-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Jul 2017 00:51:39 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.7.4+dfsg-14 Distribution: unstable Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 869210 870012 870013 870014 870015 870016 870017 870019 870020 870021 870022 870023 Changes: imagemagick (8:6.9.7.4+dfsg-14) unstable; urgency=high . * Security bugs: + assertion failed in DestroyImageInfo A assertion failed in DestroyImageInfo, leading to DOS (Closes: 870014) + CVE-2017-11523: endless loop in ReadTXTImage If text image file only contains "MagickID..." line, it will cause ReadTXTImage to infinite loop. (Closes: #869210). + Memory leak in mat coder Fix a memory leak in mat coder triggered by a special crafted file (Closes: #870013). + Use of uninitialized data in ImageMagick/coders/mat.c The coder accesses uninitialized data which might pose a security issue or at least a bug. The first undefined access happens within coders/mat.c:1196 in a call to calcMinMax(). The back part of the buffer bImgBuff is now large enough but does seemingly not contain any sensible data. (Closes: #870012) + CVE-2017-11644 A special crafted file create a memory leak in MAT file coder. The code need to free two buffer in some exceptionnal circonstances, instead than just one is freed (Closes: #870016) + Memory leak in mat coder A special crafted file create a memory leak in MAT coder (Closes: #870015) + Memory leak in mat coder In case of corrupted file, cloned image (temporarly image) should be freed (Closes: #870017) + assertion failed in DestroyImageInfo due to mat coder (Closes: #870019) + assertion failed in DestroyImage due to mat coder (Closes: #870020) + Memory leak in mat coder (upstream 617) (Closes: #870021) + Memory leak in mat coder (upstream 616) (Closes: #870022) + Memory leak in mat coder (upstream 616) (Closes: #870023) Checksums-Sha1: 75247a79b7b5eb82811ab73f0ec68908a4972d8d 5137 imagemagick_6.9.7.4+dfsg-14.dsc c40fa968ca6680bda8ef2e322334ff200a04ada5 243764 imagemagick_6.9.7.4+dfsg-14.debian.tar.xz 3f089382844b041b9e05e540a7ab96671080be86 12823 imagemagick_6.9.7.4+dfsg-14_source.buildinfo Checksums-Sha256: 14c3d43d4f5d7e2ab48eeaa17ce0b1f6101e41c865d21ff67d97eccff466b343 5137 imagemagick_6.9.7.4+dfsg-14.dsc 782073edb3619f224ced0cd0996b94ce8ee89d1440cac296de034163223949f4 243764 imagemagick_6.9.7.4+dfsg-14.debian.tar.xz 67f3fe40bd5beeedbe022e2c43d6ebc609a6a8cedeee226a0936200024244fab 12823 imagemagick_6.9.7.4+dfsg-14_source.buildinfo Files: 6a3cd4a1a8b89dcaac1d2807d8413f0f 5137 graphics optional imagemagick_6.9.7.4+dfsg-14.dsc f5344e2e44a79570fa428c92f9d1d8c3 243764 graphics optional imagemagick_6.9.7.4+dfsg-14.debian.tar.xz d956b5b0e374aeea902e6e42f6533d2e 12823 graphics optional imagemagick_6.9.7.4+dfsg-14_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAll7w8kACgkQADoaLapB CF/iQQ//V0fefamog0KyW+GQuzH9rdajUUJVI+y4vxUK+HJh1fgxlkhjzjXj3WIC TXzglgwagy9YNuELARQ6xALs+h65F9tM/6YgjtzqFMVid7gG90HfFXn0ze+aoTpC bnzb3w4KPaR5o0NYWw7yUtpTmXMkHGdsJDvpuFap4FEiqCu7vXMplx0gBDBDw3zT ns0x10Th2E8naIlRMVE5HJiT+FCtS30XFb/PgUnKqoywwZ1/yXcNMZIGaKN1By9p w2uoEAKjdIxW9vVc4BZkmpRRvO+ttnEIX4zaNrG4Z1yPYKGFcD6adG6B4ntIdHHA pKn115s1LV0vxAQJME46Frv1YqxFDWzYrNZspGf9FAU3sNnFQq624od/ZxJidxju UPVRtZ8JGH3vAPAHnvg8q56p5I/4h5KpPIq8CBvGhg1CAveNpvkjYyg2HOUI1mm3 Vod9GnCd3WdRbvf/PINYW44T5B3SLyqElIW9yFdpgzulM98PIhrQ57qk5AYAxFjF 7V5Zu1mmD0GVvOtszfPthT5umUjnf+UZAG7gFXoxWWNq91FtiXzmYkMJsfmrB2Wb dIflVw65wrgAfVgh3jTa0OQRE2F7Gw+0o7Q6+UXrNBDh4uL+DTGI/36tFvACrYAb ToEDev8hnZEv529pcznbbyLAPdeFsMy2hDgf0oH3Z6EMk6aFozM= =br7e -----END PGP SIGNATURE-----