Debian
imagemagick package

imagemagick 8:6.8.9.9-5+deb8u9 source package in Debian

Changelog

imagemagick (8:6.8.9.9-5+deb8u9) jessie-security; urgency=high

  * Security fixes various:
    + CVE-2017-7606: Undefined behavior in rle (Closes: #859771).
    + CVE-2017-7619: Infinite loop due to rounding error (Closes: #859769).
    + CVE-2017-7941 memory leak in sgi (Closes: #860734).
    + CVE-2017-7943 memory leak in svg (Closes: #860736).
  * Security fixes DOS:
    + Fix CVE-2017-8343: The ReadAAIImage function in
      aai.c allows attackers to cause a denial of service
      (memory leak) via a crafted file. (Closes: #862572).
    + Fix CVE-2017-8344: Fix DOS in PCX file coders.
      (Closes: #862574).
    + Fix CVE-2017-8345: The ReadMNGImage function in png.c allows
      attackers to cause a denial of service (memory leak)
      via a crafted file. (Closes: #862573)
    + Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows
      attackers to cause a denial of service (memory leak) via a crafted
      file. (Closes: #862575).
    + Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577).
    + Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578).
    + Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579).
    + Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587).
    + Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589).
    + Fix CVE-2017-8352: Fix DOS in xwd file coders. (Closes: #862590).
    + Fix CVE-2017-8353: Fix DOS in pict file coders. (Closes: #862632).
    + Fix CVE-2017-8354: Fix DOS in bmp file coders. (Closes: #862633).
    + Fix CVE-2017-8355: Fix DOS in mtv file coders. (Closes: #862634).
    + Fix CVE-2017-8356: Fix DOS in sun file coders. (Closes: #862635).
    + Fix CVE-2017-8357: Fix DOS in ept file coders. (Closes: #862636).
    + Fix CVE-2017-8765: Fix DOS in icon file coders. (Closes: #862653).
    + Fix CVE-2017-8830: Fix DOS in bmp file coders. (Closes: #862637).
  * Security fixes assertion failure and memory leaks:
    + Check for EOF conditions for RLE image format. (Closes: #863126).
      Fix CVE-2017-9144.
    + A crafted file revealed an assertion failure in blob.c.
      (Closes: #863125).
      Fix CVE-2017-9142.
    + A crafted file revealed an assertion failure in profile.c.
      (Closes: #863124). Fix CVE-2017-9142.
    + Specially crafted arts file could lead to memory leak.
      (Closes: #863123). Fix CVE-2017-9143.
  * Fix an information leak due to the use of uninitialized memory
    in RLE decoder. (Closes:  #862967). Fix CVE-2017-9098.
  * Fix a regression in memory allocation due to a previous security fix.
    (Closes: #859772).
  * Change my mail adress to the debian one.

 -- Bastien Roucariès <email address hidden>  Fri, 05 May 2017 11:47:25 +0200

Upload details

Uploaded by:
ImageMagick Packaging Team
Uploaded to:
Jessie
Original maintainer:
ImageMagick Packaging Team
Architectures:
any all
Section:
graphics
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
imagemagick_6.8.9.9-5+deb8u9.dsc 4.1 KiB 0260ef9260626c46580deccd9727624f60b5dc2c0a01b26f4bf83b7136f42210
imagemagick_6.8.9.9.orig.tar.xz 7.5 MiB a4cccc70179ff2c67550e063cdcb2e62907338ef3e68b45bb1c41931e515b3eb
imagemagick_6.8.9.9-5+deb8u9.debian.tar.xz 270.6 KiB e82a9ea12f64ba1a7040db9342b5fe7f65459f1176147d6692a96ce3c5d414dd

No changes file available.

Binary packages built by this source