Accepted imagemagick 8:6.8.9.9-5tanglu6 (source)

Thomas Funk t.funk at web.de
Tue May 17 17:47:07 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 17 May 2016 22:41:24 +0200
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
Architecture: source
Version: 8:6.8.9.9-5tanglu6
Distribution: chromodoris-updates
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Thomas Funk <t.funk at web.de>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 823542
Changes:
 imagemagick (8:6.8.9.9-5tanglu6) chromodoris-updates; urgency=high
 .
     because of security issue DSA 3580-1:
     * ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT,
       SHOW, WIN, and PLT are disabled via policy.xml file, since they are
       vulnerable to code injection. This mitigates CVE-2016-3714,
       CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718.
       Since ImageMagick reverts to its internal SVG renderer (which uses
       MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg
       is included. Closes: 823542. In addition, some other actions were
       taken with respect to these vulnerabilities:
       - Drop the PLT/Gnuplot decoder, which was vulnerable to command
       injection.
       - Some sanitization for input filenames in http/https delegates is
       added.
       - Indirect filename are now authorized by policy.
       - Indirect reads with label:@ are prevented.
       - Less secure coders (such as MVG, TEXT, and MSL) require explicit
         reference in the filename (e.g. mvg:my-graph.mvg).
Checksums-Sha1:
 52ced68ba64d239a45f30c8acf9d45a2706bccaa 4226 imagemagick_6.8.9.9-5tanglu6.dsc
 43f3266fd348f163cf6639797878454c4d37175a 213880 imagemagick_6.8.9.9-5tanglu6.debian.tar.xz
Checksums-Sha256:
 acde2db3461a3580426fbc7c493676dd94d1845776cee72586732e017e306848 4226 imagemagick_6.8.9.9-5tanglu6.dsc
 83213987cbf6f1c6c873d7e5307fff6cc62f85f1f306f2bdfc080e21eebde29c 213880 imagemagick_6.8.9.9-5tanglu6.debian.tar.xz
Files:
 02bea90e58e38512f8d47a19e061e43c 4226 graphics optional imagemagick_6.8.9.9-5tanglu6.dsc
 d4ed54f2d077cd4b7d0d79d51e7fe57f 213880 graphics optional imagemagick_6.8.9.9-5tanglu6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXO5A5AAoJEBHQSAmiZP36cR0P/39i7V3TG7amEvGsiI4jAx/K
APZNLGlkAUjnnvgOvUqLoRWpno0v65FgIwwtpRHZFEM10Sz7mqEezCWc8GahRwWI
p8I48lSf1WbeLUmaLJyI/+n4rHXTgZGfGlR7tjKIFfM/M25W91Z/2epYSg6OjxAf
SZci9jfJ4ADbvSBSXEAbbAZ+xLRD+WiynUHZhNvTwbMDuH5W8qVfudxHefEo4+P6
QscEturf9OxHl2JOMKV/F3j9eACaws5wjatyICTQN8Vh53Xrm3creyLEVqLLg04F
A+xdyvBTIQw/oYU3opgowIv8FErN4myKLJdbEm4WqPEprEwFEFz5nwa+/kqcH4Qm
uGgJrT7rr9Q2+gwoNxMuwy8Sz3nrVVmcQbkrmSjy1QBcN6kD5Vm4kOHOWApbom2L
v99IOnlJ5MQ3ZmJ5uKWcKvU+JTw4S103hTpe9f53SpYklsJcC2kqxhPIp8EaECaM
TR5mV4zPGJXt9/jSAXjJY13ea/RfGfxq+laWmowbpT1wrnKDoLSNIN0//LIvk/Ik
26uu2G16iMLZLdQv7mhR/mtn2NxyM4A3/hYFkrwJk+dQf12YMWVF11Pen4aCsbgS
2J26NzESP0JjPbVOnwG3w7xHFIx7k+N6FT5xGyaYLm+VZ5grfvPasT/Ut7SQR37F
71hngwW6qmoqcDLzTMQ/
=V1lZ
-----END PGP SIGNATURE-----



More information about the Tanglu-changes mailing list