Changelog
imagemagick (8:6.9.12.98+dfsg1-1) experimental; urgency=medium
* New upstream version
* Drop package imagemagick-doc and imagemagick-common
* Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
was found in coders/tiff.c. This issue may allow a local attacker
to trick the user into opening a specially crafted file,
resulting in an application crash and denial of service.
* CVE-2023-3745: A heap-based buffer overflow issue
was found in ImageMagick's PushCharPixel() function
in quantum-private.h. This issue may allow a local
attacker to trick the user into opening a specially crafted file,
triggering an out-of-bounds read error and allowing an application
to crash, resulting in a denial of service.
* Import patch for upstream that avoid a FTBFS due to
SOURCE_DATE_EPOCH set
* Use a debian policy. Install other policies as user
convenience.
-- Bastien Roucariès <email address hidden> Sat, 21 Oct 2023 14:40:53 +0000