commit 3b7c0268e5339014f28abd620f4395827abc7ef4 Author: Cristy <urban-warr...@imagemagick.org> Date: Tue Jun 21 21:13:18 2016 -0400
Improve checking of EXIF profile to prevent integer overflow This fix CVE-2016-5841 and CVE-2016-5842 bug-debian: https://bug.debian.org/CVE-2016-5842 origin: upstream, https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b commit faa64c1ec03fa1aa7ca468ae50c9f8281e6c4b3f Author: Cristy <urban-warr...@imagemagick.org> Date: Fri May 13 07:56:18 2016 -0400 Rewrite property with new wrapper This fix https://github.com/ImageMagick/ImageMagick/issues/198 And it is also needed to apply cleanly CVE-2016-5841 that use signed/unsigned logic. Origin:upstream, 08fe978d2de086b90b67631b4d1097becc98f1d5 On Wed, Jul 13, 2016 at 9:53 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > Source: imagemagick > Version: 8:6.8.9.9-7.2 > Severity: grave > Tags: security upstream > Justification: user security hole > > the following vulnerabilities were published for imagemagick. > CVE-2016-5841[0] and CVE-2016-5842[1]. > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-5841 > [1] https://security-tracker.debian.org/tracker/CVE-2016-5842 > [2] http://www.openwall.com/lists/oss-security/2016/06/23/1 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore >