Package: release.debian.org Severity: important User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package imagemagick It fix CVE-2014-8716 (a two line change). I have also updated previous changelog entry with proper CVE. diff -Nru imagemagick-6.8.9.9/debian/changelog imagemagick-6.8.9.9/debian/changelog --- imagemagick-6.8.9.9/debian/changelog 2014-10-28 18:48:23.000000000 +0100 +++ imagemagick-6.8.9.9/debian/changelog 2014-11-12 21:58:20.000000000 +0100 @@ -1,3 +1,13 @@ +imagemagick (8:6.8.9.9-3) unstable; urgency=high + + * Fix a security bug (DOS). Some special crafted JPEG + files could create a dos due to missing check in + embeded EXIF properties (EXIF directory offsets + must be greater than 0). Fix CVE-2014-8716 + (Closes: #768494). + + -- Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Fri, 07 Nov 2014 21:16:20 +0100 + imagemagick (8:6.8.9.9-2) unstable; urgency=high * Remove build-dep loop. Remove inkscape. @@ -9,10 +19,11 @@ * New upstream version, fixing four security problems: - Remotely DOS: "convert +profile regression enters infinite loop exhausting memory", thanks to - Yuri D'Elia (Closes: #764872). - - Fixed buffer overflow in PCX and DCM coder. + Yuri D'Elia (Closes: #764872). Fix CVE-2014-8561. + - Fixed buffer overflow in PCX and DCM coder. Fix + CVE-2014-8562 and CVE-2014-8355. - Don't clone a 0x0 image breaking some assumption - in client code. + in client code. Fix CVE-2014-8354. - Off-by-one count when parsing an 8BIM profile. * Fix identify -quiet has non zero exit code on warnings (Closes: #763686). diff -Nru imagemagick-6.8.9.9/debian/patches/0001-Use-svg-instead-of-png-for-generating-class-diagram.patch imagemagick-6.8.9.9/debian/patches/0001-Use-svg-instead-of-png-for-generating-class-diagram.patch --- imagemagick-6.8.9.9/debian/patches/0001-Use-svg-instead-of-png-for-generating-class-diagram.patch 2014-10-28 18:50:28.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0001-Use-svg-instead-of-png-for-generating-class-diagram.patch 2014-11-15 14:47:56.000000000 +0100 @@ -82,5 +82,5 @@ # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. -- -2.1.1 +2.1.3 diff -Nru imagemagick-6.8.9.9/debian/patches/0002-Fix-html-documents.patch imagemagick-6.8.9.9/debian/patches/0002-Fix-html-documents.patch --- imagemagick-6.8.9.9/debian/patches/0002-Fix-html-documents.patch 2014-10-28 18:50:29.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0002-Fix-html-documents.patch 2014-11-15 14:47:56.000000000 +0100 @@ -5152,5 +5152,5 @@ +<!-- Magick Cache 25th July 2014 04:06 --> + -- -2.1.1 +2.1.3 diff -Nru imagemagick-6.8.9.9/debian/patches/0003-Fix-meta-tag-damage-in-html-documentation.patch imagemagick-6.8.9.9/debian/patches/0003-Fix-meta-tag-damage-in-html-documentation.patch --- imagemagick-6.8.9.9/debian/patches/0003-Fix-meta-tag-damage-in-html-documentation.patch 2014-10-28 18:50:30.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0003-Fix-meta-tag-damage-in-html-documentation.patch 2014-11-15 14:47:57.000000000 +0100 @@ -2290,5 +2290,5 @@ \ No newline at end of file +<!-- Magick Cache 25th July 2014 05:32 --> -- -2.1.1 +2.1.3 diff -Nru imagemagick-6.8.9.9/debian/patches/0004-Fix-remaining-html-error.patch imagemagick-6.8.9.9/debian/patches/0004-Fix-remaining-html-error.patch --- imagemagick-6.8.9.9/debian/patches/0004-Fix-remaining-html-error.patch 2014-10-28 18:50:30.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0004-Fix-remaining-html-error.patch 2014-11-15 14:47:57.000000000 +0100 @@ -162,5 +162,5 @@ </div> -- -2.1.1 +2.1.3 diff -Nru imagemagick-6.8.9.9/debian/patches/0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch imagemagick-6.8.9.9/debian/patches/0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch --- imagemagick-6.8.9.9/debian/patches/0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch 2014-11-15 14:47:57.000000000 +0100 @@ -0,0 +1,33 @@ +From b61b7f4f0e705b6a9a9ba8b8af898a406b0fc87e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bast...@gmail.com> +Date: Fri, 7 Nov 2014 21:05:07 +0100 +Subject: [PATCH] Avoid crash and DOS with special crafted jpeg file + +Some special crafted JPEG file could lead to dos due to missing check in +embeded EXIF properties (EXIF directory offsets must be greater than 0). + +Fix CVE-2014-8716. + +Forwarded: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456 +Bug-debian: http://bugs.debian.org/768494 +Applied-Upstream: 6.9.9.10 +--- + magick/property.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/magick/property.c b/magick/property.c +index 25eb765..c9c81d4 100644 +--- a/magick/property.c ++++ b/magick/property.c +@@ -1321,6 +1321,8 @@ static MagickBooleanType GetEXIFProperty(const Image *image, + The directory entry contains an offset. + */ + offset=(ssize_t) ((int) ReadPropertyLong(endian,q+8)); ++ if ((offset < 0) || (size_t) offset >= length) ++ continue; + if ((ssize_t) (offset+number_bytes) < offset) + continue; /* prevent overflow */ + if ((size_t) (offset+number_bytes) > length) +-- +2.1.3 + diff -Nru imagemagick-6.8.9.9/debian/patches/series imagemagick-6.8.9.9/debian/patches/series --- imagemagick-6.8.9.9/debian/patches/series 2014-10-28 18:50:30.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/series 2014-11-15 14:47:57.000000000 +0100 @@ -3,3 +3,4 @@ 0002-Fix-html-documents.patch 0003-Fix-meta-tag-damage-in-html-documentation.patch 0004-Fix-remaining-html-error.patch +0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch unblock imagemagick/8:6.8.9.9-3 -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org