Accepted imagemagick 8:6.8.9.9-5tanglu8 (source)

Thomas Funk t.funk at web.de
Mon Aug 29 19:33:10 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 29 Aug 2016 23:44:10 +0200
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
Architecture: source
Version: 8:6.8.9.9-5tanglu8
Distribution: chromodoris-updates
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Thomas Funk <t.funk at web.de>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 823750 827643 831034 832455 832457 832461 832464 832465 832467 832469 832474 832475 832478 832480 832482 832483 832504 832506 832633 832776 832780 832785 832787 832789 832791 832793 832885 832887 832888 832890 832942 832944 832968 833003 833042 833043 833044 833099 833101 833730 833732 833735 833743 833744 833812 834163 834183 834501 834504
Changes:
 imagemagick (8:6.8.9.9-5tanglu8) chromodoris-updates; urgency=high
 .
   * Merge patches from imagemagick 6.8.9.9-5+deb8u4 from Debian stable
     because of security issue DSA 3652-1
   * Remaining changes:
     - Fix a few security problems (Closes: #823750):
       - Fix a off-by-one error leading to segfault (Closes: #832455).
       - Fix an out-of-bounds read in coders/psd.c (Closes: #832457,
         LP: #1533442).
       - Fix rle file handling for corrupted file (Closes: #832461,
         LP: #1533445)
       - Fix a buffer overflow in sun file handling (Closes: #832464).
       - Fix a potential DOS in sun file handling due to
         malformed files (Closes: #832465).
       - Fix multiple out of bound problem in rle, pict, viff and
         sun files (Closes: #832467, LP: #1533452, LP: #1533449,
         LP: #1533447, LP: #1533445).
       - Fix a heap overflow in hdr file handling (Closes: #832469,
         LP: #1537213).
       - Fix a heap buffer overflow in psd file handling
         (Closes: #832474, LP: #1537418).
       - Fix an out of bound access for malformed psd file
         (Closes: #832475, LP: #1537419).
       - Fix a meta file out of bound access (Closes: #832478,
         LP: #1537420)
       - Fix heap buffer overflow in psd file coder
         (Closes: #832480, LP: #1537424)
       - Fix an out of bound access in wpg file coder (Closes: #832482,
         LP: #1539050, LP: #1542115).
       - Fix out of bound access for viff file coder (Closes: #832483,
         LP: #1537425)
       - Fix an out of bound access in xcf file coder (Closes: #832504,
         LP: #1539051, LP: #1539052).
       - Fix out of bound in quantum handling (Closes: #832506,
         LP: #1539067, LP: #1539053).
       - Fix a pbd file out of bound access (Closes: #832633,
         LP: #1539061, LP: #1542112).
       - Fix handling of corrupted psd file (Closes: #832776,
         LP: #1539066).
       - Fix a wpg file out of bound for corrupted file
         (Closes: #832780, LP: #1542114).
       - Fix an out of bound access in generic decoder (Closes: #832785,
         LP: #1542785).
       - Fix an out of bound access for corrupted psd file
         (Closes: #832787, LP: #1545180).
       - Fix a SEGV reported in corrupted profile handling
         (Closes: #832789, LP: #1545367).
       - Fix an out of bound access for corrupted pdb file
         (Closes: #832791, LP: #1553366).
       - Fix a SIGABRT for corrupted pdb file
         (Closes: #832793, LP: #1556273).
     - Prevent buffer overflow in magick/draw.c. Fix
       CVE-2016-4562, CVE-2016-4563, CVE-2016-4564.
       (Closes: #832885, #832887, #832888).
     - Fix DOS due to corrupted DDS files
       (Closes: #832942, #832944).
     - Fix out of bounds memory read for DDS files. This fix
       CVE-2016-5687. (Closes: #832890).
     - Prevent possible buffer overflow when reading TIFF images.
       This fix CVE-2016-5010. (Closes: #832968).
     - Fix out of bound access for corrupted WPG file. This fix
       CVE-2016-5688. (Closes: #833003).
     - Add additional checks to DCM reader to prevent data-driven faults.
       This fix CVE-2016-5689, CVE-2016-5690, CVE-2016-5691.
       (Closes: #833044, #833043, #833042).
     - Improve checking of EXIF profile to prevent integer overflow.
       This fix CVE-2016-5841 and CVE-2016-5842.
       (Closes: #831034).
     - Prevent buffer overflow in properties reading.
       This fix CVE-2016-6491. (Closes: #833099).
     - Fix potential DOS by not releasing memory.
       (Closes: #833101).
     - Fix abort when writing to rgf format.
       (Closes: #827643, LP: #1594060).
     - Prevent possible stack overflow. (Closes: #833812)
     - Prevent heap overflow in RLE file handling.
       (Closes: #833744)
     - Prevent Segfault in ReadRLEImage for corrupted file.
       (Closes: #833743).
     - Fix loading arbitrary module from user side.
       (Closes: #833735).
     - Fix small memory leak in XML file traversal.
       (Closes: #833732).
     - Prevent buffer overflow in draw.c
       (Closes: #833730).
     - Avoid a double free.
       (Closes: #834183).
     - Avoid an out of bound access for malformed exif data.
       (Closes: #834501).
     - Avoid a DOS due to improper locking in magick++ lib.
       (Closes: #834163).
     - Avoid a buffer overflow in bmp file reader.
       (Closes: #834504).
Checksums-Sha1:
 5dd320f67eb6c6953642493e5b8d920c9155bebd 4226 imagemagick_6.8.9.9-5tanglu8.dsc
 4cca6095f549009a33da5c5ad3200c33e9284e7c 239652 imagemagick_6.8.9.9-5tanglu8.debian.tar.xz
Checksums-Sha256:
 664ae5fdff08a3f4fe19ff3b4b262e6afcdb1214c2eef7c3f3f9852d1d0cbd42 4226 imagemagick_6.8.9.9-5tanglu8.dsc
 785fbb2dc9a2a801c59e23ca63a6c62f31e2335499b07beaf74e555f0d6f6d5a 239652 imagemagick_6.8.9.9-5tanglu8.debian.tar.xz
Files:
 2cb9bbea5436ada183b7e4b39aa82f37 4226 graphics optional imagemagick_6.8.9.9-5tanglu8.dsc
 da610aa29c167c37e0cd9a93843c4695 239652 graphics optional imagemagick_6.8.9.9-5tanglu8.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXxMN7AAoJEBHQSAmiZP36U78P/1fnCqbYrjt+crd4vudvpzyJ
DL5REPPIfIdmgB+Ats/Xzr9onpOZph1OoUp5y4A1eXVAN/vUl0SspRLI8lNAZPVn
U+fWaYo74SYzRgDWAVqPLugjNv2WRwyMjMNeCZwkdDWdqCO1aMp45rxPdXeHZxY9
lfwW8ghqSMnOpPuhyygdfPmkFQXcvVHnq+z4kB8SO6WW3Y31H5sop8CvRKsaBhmn
XrwuP58h7Tckrl08+jlhP8g82J9lHbLfkolT2BnSKAmcRRi8Ggm8uV0/7OtB7AKk
d+AIIBGUndCu/RecBX9jQytYCuIl54t6cb9HUDD/VyHcAp3eknIoUbGaQA+t/8Bg
7ZR2/+82iYymSKXdBBt4pB0cQD50imIzFA6lIF4qpm4dj1ZKviLqtaSBflK1L/zt
yKUKUYbtk13lMjJVhnx2GySlXvY1ehgJ1F5PtnVkuJ+zggslt12RZogBXiFIhobN
rkGgjvki2JWv5PO2zeTRZbFj+l0LvdKHa5BxrFYYigxVLWbtXarwRfT0YdZsbJnb
EfCiR5zBvZ4+AhzljWElmz3ktm7iR3xHVKveyjzBLioIeFhD2b9PCfoWOOWa/j1t
67JVP2mNezEHa3LkCTTPpDAZePVHyIwDNI6/aB5OodM4CnLe3h2x0YsZtciseKrB
klfCrTRIq4jzpkLEBzFF
=y5/b
-----END PGP SIGNATURE-----



More information about the Tanglu-changes mailing list