-
imagemagick (8:6.9.10.14+dfsg-7ubuntu2.3) disco-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-*.patch: backport multiple upstream commits.
- CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12977,
CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13137,
CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301,
CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307,
CVE-2019-13308, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311,
CVE-2019-13391, CVE-2019-13454, CVE-2019-14981, CVE-2019-15139,
CVE-2019-15140, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710,
CVE-2019-16711, CVE-2019-16713
* debian/patches/200-disable-ghostscript-formats.patch: also disable
PS2 and PS3 content per VU#332928 recommendations.
-- Marc Deslauriers <email address hidden> Mon, 11 Nov 2019 11:23:34 -0500
-
imagemagick (8:6.9.10.14+dfsg-7ubuntu2.2) disco-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-*.patch: backport multiple upstream commits.
- CVE-2018-20467, CVE-2019-7175, CVE-2019-7395, CVE-2019-7396,
CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2019-10649,
CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597,
CVE-2019-11598
* SECURITY UPDATE: code execution vulnerabilities in ghostscript as
invoked by imagemagick
- debian/patches/200-disable-ghostscript-formats.patch: disable
ghostscript handled types by default in policy.xml
- debian/tests/rose-*: remove pdf tests.
-- Marc Deslauriers <email address hidden> Thu, 20 Jun 2019 13:35:10 -0400
-
imagemagick (8:6.9.10.14+dfsg-7ubuntu2) disco; urgency=medium
* Revert hidden ABI break by changing MagickFloatType's size on i386
-- Balint Reczey <email address hidden> Tue, 18 Dec 2018 20:12:23 +0100
-
imagemagick (8:6.9.10.14+dfsg-7ubuntu1) disco; urgency=medium
* Sync with Debian. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main. See bug 711061
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Dropped changes:
- Stop installing the Debian-specific .desktop for the display program.
+ 'imagemagick' is no longer installed by default for default Ubuntu
so let's try dropping this change for now.
- CVE-2017-15033.patch: patch applied in new release
imagemagick (8:6.9.10.14+dfsg-7) unstable; urgency=medium
* Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev,
libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne
(Closes: #912833).
imagemagick (8:6.9.10.14+dfsg-6) unstable; urgency=high
* Bug fix: "libmagickcore-6.q16-dev missing Depends:
libmagickcore-6-arch-config", thanks to Helmut Grohne (Closes:
#912679).
imagemagick (8:6.9.10.14+dfsg-5) unstable; urgency=high
* Use jdupes instead of rdfind in order to avoid link to build dir
* Bug fix: "Please remove me from uploaders", thanks to Vincent Fourmond
(Closes: #897293).
* Bump policy (no changes)
imagemagick (8:6.9.10.14+dfsg-4) unstable; urgency=medium
* Use salsa in control
* Add Pre-depends on dpkg for versioned provides
* Bug fix: "make foreign dependencies on transitional -dev packages
satisfiable", thanks to Helmut Grohne (Closes: #893030).
imagemagick (8:6.9.10.14+dfsg-3) unstable; urgency=medium
* Fix FTBFS due to == in control.
imagemagick (8:6.9.10.14+dfsg-2) unstable; urgency=medium
* Bug fix: "imagemagick binary-all FTBFS: rdfind: Command not found",
thanks to Adrian Bunk (Closes: #912309).
* Use ${binary:Version} instead of hard coded version for compat dev
packages.
imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium
* New upstream version
* Fix new privacy breach
* Fix duplicate files in documentation
* Fix security bugs:
+ CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of
coders/msl.c
+ CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the
coders/bmp.c file can cause a DOS via a crafted bmp file.
+ CVE-2018-18023: A heap-based buffer over-read in the SVGStripString
function of coders/svg.c, which allows attackers to cause a denial
of service via a crafted SVG image file.
+ CVE-2018-16645: Fix an excessive memory allocation issue in the functions
ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c,
which allows remote attackers to cause a denial of service via
a crafted image file.
(Closes: #910889)
+ CVE-2018-16644: Fix a missing check for length in the functions
ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c,
which allows remote attackers to cause a denial of service via
a crafted image.
(Closes: #910888)
+ CVE-2018-16413: Fix a heap-based buffer over-read in the
MagickCore/quantum-private.h PushShortPixel function when called
from the coders/psd.c ParseImageResourceBlocks function.
(Closes: #910887)
+ CVE-2018-16323: Fix an information disclosure vulnerability that existed
in ImageMagick when processing XBM images. An attacker could use this
to expose sensitive information.
(Closes: #907776)
+ CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c
ParseImageResourceBlocks function.
+ CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage
in coders/sgi.c.
+ CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage
in coders/pdb.c.
+ CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage
in coders/bgr.c.
+ CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage
in coders/pcx.c.
-- Jeremy Bicha <email address hidden> Mon, 12 Nov 2018 23:51:56 -0500
-
imagemagick (8:6.9.10.14+dfsg-7) unstable; urgency=medium
* Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev,
libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne
(Closes: #912833).
-- Bastien Roucariès <email address hidden> Sun, 04 Nov 2018 21:09:08 +0100
-
imagemagick (8:6.9.10.8+dfsg-1ubuntu3) disco; urgency=medium
* No-change rebuild for the perl 5.28 transition.
-- Adam Conrad <email address hidden> Fri, 02 Nov 2018 18:08:35 -0600
-
imagemagick (8:6.9.10.8+dfsg-1ubuntu2) cosmic; urgency=medium
* Stop installing the Debian-specific .desktop for the display program.
(LP: #1740741, LP: #1740743, LP: #1717951, LP: #1615435,
Closes: #675617, #677318)
-- Corey Bryant <email address hidden> Tue, 28 Aug 2018 09:45:08 -0400