-
imagemagick (8:6.9.12.98+dfsg1-5.1~exp1) experimental; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition.
-- Steve Langasek <email address hidden> Sat, 17 Feb 2024 17:03:12 +0000
-
imagemagick (8:6.9.12.98+dfsg1-1) experimental; urgency=medium
* New upstream version
* Drop package imagemagick-doc and imagemagick-common
* Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
was found in coders/tiff.c. This issue may allow a local attacker
to trick the user into opening a specially crafted file,
resulting in an application crash and denial of service.
* CVE-2023-3745: A heap-based buffer overflow issue
was found in ImageMagick's PushCharPixel() function
in quantum-private.h. This issue may allow a local
attacker to trick the user into opening a specially crafted file,
triggering an out-of-bounds read error and allowing an application
to crash, resulting in a denial of service.
* Import patch for upstream that avoid a FTBFS due to
SOURCE_DATE_EPOCH set
* Use a debian policy. Install other policies as user
convenience.
-- Bastien Roucariès <email address hidden> Sat, 21 Oct 2023 14:40:53 +0000
-
imagemagick (8:6.9.12.20+dfsg1-1.2) experimental; urgency=medium
* Non-maintainer upload.
* Build with --with-fftw because fftw is disabled by default since 6.9.12.5
(Closes: #995290)
-- Johannes Schauer Marin Rodrigues <email address hidden> Tue, 05 Oct 2021 15:08:20 +0200
-
imagemagick (8:6.9.12.20+dfsg1-1.1) experimental; urgency=medium
* Non-maintainer upload.
* Fix FTBFS when doing arch:any-only builds by creating font symlinks for
configure-indep as well as configure-arch targets
-- Johannes Schauer Marin Rodrigues <email address hidden> Sat, 04 Sep 2021 19:37:54 +0200
-
imagemagick (8:6.9.12.20+dfsg1-1) experimental; urgency=medium
* debian/copyright: use spaces rather than tabs to start continuation lines.
* Set field Upstream-Contact in debian/copyright.
* Remove obsolete field Contact from debian/upstream/metadata (already present
in machine-readable debian/copyright).
* Avoid explicitly specifying -Wl,--as-needed linker flag.
* Fix field name case in debian/control (Built-using => Built-Using).
* Bump debhelper from old 11 to 13.
* Set debhelper-compat version in Build-Depends.
* Update standards version to 4.5.1, no changes needed.
* Acknowledge NMU. Thanks Salvatore Bonaccorso
* New upstream version
* SO Bump from upstream due to structure incompatibility
* Clean up maintainer scripts
* Use fonts from fonts-tuffy
* Fix mime type. Do not quote %s (Closes: #987691) and fix extra dot
(Closes: #986471)
* Drop old config script. Use pkgconfig please.
* Depends on libraw-dev (Closes: #990028).
* Fix invalid policy.xml (Closes: #991289, #990757).
* Relax a little bit policy.xml (Closes: #860763, #941724).
* Update Repository in debian/upstream/metadata (Closes: #991288)
* Fix reproducible builds: Embeds date dependent on timezone
(Closes: #983302)
-- Bastien Roucariès <email address hidden> Fri, 27 Aug 2021 08:19:42 +0000
-
imagemagick (8:6.9.10.2+dfsg-1) experimental; urgency=medium
* Bug fix: "FTBFS on i386: testsuite failure in Magick++/tests/tests.tap
2", thanks to Sven Joachim (Closes: #893953).
* Bug fix: "drop libtool-bin from Build-Depends", thanks to Helmut
Grohne (Closes: #893925).
* Move to git dpm
* Move to salsa
* SO dump
* Fix security bugs:
+ CVE-2018-9133: Excessive iteration in the DecodeLabImage
and EncodeLabImage functions (coders/tiff.c), which results
in a hang (tens of minutes) with a tiny PoC file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted tiff file.
(Closes: #894848)
+ CVE-2018-9133: SetGrayscaleImage in the quantize.c file
allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-11624: the ReadMATImage function in coders/mat.c
allows attackers to cause a use after free via a crafted file.
+ CVE-2018-11625: the SetGrayscaleImage in the quantize.c
file allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-10177: An infinite loop is present in the
ReadOneMNGImage function of the coders/png.c file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted mng file.
+ CVE-2017-14528: Tested (with and without valgrind) and found immune.
The TIFFSetProfiles function in coders/tiff.c has incorrect
expectations about whether LibTIFF TIFFGetField return values
imply that data validation has occurred, which allows remote attackers
to cause a denial of service (use-after-free after an invalid call
to TIFFSetField, and application crash) via a crafted file.
+ CVE-2018-11624: heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-10805: a memory leak in ReadYCBCRImage in coders/ycbcr.c.
(Closes: #898218).
+ CVE-2018-10804: a memory leak in WriteTIFFImage in coders/tiff.c.
(Closes: #898217)
+ CVE-2018-12599: the ReadBMPImage and WriteBMPImage functions
in coders/bmp.c allow attackers to cause an out of bounds write
via a crafted file.
+ CVE-2018-12600: the ReadDIBImage and WriteDIBImage in coders/dib.c
allow attackers to cause an out of bounds write via a crafted file.
-- Bastien Roucariès <email address hidden> Mon, 25 Jun 2018 14:29:02 +0200
-
imagemagick (8:6.9.9.34+dfsg-2) experimental; urgency=high
* Fix FTBFS for s390x where float_t is double
-- Bastien Roucariès <email address hidden> Mon, 12 Feb 2018 22:29:24 +0100
-
imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high
* New upstream version
* Packaging fix:
+ Fix privacy breach.
+ Bump compat level to 11.
+ Bump policy no changes
+ Fix lintian warnings
+ Fix "unnecessary libgraphviz-dev dependency (and graphviz
suggests?)", thanks to Matthias Klose (Closes: #884444).
+ Remove Vincent Fourmond <email address hidden> as uploader, thanks
to him. (Closes: #878679).
+ Aknowledge NMU (Closes: #856601)
* Fix a few security issues
+ Fix CVE-2017-1000445: NULL pointer dereference in
the MagickCore component and might lead to denial of service.
(Closes: #886281)
+ Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
the function ReadDDSInfo in coders/dds.c, which allows attackers
to cause a denial of service.
+ Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
has an integer signedness error leading to excessive memory
consumption via a crafted DCM file.
(Closes: #873059)
+ Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service
(Closes: #872609)
+ Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted file.
(Closes: #875338)
+ Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
in ImageMagick allows remote attackers to cause a
denial of service (memory consumption) via a crafted VIFF file.
(Closes: #875339)
+ Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted BMP
(Closes: #875341)
+ Fix CVE-2017-12875: The WritePixelCachePixels function
allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file.
(Closes: #873871)
+ Fix CVE-2017-12877: Use-after-free vulnerability in
the DestroyImage function in image.c in ImageMagick allows
remote attackers to cause a denial of service via a crafted file.
(Closes: #872373)
+ Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
attackers to cause a denial of service (application crash)
or possibly have unspecified other impact via a crafted file.
(Closes: #873134)
+ Fix CVE-2017-13061: A length-validation vulnerability was found
in the function ReadPSDLayersInternal in coders/psd.c,
which allows attackers to cause a denial of service
(ReadPSDImage memory exhaustion) via a crafted file
(Closes: #873131)
+ Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
offset validation, which allows attackers to cause a denial of service
(load_tile memory exhaustion) via a crafted file.
(Closes: #873100)
+ Fix CVE-2017-13134: a heap-based buffer over-read was found in the
function SFWScan in coders/sfw.c, which allows attackers
to cause a denial of service via a crafted file.
(Closes: #873099)
+ Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
function in MagickCore/draw.c.
(Closes: #878508)
+ Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
function in MagickCore/identify.c in ImageMagick allows an attacker
to perform denial of service by sending a crafted image file.
(Closes: #875352)
+ Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
coders/thumbnail.c allows an attacker to cause a denial of service
(buffer over-read) by sending a crafted JPEG file.
(Closes: #878507)
+ Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
ReadCUTImage function in coders/cut.c that could allow an attacker
to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
function within the MagickCore/cache.c file) by submitting
a malformed image file.
(Closes: #878506)
+ Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
due to lack of an EOF (End of File) check cause high CPU consumption.
When a crafted PSD file, which claims a large "extent" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875506)
+ Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
an integer overflow might occur for the addition operation
"GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
value than expected. As a result, an infinite loop would occur
for a crafted TXT file that claims a very large "max_value" value.
(Closes: #875504)
+ Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted PSD file, which claims a large "length" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875503)
+ Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted XBM file, which claims large rows and columns fields
in the header but does not contain sufficient backing data,
is provided, the loop over the rows would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875502)
+ Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
in coders/pcx.c allows remote attackers to cause a denial
of service or code execution via a crafted file.
(Closes: #876097)
+ Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
ReadMPCImage in coders/mpc.c, leading to division by zero
in GetPixelCacheTileSize in MagickCore/cache.c,
allowing remote attackers to cause a denial of service
via a crafted file.
(Closes: #876099)
+ Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
in coders/wpg.c, causing CPU exhaustion via a crafted
wpg image file.
(Closes: #876105)
+ Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
mishandles the pixel cache nexus, which allows remote attackers
to cause a denial of service (NULL pointer dereference
in the function GetVirtualPixels in MagickCore/cache.c)
via a crafted file.
(Closes: #878546)
+ Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
mishandles certain NULL arrays, which allows attackers to perform
Denial of Service (NULL pointer dereference and application crash in
AcquireQuantumMemory within MagickCore/memory.c) by providing a
crafted Image File as input.
(Closes: #878545)
+ Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
in coders/tiff.c.
(Closes: #878541)
+ Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
has been reported in coders/tiff.c. An attacker could possibly
exploit this flaw to disclose potentially sensitive memory
or cause an application crash.
(Closes: #878527)
+ Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
in the function PostscriptDelegateMessage in coders/ps.c.
(Closes: #877354)
+ Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
in the function sixel_output_create in coders/sixel.c.
(Closes: #877355)
+ Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
in the function sixel_decode in coders/sixel.c.
(Closes: #878524)
+ Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash)
or possibly have unspecified other impact via a
crafted SVG document, a different vulnerability
than CVE-2017-10928.
(Closes: #876488)
+ Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
function in magick/resample-private.h in ImageMagick
mishandles failed memory allocation, which allows
remote attackers to cause a denial of service
(NULL Pointer Dereference in DistortImage in
MagickCore/distort.c, and application crash)
via unspecified vectors.
(Closes: #878547)
+ Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
allows remote attackers to cause a denial of service
(infinite loop) via a crafted font file.
(Closes: #878548)
+ Fix CVE-2017-14989: A use-after-free in RenderFreetype
in MagickCore/annotate.c allows attackers to crash the application
via a crafted font file, because the FT_Done_Glyph function
(from FreeType 2) is called at an incorrect place in the ImageMagick code.
(Closes: #878562)
+ Fix CVE-2017-15015: NULL pointer dereference vulnerability in
PDFDelegateMessage in coders/pdf.c.
(Closes: #878555)
+ Fix CVE-2017-15017: NULL pointer dereference vulnerability
in ReadOneMNGImage in coders/png.c.
(Closes: #878554)
+ Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
the palette uninitialized when processing a GIF file that has
neither a global nor local palette. If the affected product is
used as a library loaded into a process that operates on
interesting data, this data sometimes can be leaked
via the uninitialized palette.
(Closes: #878578)
+ Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact
via a crafted file, related to "Conditional jump or move
depends on uninitialised value(s).
(Closes: #878579).
+ Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
does not properly validate the colormap index in a WPG palette,
which allows remote attackers to cause a denial of service
(use of uninitialized data or invalid memory allocation)
or possibly have unspecified other impact via a malformed WPG file.
(Closes: #881392)
+ Fix CVE-2017-17499: use-after-free in Magick::Image::read
in Magick++/lib/Image.cpp.
(Closes: #885339)
+ Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
heap-based buffer over-read via a crafted file, related to
ReadOneMNGImage.
(Closes: #885340)
+ Fix CVE-2017-17681: an infinite loop vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c, which
allows attackers to cause a denial of service (CPU exhaustion)
via a crafted psd image file.
(Closes: #885941)
+ Fix CVE-2017-17682: large loop vulnerability was found in the
function ExtractPostscript in coders/wpg.c, which allows attackers
to cause a denial of service (CPU exhaustion) via a crafted wpg
image file that triggers a ReadWPGImage call.
(Closes: #885942)
+ Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
in coders/png.c, related to length calculation and caused by an
off-by-one error.
(Closes: #885125)
+ Fix CVE-2017-17914: a vulnerability was found in the function
ReadOnePNGImage in coders/png.c, which allows attackers to cause
a denial of service (ReadOneMNGImage large loop) via a crafted mng
image file.
(Closes: #886584)
+ Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
in the ReadSIXELImage function, related to the sixel_decode function.
(Closes: #886588)
* Fix a few unimportant security bugs:
+ Fix CVE-2017-12644 memory leak vulnerability
in ReadDCMImage in coders\dcm.c
+ Fix CVE-2017-13058 memory leak in WritePCXImage
+ Fix CVE-2017-13059 memory leak in WriteJNGImage
+ Fix CVE-2017-13060 memory leak in ReadMATImage
+ Fix CVE-2017-13062 memory leak vulnerability
found in the function formatIPTC in coders/meta.c,
which allows attackers to cause a denial of service
(WriteMETAImage memory consumption) via a crafted file.
+ Fix CVE-2017-13131 a memory leak vulnerability
found in the function ReadMIFFImage in coders/miff.c,
which allows attackers to cause a denial of service
(memory consumption in NewLinkedList in MagickCore/linked-list.c)
via a crafted file.
+ Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
where memory allocation is excessive,
because it depends only on a length field in a header.
+ Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
because memory is not freed in certain error cases.
+ Fix CVE-2017-14139: memory leak vulnerability
in WriteMSLImage in coders/msl.c.
+ Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14326: memory leak vulnerability in the function
ReadMATImage in coders/mat.c, which allows attackers
to cause a denial of service via a crafted file.
+ Fix CVE-2017-14342: memory exhaustion vulnerability in
ReadWPGImage in coders/wpg.c via a crafted wpg image file.
+ Fix CVE-2017-14343: memory leak vulnerability in
ReadXCFImage in coders/xcf.c via a crafted xcf image file.
+ Fix CVE-2017-14531: memory exhaustion issue in
ReadSUNImage in coders/sun.c.
+ Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
+ Fix CVE-2017-14684: mory leak vulnerability was found in the
function ReadVIPSImage in coders/vips.c, which allows
attackers to cause a denial of service (memory consumption
in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
(Closes: #876487)
+ Fix CVE-2017-15016: a NULL pointer dereference vulnerability
in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
under Debian).
+ Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
coders/ycbcr.c.
+ Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
+ Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
+ Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
+ Fix CVE-2017-17680: a memory leak vulnerability was found in
the function ReadXPMImage in coders/xpm.c, which allows
attackers to cause a denial of service via a crafted xpm image file.
+ Fix CVE-2017-17881: a memory leak vulnerability was found in
the function ReadMATImage in coders/mat.c, which allows
attackers to cause a denial of service via a crafted MAT image file.
+ Fix CVE-2017-17882: a memory leak vulnerability was found in the
function ReadXPMImage in coders/xpm.c, which allows attackers
to cause a denial of service via a crafted XPM image file.
+ Fix CVE-2017-17883: a memory leak vulnerability was found in the
function ReadPGXImage in coders/pgx.c, which allows attackers
to cause a denial of service via a crafted PGX image file.
+ Fix CVE-2017-17884: a memory leak vulnerability was found in the
function WriteOnePNGImage in coders/png.c,
which allows attackers to cause a denial of service via
a crafted PNG image file.
+ Fix CVE-2017-17885: a memory leak vulnerability was found
in the function ReadPICTImage in coders/pict.c, which
allows attackers to cause a denial of service via a crafted
PICT image file.
+ Fix CVE-2017-17886: a memory leak vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c,
which allows attackers to cause a denial of service
via a crafted psd image file.
+ Fix CVE-2017-17887: a memory leak vulnerability
was found in the function GetImagePixelCache in magick/cache.c,
which allows attackers to cause a denial of service via a crafted
MNG image file that is processed by ReadOneMNGImage.
+ Fix CVE-2017-17934: a memory leaks in coders/msl.c,
related to MSLPopImage and ProcessMSLScript,
and associated with mishandling of MSLPushImage calls.
+ Fix CVE-2017-18008: a ùemory Leak in ReadPWPImage in coders/pwp.c.
+ Fix CVE-2017-18022: memory leaks in MontageImageCommand
in MagickWand/montage.c.
+ Fix CVE-2017-18027: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18028: a memory exhaustion vulnerability
was found in the function ReadTIFFImage in coders/tiff.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18029: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial of
service via a crafted file.
+ Fix CVE-2017-6502: a specially crafted webp file
could lead to a file-descriptor leak in libmagickcore
(thus, a DoS)
+ Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
in coders/pattern.c.
+ Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
+ Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
in coders/dcm.c.
+ Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
function in coders/json.c, as demonstrated by the
ReadPSDLayersInternal function in coders/psd.c.
* Backport fix:
+ Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
variable can be overwritten by a new pointer.
The previous pointer is lost, which leads to a memory leak.
This allows remote attackers to cause a denial of service.
(from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)
-- Bastien Roucariès <email address hidden> Thu, 08 Feb 2018 13:38:05 +0100
-
imagemagick (8:6.9.9.6+dfsg-1) experimental; urgency=medium
* Bump so due to ABI problem and g++7 (Closes: #871300).
* New upstream version.
+ Fix CVE-2017-6502, webp buffer overflow. (Closes: #856883).
+ Fix CVE-2017-11751:
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of service (memory leak) via
a crafted file. (Closes: #870480).
+ CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12429: a memory exhaustion vulnerability was found in the
function ReadMIFFImage in coders/miff.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer
signedness error leading to excessive memory consumption
via a crafted DCM file.
+ CVE-2017-12433: A memory leak vulnerability was found in
the function ReadPESImage in coders/pes.c, which allows attackers
to cause a denial of service, related to ResizeMagickMemory in memory.c.
+ CVE-2017-12418: A memory leaks was found in
the parse8BIMW and format8BIM functions in coders/meta.c,
related to the WriteImage function in MagickCore/constitute.c.
+ CVE-2017-12644: a memory leak vulnerability was found
in ReadDCMImage in coders\dcm.c.
* Update copyright file.
* Ship ImageMagick man file (Closes: #856997).
* Remove configuration files installed by mistake in an
experimental version (Closes: #851627).
* Bug fix: "Typo in debian/changelog for CVE identifier", thanks to
Salvatore Bonaccorso (Closes: #864151).
-- Bastien Roucariès <email address hidden> Fri, 11 Aug 2017 17:09:53 +0200
-
imagemagick (8:6.9.7.0+dfsg-1) experimental; urgency=high
* Bump so version due to structure change
thanks to Nishanth Aravamudan (Closes: #846385).
* Fix CVE-2016-8707 ImageMagick Convert Tiff Adobe Deflate
Code Execution Vulnerability (Closes: #848139)
* Bug fix: "fails to upgrade wheezy -> jessie -> stretch", thanks
to Andreas Beckmann (Closes: #847282).
-- Bastien Roucariès <email address hidden> Mon, 19 Dec 2016 11:13:39 +0100
-
imagemagick (8:6.9.6.2+dfsg-3) experimental; urgency=medium
* Simplify rules.
* Control could be now generated from rules by maintainer.
* Improve main program postinst/prerm scripts.
* Switch to compat 10.
* Improve test suite by including perl test.
* Create packages for HDRI (Closes: #476357). Will allow smooth
transition to imagemagick 7.
* Thus closing "imagemagick; imagemagick-6.q16 packages have the same
binary", thanks to Ross Gammon (Closes: #817842). Now we have
imagemagick-6.q16hdri.*
* Move files from libmagickcore to imagemagick-6-common.
-- Bastien Roucariès <email address hidden> Sun, 06 Nov 2016 13:51:44 +0100
-
imagemagick (8:6.9.6.2+dfsg-1) experimental; urgency=high
* New upstream release.
* Fix CVE-2016-7906 mogrify use after free (Closes: #840435).
* Fix CVE-2016-7799 mogrify global buffer overflow (Closes: #840437).
-- Bastien Roucariès <email address hidden> Tue, 11 Oct 2016 12:18:59 +0200
-
imagemagick (8:6.9.5.9+dfsg-1) experimental; urgency=medium
* Security bug fix: "Prevent runtime error: divide by zero" (Closes: #836174).
* Improve privacy rules.
* Acknowledge NMUs from Emilio Pozuelo Monfort, and
from Mattia Rizzolo.
* Fix git header thanks to Mattia Rizzolo.
-- Bastien Roucariès <email address hidden> Sat, 17 Sep 2016 21:26:12 +0200
-
imagemagick (8:6.9.2.10+dfsg-2) experimental; urgency=medium
* Drop imagemagick binary package. Paving the way to multiple
channel depth binaries and HDRI. Fix also multi-arch problems
(Closes: #761836, #810591, #772603).
* Fix desktop file (Closes: #812481).
* Simplify debian/rules
* Fix a mistake for installing config files.
-- Bastien Roucariès <email address hidden> Sat, 30 Jan 2016 18:50:09 +0100
-
imagemagick (8:6.9.2.10+dfsg-1) experimental; urgency=medium
* New upstream version.
* Repack in order to avoid non free test images from upstream.
* Security bug fixes (Closes: #799524, #799891)
- Fix a Null dereference in coders/png.c (LP: #1492881).
- Fix a double free in coders/tga.c (LP: #1490362).
- Avoid a null pointer dereference in JNG decoder.
- Avoid a DOS for RLE file..
- Avoid a bufer overflow by using field limit in sprintf.
- Avoid a stack overflow in fx handling.
- Fixed size of memory allocation in RLE coder
to avoid segfault (LP: #1496649).
- Add extra checks to avoid out of bounds error
when parsing the 8bim profile. (LP: #1496645).
- Fixed memory leak when reading incorrect PSD files
- Fix PixelColor off by one on i386.
- Fix out of bounds error in -splice operator.
- Prevent null pointer access in magick/constitute.c
- Fix another memory leak in string handling.
* Fix density of JPEG working around TeX bug
(Closes: #763799).
* Recompile with g++-5 (Closes: #798597).
* Replace quantum depth by channel depth (Closes: #762004).
* Prepare imagemagick 7 by renaming imagemagick-common package
to imagemagick-6-common and imagemagick-doc to
imagemagick-6-doc.
* Symlink doc dir of arch:all package to imagemagick-6-common.
-- Bastien Roucariès <email address hidden> Sun, 27 Dec 2015 22:36:38 +0100
-
imagemagick (8:6.9.1.2-1) experimental; urgency=low
* New upstream version:
- Fix MagickSetImageBias() has no effect for MagickConvolveImage()
(Closes: #779939)
- Fix segmentation fault using corrupted file
(LP: #144963, #1448801, #1448795, #1448767).
- Fix a denial of service flaw in MIFF file processing.
Fix TEMP-0000000-FDAC72.
- Fix a denial of service flaw in VICAR file processing.
Fix TEMP-0000000-EEF23C.
- Fix a denial of service flaw in HDR file processing.
Fix TEMP-0000000-7C079F.
- Fix a denial of service flaw in PDB file processing.
Fix TEMP-0000000-2FC21E
* Fix build on mips by printing progress (Closes: #770009).
* Drop previous security patches, merged upstream.
* Use http instead of ftp for uscan.
* Fix regression: "missing JPEG-2000 support", thanks to Yuriy Yevtukhov
(Closes: #773530).
* libmagickcore-6.q16-2-extra recommends libjxr-tools,
thanks to Mathieu Malaterre (Closes: #771312).
* Bug fix: "desktop file icon is still not displayed", thanks to Markus
Koschany (Closes: #767973,#780490).
* Bug fix: "please make the build reproducible", thanks to Reiner
Herrmann (Closes: #783933).
* Upstream break c++ ABI:
- Bump c++ soname.
- Add new symbols to symbols file.
* Fix perlmagick: "Text functions segfault on i386", thanks to Matthias
Großmann (Closes: #777158).
* Bug fix: "wrong path to documentation in convert man page", thanks to
Yvan Masson (Closes: #778541).
* Suggest to install imagemagick doc in man page, thanks to Gregor
Herrmann (Closes: #727739).
-- Bastien Roucariès <email address hidden> Sat, 16 May 2015 19:23:39 +0200
-
imagemagick (8:6.8.9.6-3) experimental; urgency=high
* Bug fix: "error: original symlink target is not an absolute path",
thanks to 積丹尼 Dan Jacobson (Closes: #758760).
-- Bastien Roucariès <email address hidden> Thu, 21 Aug 2014 13:34:12 +0200
-
imagemagick (8:6.8.9.6-2) experimental; urgency=high
* Do not tune the architecture for compiling.
Fix "Illegal instruction", thanks to 積丹尼 Dan Jacobson (Closes:
#757996).
-- Bastien Roucariès <email address hidden> Wed, 13 Aug 2014 11:52:13 +0200
-
imagemagick (8:6.8.9.6-1) experimental; urgency=medium
* Prepare perl transition (/usr/lib/perl5 move to
/usr/lib/$ARCH_TRIPLET/perl5/) and avoid FTBFS (closes: #750095).
* Fix dependency problem: libmagick++ need to depends
on header packages.
* New upstream version:
- sodump of magick++ needed because of
a small class layout change.
-- Bastien Roucariès <email address hidden> Mon, 11 Aug 2014 15:20:07 +0200
-
imagemagick (8:6.8.8.9-3) experimental; urgency=low
* Tighten up the depends between imagemagick and imagemagick-6.q16 to
avoid missing (version-dependent) symlinks when imagemagick is updated
while imagemagick-6.q16 isn't (closes: #743042)
-- Vincent Fourmond <email address hidden> Sat, 05 Apr 2014 22:11:06 +0200
-
imagemagick (8:6.8.8.9-2) experimental; urgency=low
* Update symbol files
-- Vincent Fourmond <email address hidden> Sat, 29 Mar 2014 23:09:40 +0100
-
imagemagick (8:6.8.8.9-1) experimental; urgency=medium
* New upstream version:
- Fix symbols files by adding new symbols.
* Fix html breakage in upstream documentation.
-- Bastien Roucariès <email address hidden> Sat, 22 Mar 2014 12:32:58 +0100
-
imagemagick (8:6.8.8.2-1) experimental; urgency=low
* New upstream version:
- add new symbols to magickcore symbols file.
- so bump of libmagickwand and libmagickcore needed because of
a small API change.
- Remove a few non free files (closes: #734800)
* Packaging improvements:
- Really display log in case of test failure.
- check validity (in the xml or xhtml sense) of
upstream documentation using xmllint.
- check gpg signature see uscan(1).
- upgrade debian/copyright (new review).
- update to Debian Policy 3.9.5
* Upstream break c++ ABI:
- Bump c++ soname.
- Add new symbols to symbols file.
* Bug fix:
- "fails to upgrade from sid - trying to overwrite
/usr/lib/perl5/auto/Image/Magick/Magick.so", thanks to Andreas
Beckmann (Closes: #717981).
- "advertising / spying beacon in locally installed docs",
thanks to Adam Borowski (Closes: #700784).
- "unhandled symlink to directory conversion"
thanks to Andreas Beckmann (Closes: #720145).
-- Bastien Roucariès <email address hidden> Mon, 27 Jan 2014 21:49:09 +0100
-
imagemagick (8:6.8.5.6-3) experimental; urgency=low
* Fix symbols files.
* Move some depends to build-depends-indep.
* Use silent rules
* Bug fix: "version in experimental causes FTBFS for packages using
libmagick*", thanks to Roderich Schupp (Closes: #710668).
* Display log in case of tests faillure.
-- Bastien Roucariès <email address hidden> Sat, 15 Jun 2013 16:38:51 +0200
-
imagemagick (8:6.8.5.6-2) experimental; urgency=low
[ Bastien Roucariès ]
* Switch debian patches to .xz
* Build with V=1 in order to see flags passed to compiler.
* Pass --as-needed to LD_FLAGS.
* Rebuild doxygen documentation using svg.
* Bug fix: "fails to install: update-alternatives: error: alternative
path /usr/bin/compare-im6 doesn't exist", thanks to Andreas
Beckmann (Closes: #709856, #709845).
[ Vincent Fourmond ]
* Fix small typo in debian/rules that makes nice FTBSes
-- Vincent Fourmond <email address hidden> Wed, 29 May 2013 23:10:54 +0200
-
imagemagick (8:6.8.5.6-1) experimental; urgency=low
[ Bastien Roucariès ]
* New upstream version:
- Bug fix: "Drawing issues with rectangle stroke", thanks to Robert Sohn
(Closes: #689560).
- Bug fix: "NULL deference during creation of temporary files"
(Closes: #704901).
* .so bump due to:
- encoding quantum depth in the library name. This will
allow to compile hdri and other quantum depth.
- lib versionning.
* Debian packaging bug fixes:
- "Depend on liblcms2-dev, not liblcms-dev",
thanks to Michael Terry (Closes: #701655).
- "package name does not adhere to naming policy for Perl
modules", thanks to <email address hidden> (Closes: #575932).
* Debian packaging improvement:
- Bump standard version to 3.9.4
- Minimal linking of .so (ld --as-needed).
- Use dh.
- Update debian/copyright (new review).
- new symbols files.
- switch to xz for both source and debian files.
[ Vincent Fourmond ]
* Handle upstream rename of configuration directory:
/etc/ImageMagick -> /etc/ImageMagick-6
-- Bastien Roucariès <email address hidden> Wed, 15 May 2013 21:36:44 +0200
-
imagemagick (8:6.7.9.3-2) experimental; urgency=low
* Fix symbols files.
-- Bastien Roucariès <email address hidden> Mon, 10 Sep 2012 14:23:32 +0200
-
imagemagick (8:6.7.9.3-1) experimental; urgency=low
* New upstream version.
* Improve download and commit script.
* Depend on libfftw3.
* Suggest: graphviz, ufraw-batch.
* New upstream version use inkscape delegate for svg. Suggest it.
Rsvg one is still used as fallback.
* Drop build depend on graphicsmagick's convert.
Use builded imagemagick one.
* Use internal svg engine instead of rsvg one.
* Improve icons aspect particularly for small size.
* Add guidance for bug submitting (thanks to Jonathan Nieder and
Justin B Rye).
* Suggests some debugging package for imagemagick-dbg.
* Add symbols file (except for libmagickcore5).
* Do not mess up MAKEFLAGS.
* Fail to build in case of testcase failure.
* autoreconf package in order to avoid linking with depends lib
(use debian patched libtool). Patch magick++ demo by adding
required libs.
-- Bastien Roucariès <email address hidden> Mon, 03 Sep 2012 11:59:37 +0200
-
imagemagick (8:6.7.4.0-2) experimental; urgency=low
[ Bastien Roucariès ]
* Bug fix: "Please enable hardened build flags", thanks to Moritz
Muehlenhoff (Closes: #657833).
* Bug fix: "Invalid validation DoS CVE-2012-0247/CVE-2012-02478",
thanks to Henri Salo (Closes: #659339).
* Bug Fix: Convert delegate from removed /usr/bin/rsvg to
/usr/bin/rsvg-convert, thanks to Scott Howard (Closes: #659259)
[ Vincent Fourmond ]
* Pull in patch from revision 6606 to fix FTBS with newer zlib
-- Vincent Fourmond <email address hidden> Wed, 22 Feb 2012 23:28:04 +0100
-
imagemagick (8:6.7.4.0-1) experimental; urgency=low
[ Bastien Roucariès ]
* Drop previous quilt patches: merged upstream
* New upstream version:
- Fix incorrect readding of PGM header (LP: #346474)
- Defend against corrupt PSD resource block (LP: #302454)
- Bug fix: "-depth busted", thanks to jidanni (Closes: #618435).
- Bug fix: "delegate ffmpeg fails", thanks to Francisco Munoz
(Closes: #644170).
* Upstream break ABI keeping API. Bump soname
* Multiarch aware , thanks to Riku Voipio (Closes: #640680).
* Fix perlmagick fails at runtime with symbol lookup error,
thanks to Michael Terry (Closes: #650417).
* Prepare new major version transition: build version suffixed
binaries.
* Switch to lcms v2.X support
* Add libfftw support (Closes: #598693).
[ Vincent Fourmond ]
* Also add a suffix to manual pages
* Provide the unsuffixed binaries through alternatives
-- Vincent Fourmond <email address hidden> Sat, 17 Dec 2011 21:21:46 +0100
-
imagemagick (8:6.6.9.7-1) experimental; urgency=low
[ Bastien Roucariès ] * Switch build architecture: - to git over svn. - Modify rules in order to use git. - Add README.Source file. * New upstream release (Closes: #612811): - Drop patch for reading config files from current directory, corrected upstream (Closes: #601824). - Upstream updated SONAME (Closes: #587227). - Fixes -strip adds additional tags to the image (Closes: #594693). - Add example files (Closes: #611125). - Move configuration file to /etc. - Fix caption error with non break space (Closes: #614117) * Fix a build failure: do not try to remove empty directories if list is nil. * Perlmagick: - Fix a build failure, always run make install. - Perlmagick: Update build to conform with perl policy * Acknowledge NMUs (Closes: #579775) * Bump standard version to 3.9.1.0 * Use DEB_UPSTREAM_VERSION from cdbs -- Bastien Roucariès <email address hidden> Sun, 01 May 2011 13:41:34 +0200
-
imagemagick (7:6.5.9.8-1) experimental; urgency=low
* New upstream release;
* Upstream updated SONAME version (Closes: #564123):
- debian/control: bump libmagickcore2, libmagickwand2 and libmagick++2 to
libmagickcore3, libmagickwand3 and libmagick++3;
* Removed reference to type-ghostscript.xml in type.xml, thus enabling
ImageMagick to use the system fonts (Closes: #396420):
- Added new patch debian/patches/type.xml.patch.
* Fix mime handling of filenames with spaces (Closes: #562959).
Thanks, Drew Parsons!
* Updated Standards-Version to 3.8.4;
* Remove unneeded debian/README.source.
-- Nelson A. de Oliveira <email address hidden> Sat, 20 Feb 2010 02:39:52 -0200
-
imagemagick (7:6.5.5.3-1exp1) experimental; urgency=low
* Split SVG, WMF, OpenEXR, DjVu and Graphviz coders into a new
libmagickcore2-extra package:
- Removed libmagickcore2 circular Depends on libmagickwand2
(Closes: #524613);
- Removed dependency on gtk libs (Closes: #478538).
A big thank you to Nick Wellnhofer <email address hidden>!
* Sorted Build-Depends and Depends in debian/control.
-- Nelson A. de Oliveira <email address hidden> Mon, 28 Sep 2009 20:00:55 -0300
-
imagemagick (7:6.5.0.0-2) experimental; urgency=low
* Add libperl-dev to Build-Depends (Closes: #519886).
-- Nelson A. de Oliveira <email address hidden> Sun, 15 Mar 2009 20:58:09 -0300
