imagemagick 5:6.0.2.5-1ubuntu1.6 source package in Ubuntu
Changelog
imagemagick (5:6.0.2.5-1ubuntu1.6) warty-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution with malicious file names.
* Patch backported from Debian Sid upload (thanks to Daniel Kobras).
* magick/{animate.c,blob.c,display.c,image.c,log.c,montage.c,string.c,
string_.h}: Implement new utility function FormatMagickStringNumeric()
to securely expand a user-supplied format string with a single numeric
argument. Adjust code to use this function where appropriate.
(CVE-2006-0082) Closes: #345876
* coders/pdf.c,coders/ps.c,magick/delegate.c,magick/delegate.h,
magick/methods.h: Do not call external delegates with user-supplied
filename, but with securely named symlinks only to prevent shell command
injection (CVE-2005-4601). Closes: #345238
* magick/display.c: In DisplayImageCommand(), expand command line before
allocating ressources based on argc. Patch and analysis thanks to
Eero Häkkinen. Closes: #345595
* Add missing CVE to previous changelog.
-- Martin Pitt <email address hidden> Tue, 24 Jan 2006 14:10:29 +0000
Upload details
- Uploaded by:
- Ubuntu Archive Auto-Sync
- Uploaded to:
- Warty
- Original maintainer:
- Ryuichi Arafune
- Architectures:
- any
- Section:
- graphics
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| imagemagick_6.0.2.5-1ubuntu1.6.dsc | 874 bytes | 9d30c8598d3237912d5cea411f12aa2d439d122a98d3e4183d95984e9a6cce12 |
| imagemagick_6.0.2.5.orig.tar.gz | 6.4 MiB | a75b95e76001f8daee11b675b3f76645983c48e4f91db6e2abd7599a2d4a3ba8 |
| imagemagick_6.0.2.5-1ubuntu1.6.diff.gz | 131.5 KiB | 6abfd6255d6525a79e041f22257bb38511632f072a0bc011eb9f8dfe2cc61ee6 |
No changes file available.
Binary packages built by this source
- imagemagick: No summary available for imagemagick in ubuntu warty.
No description available for imagemagick in ubuntu warty.
- libmagick++6: No summary available for libmagick++6 in ubuntu warty.
No description available for libmagick++6 in ubuntu warty.
- libmagick++6-dev: No summary available for libmagick++6-dev in ubuntu warty.
No description available for libmagick++6-dev in ubuntu warty.
- libmagick6: No summary available for libmagick6 in ubuntu warty.
No description available for libmagick6 in ubuntu warty.
- libmagick6-dev: No summary available for libmagick6-dev in ubuntu warty.
No description available for libmagick6-dev in ubuntu warty.
- perlmagick: No summary available for perlmagick in ubuntu warty.
No description available for perlmagick in ubuntu warty.
