Bug#856882: retitle

control: tags -1 + patch control: retitle -1 [CVE-2017-6497] Added missing null check in psd coder

Bug#856883: important

control: severity -1 important control: tags -1 +wontfix webp is disable under debian

Bug#855142: tmpfile are not random

Package: src:pdfsandwich version: 0.1.6-1 Severity: grave Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Hi, pdfsandwish use totally previsible file name like /tmp/pdfsandwich_inputfileea1150.pdf[11] Security team could you open a CVE ? Upsteam should use for instance

Bug#855141: Importing pdf fail with newer gscan2pdf

Package: gscan2pdf Version: 1.6.0-3 Severity: important Recent version of gscan2pdf fail to correctly import NIST bulletin http://nvlpubs.nist.gov/nistpubs/bulletin/03/nbsbulletinv3n2p295_A2b.pdf Thanks Bastien

Bug#847282: imagemagick-doc: fails to upgrade wheezy -> jessie -> stretch

control: severity -1 important Let decrease the severity to something not RC. I need to know if the problem is in dpkg or imagemagick. And I do not want to block the security update of imagemagick. On Sat, Jan 21, 2017 at 11:04 PM, Andreas Beckmann wrote: > Followup-For: Bug

Bug#849474: Confirmed

control: tags -1 + confirmed control: affect -1 consolation control: affect -1 gpm Hi, Jan 16 08:44:23 portable2015-bastien kernel: [67391.039421] Freezing user space processes ... Jan 16 08:44:23 portable2015-bastien kernel: [67411.041796] Freezing of tasks failed after 20.002 seconds (1

Bug#797359: ITP

control: retitle -1 ITP: universal-ctags control: owner -1 !

Bug#786946: contradictory license term for icc profile on your web sit

Resent, one more year > > Dear phil > > Some file on your website seems to have contradictory license terms: > > On http://www.color.org/profiles2.xalter you said: > >> The copyright owner and terms of use of an ICC profile are normally >> identified in the Creator field in >> the profile header

Bug#677673: Accepted ncc 2.8-2.1 (source amd64) into unstable

On Sun, Jan 8, 2017 at 4:03 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > On Sun, Jan 8, 2017 at 12:28 PM, Simon McVittie <s...@debian.org> wrote: >> On Sat, 07 Jan 2017 at 22:18:45 +, Holger Levsen wrote: >>> On Sat, Jan 07, 2017 at 11:11:02

Bug#677673: Accepted ncc 2.8-2.1 (source amd64) into unstable

On Sun, Jan 8, 2017 at 12:28 PM, Simon McVittie wrote: > On Sat, 07 Jan 2017 at 22:18:45 +, Holger Levsen wrote: >> On Sat, Jan 07, 2017 at 11:11:02PM +0100, Mattia Rizzolo wrote: >> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677673 >> >

Bug#850419: [Pkg-javascript-devel] Bug#850419: Bug#850419: Local installation seems needed

On Fri, Jan 6, 2017 at 5:41 PM, Jonas Smedegaard <jo...@jones.dk> wrote: > Quoting Pirate Praveen (2017-01-06 17:12:29) >> Control: severity -1 important >> >> On വെള്ളി 06 ജനുവരി 2017 04:07 വൈകു, Bastien ROUCARIES wrote: >> > Using grunt for node-sprintf-js

Bug#850419: [Pkg-javascript-devel] Bug#850419: Bug#850419: Local installation seems needed

On Fri, Jan 6, 2017 at 6:39 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > On Fri, Jan 6, 2017 at 5:41 PM, Jonas Smedegaard <jo...@jones.dk> wrote: >> Quoting Pirate Praveen (2017-01-06 17:12:29) >>> Control: severity -1 important >>> >>&

Bug#850419: Local installation seems needed

Package: node-grunt-cli Version: 1.2.0-3 Severity: serious Using grunt for node-sprintf-js I get Fatal error: Unable to find local grunt. If you're seeing this message, grunt hasn't been installed locally to your project. For more information about installing and configuring grunt, please see

Bug#850420: Please install bash and zsh completion files

Package: node-grunt-cli Version: 1.2.0-3 Severity: minor Hi Please install completion files

Bug#850418: Lack of documentation (manpage, offline doc)

Package: node-grunt-cli Version: 1.2.0-3 Severity: important I wish to use grunt-cli for node-sprintf-js but due to lack of documentation I could not go futher. They are no man page and moreover running grunt give me: grunt-cli: The grunt command line interface (v1.2.0) Fatal error: Unable to

Bug#848849: closed by Bastien ROUCARIÈS <roucaries.bastien+deb...@gmail.com> ([imagemagick] wontfix)

On Mon, Jan 2, 2017 at 1:28 PM, Eduard Bloch wrote: > Control: reopen 848849 > >> It is really hard from a pipe to guess the type of file. > > Huh? > > It has been possible and has been working fine (from user POV) for > years. Even the oldest version I can access right now (Ubuntu

Bug#849218: transition: imagemagick

Le 29 décembre 2016 16:37:43 GMT+01:00, Emilio Pozuelo Monfort a écrit : >Control: tags -1 confirmed > >On 23/12/16 18:54, Bastien ROUCARIÈS wrote: >> Package: release.debian.org >> Severity: normal >> >> Hi, >> >> Due to #846385 could be possible to get transition for

Bug#849439: imagemagick: CVE-2016-10062: fwrite issue in ReadGROUP4Image

I suppose experimental version is immune ? On Tue, Dec 27, 2016 at 8:42 AM, Salvatore Bonaccorso wrote: > Source: imagemagick > Version: 8:6.8.9.9-5 > Severity: important > Tags: upstream security > > Hi, > > the following vulnerability was published for imagemagick. AFAICT, >

Bug#849218: Build fine waiting for green light

Hi, experimental build fine. Waiting for green light I see you have setup the transition matrix Bastien

Bug#849458: cannot upgrade imagemagick-6-common

I suppose you use the experimental version On Tue, Dec 27, 2016 at 1:37 PM, 積丹尼 Dan Jacobson wrote: > Package: imagemagick-6-common > > # aptitude full-upgrade > The following packages will be upgraded: > imagemagick-6-common > 1 packages upgraded, 0 newly installed, 0 to

Bug#848825: lintian: Does not applies source-is-missing overrides unless path has wildcard

On Tue, Dec 20, 2016 at 12:26 AM, Jérémy Lal wrote: > Package: lintian > Version: 2.5.49 > Severity: normal > > This doesn't override anything: > > source/lintian-overrides > source-is-missing deps/v8/benchmarks/regexp.js > source-is-missing doc/api_assets/sh_javascript.min.js

Bug#849218: Rdeps build fine

I forget to mention that rdeps build fine except: trafficserver is - #848800 rss-glx due to unreleated build conflict (#838800)

Bug#849043: privacy-breach-w3c-valid-html: incorrect lowercase "Icon" in path

On Thu, Dec 22, 2016 at 4:37 AM, Trent W. Buck wrote: > Package: lintian > Version: 2.5.30+deb8u4 > Severity: minor > > While making a package I got this from lintian: > > E: foo: privacy-breach-w3c-valid-html usr/foo/foo.html >

Bug#848698: [RC] imagemagick

Package: sponsorship-requests Severity: important control: block 846385- by -1 Dear mentors, I am looking for a sponsor for my package "imagemagick" * Package name: imagemagick Version : 8:6.9.7.0+dfsg-1 Section : graphics It builds those binary packages:

Bug#845195: CVE requests for latest imagemagick security issues?

Yes go for it On Sun, Dec 18, 2016 at 9:00 PM, Antoine Beaupré wrote: > Hi! > > All the bugs mentionned in the CC list are marked as "Workaround entry > for DSA--1 until CVEs assigned" in the security tracker: > >

Bug#847282: dpkg bug

control: clone -1 -2 control: reassign -2 dpkg control: severity -2 wishlist control: retitle -2 dpkg maint script should ignore dpkg-backup file Hi, The following scenario fail dpkg-maintscript-helper symlink_to_dir foo/bar dpkg-maintscript-helper dir_to_symlink foo due to created dkpg-backup

Bug#847282: dpkg bug

control: clone -1 control: reassign -2 dpkg control: severity -2 wishlist control: retitle -2 dpkg maint script should ignore dpkg-backup file Hi, The following scenario fail dpkg-maintscript-helper symlink_to_dir foo/bar dpkg-maintscript-helper dir_to_symlink foo due to created dkpg-backup on

Bug#848139: CVE-2016-8707 ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: graveTags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability http://www.talosintelligence.com/reports/TALOS-2016-0216/ Fixed by:

Bug#845714: ITP: tpm -- tmux plugin manager

Le 26 novembre 2016 02:58:08 GMT+01:00, ChangZhuo Chen a écrit : >Package: wnpp >Severity: wishlist >Owner: "ChangZhuo Chen (陳昌倬)" > >* Package name: tpm > Version : v3.0.0 > Upstream Author : 2014 Bruno Sutic >* URL :

Bug#845634: Not fixed in sid

control: notfixed -1 imagemagick/8:6.9.6.2+dfsg-2 Corrected not fixed in sid, really sorry for this. Will resend a new sid version

Bug#845308: Sponsoring imagemagick/8:6.8.9.9-5+deb8u6

Can i add a newer patch fixing the last cve ? Le 25 novembre 2016 17:30:54 GMT+01:00, Luciano Bello a écrit : >Hi, > I will sponsor imagemagick/8:6.8.9.9-5+deb8u6 and release the DSA. > >Thanks for you effort of keeping imagemagick secure! > >/luciano -- Envoyé de mon

Bug#845204: Wont fix

control: severity -1 minor control: tags -1 + wontfix This bug concern only Q64 that is not compiled on debian and does not work on the upstream side. Bastien

Bug#845634: CVE-2016-8862: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: fixed -1 8:6.9.6.2+dfsg-2 control: forwarded -1

Bug#845213: Close it

control: fixed -1 8:6.9.6.2+dfsg-1

Bug#845246: Fixed

control: fixed -1 8:6.9.6.2+dfsg-2

Bug#845246: fixed

control: fixed -1 8:6.9.6.2+dfsg-1

Bug#845213: Done for stretch, sid

control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.7.7.10-5+deb7u7 On Tue, Nov 22, 2016 at 12:33 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > Corrected in may not a concern for sid

Bug#845308: RFS [RC][Security]: imagemagick/8:6.8.9.9-5+deb8u6

gt; Mon, 21 Nov 2016 22:04:16 +0100 Regards, bastien roucaries

Bug#845239: Not for jessie and old stable

control: notfound -1 8:6.7.7.10-5+deb7u7 control: notfound -1 8:6.8.9.9-5+deb8u5 bug is not present before sid

Bug#844211: Not for jessie and old stable

control: notfound -1 8:6.8.9.9-5+deb8u5 control: notfound -1 8:6.7.7.10-5+deb7u7 This function is not present in jessie. So no bug

Bug#845246: mat file out of bound

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: notfound -1 8:6.9.6.2+dfsg-2 moreinfo

Bug#845243: null pointer passed as argument 2, which is declared to never be null

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 API abuse lead to sigv fixed in

Bug#845244: Add check for invalid mat file

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: notfound -1 8:6.9.6.2+dfsg-2 Found by code review of changleog

Bug#845241: Prevent fault in MSL interpreter

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 Lead to segfault

Bug#845242: Heap buffer overflow in heap-buffer-overflow in IsPixelGray

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 Moreinformation https://github.com/ImageMagick/ImageMagick/issues/301

Bug#845239: Fixed memory leak in psd file handling

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.9.6.2+dfsg-2 control: tag -1 fixed-in-experimental

Bug#845212: Fix out of bound read in viff file handling

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 bug: https://github.com/ImageMagick/ImageMagick/issues/129 bug-ubuntu:

Bug#845213: Suspend exception processing if there are too many exceptions

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 Avoid a DOS by better checking overflow

Bug#845206: [Pkg-gmagick-im-team] Bug#845206: CVE-2016-8677: memory allocate failure in AcquireQuantumPixels

control: notfound -1 8:6.9.6.2+dfsg-1 On Mon, Nov 21, 2016 at 2:19 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > Hi, > > On Mon, Nov 21, 2016 at 01:51:52PM +0100, Bastien ROUCARIES wrote: >> Package: src:imagemagick >> version: 8:6.9.6.2+dfsg-2 >> S

Bug#845206: CVE-2016-8677: memory allocate failure in AcquireQuantumPixels

Package: src:imagemagick version: 8:6.9.6.2+dfsg-2 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.8.9.9-5+deb8u5 control: tags -1 + fixed-upstream

Bug#845204: CVE-2016-8678: heap-based buffer overflow in IsPixelMonochrome

Package: src:imagemagick version: 8:6.9.6.2+dfsg-2 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 control: found -1 8:6.8.9.9-5+deb8u5 control: tags -1 + fixed-upstream

Bug#845202: Better check for bufferoverflow for TIFF handling

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 commit c668a174e039905b4df1aaea96fcf087b8526575 Author: Cristy Date: Wed

Bug#845198: Check validity of extend during TIFF file reading

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 This will avoid a buffer overflow Found during git tree review origin;

Bug#845196: Check return of write function

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: important Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 Imagemagick write path does not check return of fputc. Therefore it could return success of conversion

Bug#845195: Imagemagick (jessie and older) buffer overlfow

Package: src:imagemagick version: 8:6.8.9.9-5+deb8u5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.7.7.10-5+deb7u7 Found by code review a buffer overflow in imagemagick tiff file handling Upstream commit

Bug#843583: RFS: imagemagick/8:6.9.6.2+dfsg-3

forget to push last version Done now. Thanks On Tue, Nov 8, 2016 at 4:47 PM, Mattia Rizzolo <mat...@debian.org> wrote: > control: owner -1 ! > control: tag -1 moreinfo > > On Mon, Nov 07, 2016 at 09:49:52PM +0100, Bastien ROUCARIES wrote: >> I am looking for

Bug#843596: RFS: node-jsonparse/1.2.0-1

the last upload: * New upstream version. * Bump policy version (no changes). * Use compat 10. * Upgrade VCS fields. It is needed for browserify effort so try to upload correct version Regards, bastien roucaries

Bug#843592: RFS: node-punycode/2.0.1-1

00 It is needed for browserify effort so try to upload correct version Regards, bastien roucaries

Bug#843583: RFS: imagemagick/8:6.9.6.2+dfsg-3

amic range. No upstream code change Regards, bastien roucaries

Bug#843196: Lack of aclocal --install

control: block -1 by 842928 Not really like a charm it is variation of 842928 On Sat, Nov 5, 2016 at 10:42 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > I do not understand hy autoreconf does not run aclocal --install... > > If done it work like a charm

Bug#843196: Lack of aclocal --install

I do not understand hy autoreconf does not run aclocal --install... If done it work like a charm

Bug#798212: node-indent-string ITPs with different owners

Please go with it Le 29 octobre 2016 09:11:52 GMT+02:00, Sarath M S a écrit : >Hi Bastien, > >Can you confirm that you aren't currently packaging this node module? I >already got started with building the package, with little more work to >do. > >Cheers, >Sarath > >PS: Thanks

Bug#842164: maxima-emacs does not work

severity: grave package: maxima-emacs version: 5.38.1-3 Typing imaxima under emacs does not work: Warning: SIMPLE-WARNING: Maxima is unable to set up the help system. (Details: CL-INFO::LOAD-PRIMARY-INDEX: Condition in CL-INFO::LOAD-PRIMARY-INDEX [or a callee]: INTERNAL-SIMPLE-FILE-ERROR: File

Bug#816701: Imagemagick bug: could you retest

control: tags -1 + moreinfo Hi, I have put the patch could you retest and check if it work ? Bastien

Bug#836702: Could you retest with newer version

control: tags -1 + moreinfo Hi, Could you retest with newer version ? Thank you

Bug#840682: dh-exec --with=subst run also strip and filter command

Package: dh-exec Version: 0.23 Severity: important dh-exec --with=subst --no-act /usr/lib/dh-exec/dh-exec-filter | /usr/lib/dh-exec/dh-exec-subst | /usr/lib/dh-exec/dh-exec-strip [input: {0, NULL}, output: {0, NULL}] instead of /usr/lib/dh-exec/dh-exec-subst [input: {0, NULL}, output: {0,

Bug#840428: Serious

control: severity -1 serious Transition is on going Thanks

Bug#840009: Applied

Patch is fine Applied

Bug#840437: CVE-2016-7799 mogrify global buffer overflow

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org https://github.com/ImageMagick/ImageMagick/issues/280 https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa

Bug#840435: CVE-2016-7906

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org imagemagick mogrify heap use after free https://github.com/ImageMagick/ImageMagick/issues/281

Bug#840428: pyhonmagick: FTBS with newer experimental version of imagemagick

package: src:pythonmagick version: 0.9.11-2 severity: important Hi Your package FTBFS with newer imagemagick under experimental. Usually using newest upstream is the way to go libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../../../pythonmagick_src -I../config -Wdate-time -D_FORTIFY_SOURCE=2 -I

Bug#836958: [Pkg-gmagick-im-team] Bug#836958: [imagemagick] Duplicate ?

vided patch and recompiling > everything. Unfortunately i can't do it. > > Thanks > > On Wed, Sep 21, 2016 at 10:14 AM, Bastien ROUCARIES > <roucaries.bast...@gmail.com> wrote: >> >> Hi, >> >> Could you check if your php bug is duplicate of 835488 ?. >&g

Bug#836958: [imagemagick] Duplicate ?

Hi, Could you check if your php bug is duplicate of 835488 ?. Thanks Bastien

Bug#836174: Not for stable and old stable

control: fixed -1 8:6.7.7.10-5+deb7u4 control: fixed -1 8:6.8.9.9-5+deb8u4 Statistic code does not compute histogram so bug not for stable and old stable So not affected

Bug#837778: pnm image dissolves into unsynchronised garbage when rotated 180

I prepare a ew version. Could you merge this bug with other ones citing problem with gscan2pdf? On Wed, Sep 21, 2016 at 9:31 AM, Gerry Butler wrote: > The following command produced an un-synchronised image: > > convert 1Ay0lSAB3d-pre.pnm -rotate 180

Bug#838242: Just hit experimental

Hi, The imagemagick package has just hit experimental. Waiting for green light on your side Bastien

Bug#838014: RFS: imagemagick

ool/main/i/imagemagick/imagemagick_6.9.5.9+dfsg-1.dsc More information about hello can be obtained from https://www.example.com. Regards, bastien roucaries

Bug#836776: SGI security bug

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org According to upstream changelog a new bug buffer overflow in SGI coders (bug report from pwchen of tencent Author: Cristy

Bug#836749: RFS: autoconf-archive/20160320-1

* Bug fix: "AX_CODE_COVERAGE: does not support lcov-1.12", thanks to Roman Lebedev (Closes: #834645). * Put my name is lower case. * Bump Standards-Version in debian/control (no changes required). * Fix lintian warnings. Regards, bastien roucaries

Bug#835650: Imagemagick regression pin point patch

Aug 31, 2016 at 8:42 AM, Bastien ROUCARIES >> <roucaries.bast...@gmail.com> wrote: >> >> > Patches are needed for a security point of view but it is likely a >> > problem of backport intereaction. >> > >> > Could you help by pin point the probl

Bug#836174: Prevent runtime error: divide by zero

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org commit 0c00b5cc2b572c5ad4ecf6582dada1d9991ce0e9 Author: Cristy Date: Sun Aug 28 09:28:02 2016 -0400 Prevent runtime

Bug#836172: Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders (bug report from Donghai Zhu)

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org commit 10b3823a7619ed22d42764733eb052c4159bc8c1 Author: Cristy Date: Tue Aug 23 17:41:17 2016 -0400 Prevent buffer

Bug#836171: TIFF divide by zero

Package: src:imagemagick version: 8:6.7.7.10-4 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org According to upstream changelog a new commit f983dcdf9c178e0cbc49608a78713c5669aa1bb5 Author: Cristy Date: Wed Aug 24

Bug#835650: Imagemagick regression pin point patch

Some correction On Wed, Aug 31, 2016 at 8:42 AM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > Hi, > > Patches are needed for a security point of view but it is likely a > problem of backport intereaction. > > Could you help by pin point the problem. > >

Bug#835650: Imagemagick regression pin point patch

Hi, Patches are needed for a security point of view but it is likely a problem of backport intereaction. Could you help by pin point the problem. as root install a few package needed for imagemagick compilation: apt-get install git apt-get build-dep imagemagick as a user git clone

Bug#835488: [Pkg-gmagick-im-team] Bug#835488: imagemagick: Regression after security update to 8:6.8.9.9-5+deb8u4, unable to convert PDF files in PHP

Le 27 août 2016 07:30:45 GMT+02:00, Tommie Van Mechgelen a écrit : > >Hi, > >I am not sure if this is the same as using pingImage() in PHP. > >convert -ping bug.pdf on 8:6.8.9.9-5+deb8u4 and 8:6.8.9.9-5+deb8u3: >convert: no images defined `bug.pdf' @

Bug#834163: libmagick++: undefined behavior on concurrent access because mutex locking is poorly done

control: tags -1 security control: severity -1 grave Justification DOS

Bug#834504: Buffer overflow in bmp file reader

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org * Prevent buffer overflow in BMP coder (bug report from pwchen of tencent

Bug#834501: Outofbound in exif (jpeg) reader

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Canged the JPEG writer to raise a warning when the exif profile exceeds 65533 bytes and truncate it. Avoid out of bound on malformed jpeg file (cherry

Bug#834163: libmagick++: undefined behavior on concurrent access because mutex locking is poorly done

On Fri, Aug 12, 2016 at 6:16 PM, Guillaume Gimenez wrote: > Package: libmagick++-6.q16-5v5 > Version: 8:6.8.9.9-7.2 > Severity: important > File: libmagick++ > Tags: patch > > Dear Maintainer, > > There is a bug in the locking implentation (RAII was the intended C++ idiom) >

Bug#834183: Double free

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=30245 Double free in pwp file. Fixed by commit

Bug#833691: lintian: warn against setting DEB_BUILD_OPTIONS in debian/rules

control: tags -1 + moreinfo On Sun, Aug 7, 2016 at 11:58 PM, Jakub Wilk wrote: > Package: lintian > Version: 2.5.45 > Severity: wishlist > > Some packages set DEB_BUILD_OPTIONS in debian/rules: >

Bug#833812: Prevent possible stack overflow

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Prevent possible stack overflow Prevent stack overflow by checking if string is null (cherry picked from commit

Bug#833485: CVE-2016-6520: imagemagick: buffer overflow

control: fixed -1 8:6.8.9.9-7.2 according to http://www.imagemagick.org/discourse-server/viewtopic.php?f=3=30259=136359#p136359 it is not for us This is a ImageMagick 7 specific patch. We allocate the buffers based on the number of image pixel channels, however, the method was not returning the

Bug#833744: RLE check for pixel offset less than 0

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org RLE check for pixel offset less than 0 Heap overflow report from Craig Young (cherry picked from commit

Bug#833743: Segfault in ReadRLEImage

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org commit 68c13e10ab0415f1215f1e869ee851b373a3db70 Author: Cristy Date: Tue May 17 15:05:03 2016 -0400 Segfault in

Bug#833735: Coder path transversal

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Imagemagick arbitrary module loading due to not escaping relative path commit 3ed665639d7665fabdff33d77e3b8428854726da Author: Cristy

Bug#833732: memory leak

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org commit d0422250c0577e6cdacfba63560065886276209b Author: Cristy Date: Thu Jun 2 13:44:20 2016 -0400 Fix small

Bug#833730: Buffer overflow in draw.c

Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Prevent buffer overflow in draw.c Thanks to Max Thrane, an insuffisant allocation of bezier buffer was dectected. Increase the size of buffer

Bug#816701: imagemagick: php-imagick testcase segfault in imagemagick

On Fri, Mar 4, 2016 at 5:48 PM, Nishanth Aravamudan wrote: > Package: imagemagick > Version: 8:6.8.9.9-7 > Severity: important > > Dear Maintainer, > > The php-imagick auto tests currently segmentation fault (and have for > some time, since 12/21): >

<    1   2   3   4   5   6   7   8   9   10   >