Changelog
imagemagick (8:6.8.9.9-5+deb8u12) jessie-security; urgency=high
* Non-maintainer upload.
* Fix the following security vulnerabilities:
- CVE-2017-10995: heap-based buffer over-read and application crash via a
crafted MNG image. (Closes: #867748)
- CVE-2017-11533: heap-based buffer over-read in the WriteUILImage()
function in coders/uil.c. (Closes: #869834)
- CVE-2017-11535: heap-based buffer over-read in the WritePSImage()
function in coders/ps.c. (Closes: #869827)
- CVE-2017-11639: heap-based buffer over-read in the WriteCIPImage()
function in coders/cip.c. (Closes: #870065)
- CVE-2017-13143: ReadMATImage function in coders/mat.c uses uninitialized
data, which might allow remote attackers to obtain sensitive information
from process memory. (Closes: #870012)
- CVE-2017-17504: heap-based buffer over-read. (Closes: #885340)
- CVE-2017-17879: heap-based buffer over-read in ReadOneMNGImage
in coders/png.c. (Closes: #885125)
- CVE-2018-5248: heap-based buffer over-read in coders/sixel.c
in the ReadSIXELImage function. (Closes: #886588)
-- Markus Koschany <email address hidden> Sun, 06 May 2018 18:28:48 +0200