030 897293 907776 910887 910888 910889 912309 912679 912833
Changes:
imagemagick (8:6.9.10.14+dfsg-7ubuntu1) disco; urgency=medium
.
* Sync with Debian. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main. See bug 711061
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Dropped changes:
- Stop installing the Debian-specific .desktop for the display program.
+ 'imagemagick' is no longer installed by default for default Ubuntu
so let's try dropping this change for now.
- CVE-2017-15033.patch: patch applied in new release
.
imagemagick (8:6.9.10.14+dfsg-7) unstable; urgency=medium
.
* Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev,
libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne
(Closes: #912833).
.
imagemagick (8:6.9.10.14+dfsg-6) unstable; urgency=high
.
* Bug fix: "libmagickcore-6.q16-dev missing Depends:
libmagickcore-6-arch-config", thanks to Helmut Grohne (Closes:
#912679).
.
imagemagick (8:6.9.10.14+dfsg-5) unstable; urgency=high
.
* Use jdupes instead of rdfind in order to avoid link to build dir
* Bug fix: "Please remove me from uploaders", thanks to Vincent Fourmond
(Closes: #897293).
* Bump policy (no changes)
.
imagemagick (8:6.9.10.14+dfsg-4) unstable; urgency=medium
.
* Use salsa in control
* Add Pre-depends on dpkg for versioned provides
* Bug fix: "make foreign dependencies on transitional -dev packages
satisfiable", thanks to Helmut Grohne (Closes: #893030).
.
imagemagick (8:6.9.10.14+dfsg-3) unstable; urgency=medium
.
* Fix FTBFS due to == in control.
.
imagemagick (8:6.9.10.14+dfsg-2) unstable; urgency=medium
.
* Bug fix: "imagemagick binary-all FTBFS: rdfind: Command not found",
thanks to Adrian Bunk (Closes: #912309).
* Use ${binary:Version} instead of hard coded version for compat dev
packages.
.
imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium
.
* New upstream version
* Fix new privacy breach
* Fix duplicate files in documentation
* Fix security bugs:
+ CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of
coders/msl.c
+ CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the
coders/bmp.c file can cause a DOS via a crafted bmp file.
+ CVE-2018-18023: A heap-based buffer over-read in the SVGStripString
function of coders/svg.c, which allows attackers to cause a denial
of service via a crafted SVG image file.
+ CVE-2018-16645: Fix an excessive memory allocation issue in the functions
ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c,
which allows remote attackers to cause a denial of service via
a crafted image file.
(Closes: #910889)
+ CVE-2018-16644: Fix a missing check for length in the functions
ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c,
which allows remote attackers to cause a denial of service via
a crafted image.
(Closes: #910888)
+ CVE-2018-16413: Fix a heap-based buffer over-read in the
MagickCore/quantum-private.h PushShortPixel function when called
from the coders/psd.c ParseImageResourceBlocks function.
(Closes: #910887)
+ CVE-2018-16323: Fix an information disclosure vulnerability that existed
in ImageMagick when processing XBM images. An attacker could use this
to expose sensitive information.
(Closes: #907776)
+ CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c
ParseImageResourceBlocks function.
+ CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage
in coders/sgi.c.
+ CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage
in coders/pdb.c.
+ CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage
in coders/bgr.c.
+ CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage
in coders/pcx.c.
Checksums-Sha1:
27017a250a39e510b4a3192071b153dfeab991de 5185 imagemagick_6.9.10.14+dfsg-7ubuntu1.dsc
3c07aec964a6cf310f40ac4730bc303f9ceabb78 224112 imagemagick_6.9.10.14+dfsg-7ubuntu1.debian.tar.xz
e1acdbf622fb687d3942a82c6612b6b89b60e131 12789 imagemagick_6.9.10.14+dfsg-7ubuntu1_source.buildinfo
Checksums-Sha256:
ce94d0e6768962fc15f50c0f06aecec6847e4a03c4d8865f7e27b2f36781f88b 5185 imagemagick_6.9.10.14+dfsg-7ubuntu1.dsc
3dd651335a389cdd8fa02ecf5bf6f38862900417b99ff7308a9d6bbfba29107c 224112 imagemagick_6.9.10.14+dfsg-7ubuntu1.debian.tar.xz
5d6005452fc09e198513b87780a8a55d8231e6f9ebc6edb415ccd7251faae664 12789 imagemagick_6.9.10.14+dfsg-7ubuntu1_source.buildinfo
Files:
97f8db7a4f7a1edc96ecbf8b21a66170 5185 graphics optional imagemagick_6.9.10.14+dfsg-7ubuntu1.dsc
6dc05cdcdb724f855cfe302e995a2bf9 224112 graphics optional imagemagick_6.9.10.14+dfsg-7ubuntu1.debian.tar.xz
a765ffd9516b77c8255dc681a88939c6 12789 graphics optional imagemagick_6.9.10.14+dfsg-7ubuntu1_source.buildinfo
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAlvqWSsACgkQ5mx3Wuv+
bH0RiQ//QHjqy1jtQma3qudGoAV/fxvn+Xb/h7xvHyDdJa/Vc+AFrg+JhUuSub+w
k1JFMw/Ro9TeU89rsSTgjanAY0elWu0iFQK3aDXhgrA1UqFK3VdqFP6B/uwixu/p
RIFi7hWAZSe094rCuRIVYHmB7Lw0zExrxDIPCXAjpuUZ34Zft4co6cOsobAurNEs
L13cvmmpt6JSYVzt1cvTDBVhP2XYNAx2i7VN1vIfsOFfSPRiJEOuob2lvz9H1e2a
r73KLpaGQyjpy1dv6P1lDquStQchWorwT5fADg/5Sqy/Jnx/J77qooaKN6ZKNgho
ExzpAXxfeX1O0MfFnVXVXwk8JhVyePhtgenp9BmLiE35ZvgLscO8xOKxUC9nTtbM
fzx6jx8++6/KD80pfaTOKswGv4+ZfT/8/PIE5HED1l+acLClUnBUqLYCVPyvyydx
mDVaI1bnInZ/UmgxHgqbst0qzQSOR6ZlfZHbHu9ra9fNajuCTORuRCvtWZRGQFr3
/cl8PGGyXaKmgXIeOcDkhgRichPY61JsOMS6e8FRVomtYyRxL4u0qhnAAaRjHO3x
jbJpemz+NCc/G9LK+48tD4OYf/H8rr5QEmnFIhofWS8jpg+h3mj1bqvN/lOLDkW0
4uKrUR9nZ42HrC4bGugRKN4en2o4U9BBaciI1udKA09XeMV0hVc=
=8fY2
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list