Changelog
imagemagick (8:6.8.9.9-5+deb8u9) jessie-security; urgency=high
* Security fixes various:
+ CVE-2017-7606: Undefined behavior in rle (Closes: #859771).
+ CVE-2017-7619: Infinite loop due to rounding error (Closes: #859769).
+ CVE-2017-7941 memory leak in sgi (Closes: #860734).
+ CVE-2017-7943 memory leak in svg (Closes: #860736).
* Security fixes DOS:
+ Fix CVE-2017-8343: The ReadAAIImage function in
aai.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (Closes: #862572).
+ Fix CVE-2017-8344: Fix DOS in PCX file coders.
(Closes: #862574).
+ Fix CVE-2017-8345: The ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #862573)
+ Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file. (Closes: #862575).
+ Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577).
+ Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578).
+ Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579).
+ Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587).
+ Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589).
+ Fix CVE-2017-8352: Fix DOS in xwd file coders. (Closes: #862590).
+ Fix CVE-2017-8353: Fix DOS in pict file coders. (Closes: #862632).
+ Fix CVE-2017-8354: Fix DOS in bmp file coders. (Closes: #862633).
+ Fix CVE-2017-8355: Fix DOS in mtv file coders. (Closes: #862634).
+ Fix CVE-2017-8356: Fix DOS in sun file coders. (Closes: #862635).
+ Fix CVE-2017-8357: Fix DOS in ept file coders. (Closes: #862636).
+ Fix CVE-2017-8765: Fix DOS in icon file coders. (Closes: #862653).
+ Fix CVE-2017-8830: Fix DOS in bmp file coders. (Closes: #862637).
* Security fixes assertion failure and memory leaks:
+ Check for EOF conditions for RLE image format. (Closes: #863126).
Fix CVE-2017-9144.
+ A crafted file revealed an assertion failure in blob.c.
(Closes: #863125).
Fix CVE-2017-9142.
+ A crafted file revealed an assertion failure in profile.c.
(Closes: #863124). Fix CVE-2017-9142.
+ Specially crafted arts file could lead to memory leak.
(Closes: #863123). Fix CVE-2017-9143.
* Fix an information leak due to the use of uninitialized memory
in RLE decoder. (Closes: #862967). Fix CVE-2017-9098.
* Fix a regression in memory allocation due to a previous security fix.
(Closes: #859772).
* Change my mail adress to the debian one.
-- Bastien Roucariès <email address hidden> Fri, 05 May 2017 11:47:25 +0200