Package: sponsorship-requests X-Debbugs-CC: t...@security.debian.org Severity: important Dear mentors,
I am looking for a sponsor for my package "imagemagick" * Package name : imagemagick Version : 8:6.8.9.9-5+deb8u6 Section : graphics It builds those binary packages: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package To access further information about this package, please visit the following URL: https://mentors.debian.net/package/imagemagick Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/i/imagemagick/imagemagick_6.8.9.9-5+deb8u6.dsc This fix all opened security bug against jessie except CVE-2016-8862 and CVE-2016-8678, where I am waiting more information from upstream, and that are more succeptible of trouble (first fix has done a regression). I prefer to release early instead of getting a patch queue of more than 50 fixes like in the beginning of this year. Release often, release early Changes since the last upload: imagemagick (8:6.8.9.9-5+deb8u6) jessie-security; urgency=medium * Fix CVE-2016-7799: global buffer overflow. (Closes: #840437). * Fix CVE-2016-7906: use after free. (Closes: #840435). * Fix a TIFF file buffer overflow. (Closes: #845195). * Check return of fputc during TIFF file writing. (Closes: #845196). * Prevent buffer overflow by checking image extend for TIFF (Closes: #845198). * Avoid a out of bound read in VIFF file handler. (Closes: #845212 and LP: #1545183). * Avoid a DOS by not allowing too deep nested exception. (Closes: #845213). * Better check for buffer overflow in TIFF files handling. (Closes: #845202). * Fix CVE-2016-8677: memory allocate failure in AcquireQuantumPixels (Closes: #845206). * Prevent fault in MSL interpreter. (Closes: #845242). * Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray (Closes: #845242) * Fix null pointer dereference in TIFF file handling. (Closes: #845243). * Added check for invalid number of frames in mat file (Closes: #845244). * Fix an out of bound read in mat file due to insuffisant allocation. (Closes: #845246). -- Bastien Roucariès <roucaries.bastien+deb...@gmail.com> Mon, 21 Nov 2016 22:04:16 +0100 Regards, bastien roucaries