[ubuntu/xenial-security] imagemagick 8:6.8.9.9-7ubuntu5.13 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Oct 4 22:24:35 UTC 2018
imagemagick (8:6.8.9.9-7ubuntu5.13) xenial-security; urgency=medium
[ Steve Beattie ]
* SECURITY UPDATE: code execution vulnerabilities in ghostscript as
invoked by imagemagick
- debian/patches/200-disable-ghostscript-formats.patch: disable
ghostscript handled types by default in policy.xml
* SECURITY UPDATE: information leak in ReadXBMImage
- debian/patches/CVE-2018-16323.patch: don't leave data
uninitialized with negative pixels
- CVE-2018-16323
* SECURITY UPDATE: memory leak of colormap in WriteMPCImage
- debian/patches/CVE-2018-14434.patch: free colormap on bad
color depth
- CVE-2018-14434
* SECURITY UPDATE: memory leak in DecodeImage
- debian/patches/CVE-2018-14435.patch: free memory when given a
bad plane
- CVE-2018-14435
* SECURITY UPDATE: memory leak in ReadMIFFImage
- debian/patches/CVE-2018-14436.patch: free memory when given a
bad depth
- CVE-2018-14436
* SECURITY UPDATE: memory leak in parse8BIM
- debian/patches/CVE-2018-14437-prereq.patch: check for negative
values
- debian/patches/CVE-2018-14437.patch: free strings in error
conditions
- CVE-2018-14437
* SECURITY UPDATE: memory leak in ReadOneJNGImage
- debian/patches/CVE-2018-16640-prereq-1.patch: define DestroyJNG()
- debian/patches/CVE-2018-16640-prereq-2.patch: fix DestroyJNG()
- debian/patches/CVE-2018-16640.patch: free memory on error
- CVE-2018-16640
* SECURITY UPDATE: denial of service due to out-of-bounds write
in InsertRow
- debian/patches/CVE-2018-16642.patch: improve checking for errors
- CVE-2018-16642
* SECURITY UPDATE: denial of service due to missing fputc checks
- debian/patches/CVE-2018-16643.patch: check fputc calls for error
- CVE-2018-16643
* SECURITY UPDATE: denial of service in ReadDCMImage and
ReadPICTImage
- debian/patches/CVE-2018-16644-prereq-1.patch: check for EOF
when reading from file
- debian/patches/CVE-2018-16644-prereq-2.patch: define
ThrowPICTException() macro and use it
- debian/patches/CVE-2018-16644-1.patch,
debian/patches/CVE-2018-16644-2.patch: check for invalid length
- CVE-2018-16644
* SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage
- debian/patches/CVE-2018-16645.patch: ensure number_colors is
not too large
- CVE-2018-16645
* SECURITY UPDATE: denial of service in ReadOneJNGImage
- debian/patches/CVE-2018-16749.patch; check for NULL color_image
- CVE-2018-16749
* SECURITY UPDATE: memory leak in formatIPTCfromBuffer
- debian/patches/CVE-2018-16750.patch: free memory on error
- CVE-2018-16750
[ Marc Deslauriers ]
* SECURITY REGRESSION: segfault in png to gif conversion (LP: #1793485)
- debian/patches/0261-CVE-2017-13144.patch: removed pending
further investigation.
- debian/patches/CVE-2017-12430.patch: refreshed.
Date: 2018-09-28 18:33:28.319934+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.13
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list