-
imagemagick (8:6.9.12.98+dfsg1-5.2) unstable; urgency=medium
* Non-maintainer upload.
* Fixup runtime dependencies due to 64-bit time_t transition
(Closes: #1066935)
-- Gianfranco Costamagna <email address hidden> Fri, 15 Mar 2024 16:04:36 +0100
-
imagemagick (8:6.9.12.98+dfsg1-5.1) unstable; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition. Closes: #1064140
-- Steve Langasek <email address hidden> Fri, 01 Mar 2024 01:31:19 +0000
-
imagemagick (8:6.9.12.98+dfsg1-5) unstable; urgency=medium
* Bug fix: "please update Suggests: imagemagick-doc; to
imagemagick-6-doc", thanks to Vincent Lefevre
(Closes: #1059314).
* Bug fix: "missing Breaks+Replaces against the dropped imagemagick-doc
package, in order to force its removal", thanks to Vincent Lefevre
(Closes: #1059193).
-- Bastien Roucariès <email address hidden> Wed, 27 Dec 2023 10:29:58 +0000
-
imagemagick (8:6.9.12.98+dfsg1-4) unstable; urgency=medium
* Replace ufraw-batch suggest by libraw-bin
(Closes: #1038637)
* Update changelog entry for CVE fixed.
* Move from gsfonts to fonts-urw-base35. Thanks to Vincent Lefevre
(Closes: #1020358, #1020355, #1020363, #1020370)
* Recommends fonts-tuffy (Closes: #1054580)
* Fix a typo in debian patch (Closes: #1054506)
-- Bastien Roucariès <email address hidden> Mon, 30 Oct 2023 09:26:06 +0000
-
imagemagick (8:6.9.12.98+dfsg1-3) unstable; urgency=medium
* Bug fix: "imagemagick no longer sets
"PACKAGE_RELEASE_DATE", thanks to Håvard F. Aasen (Closes:
#1054462).
* Bug fix: "reproducible builds: Embeds different paths on usrmerge
system", thanks to Vagrant Cascadian (Closes: #983303).
-- Bastien Roucariès <email address hidden> Wed, 25 Oct 2023 23:30:18 +0000
-
imagemagick (8:6.9.12.98+dfsg1-2) unstable; urgency=medium
* Upload to unstable
-- Bastien Roucariès <email address hidden> Sun, 22 Oct 2023 15:35:30 +0000
-
imagemagick (8:6.9.11.60+dfsg-1.6) unstable; urgency=high
* Non-maintainer upload
[ Moritz Mühlenhoff ]
* Fix CVE-2022-44267 / CVE-2022-44268 (Closes: #1030767) (LP: #2004580)
-- Jeremy Bicha <email address hidden> Thu, 16 Feb 2023 16:06:07 -0500
-
imagemagick (8:6.9.11.60+dfsg-1.5) unstable; urgency=high
* Non-maintainer upload
[ Nishit Majithia ]
* SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
remote attacker to cause a denial of service via a crafted image file
- debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
to fix division by zeros in coders/jp2.c
- debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
to fix division by zeros in magick/resize.c
- debian/patches/CVE-2021-20244.patch: Avoid division by zero in
magick/fx.c
- debian/patches/CVE-2021-20245.patch: Avoid division by zero in
oders/webp.c
- debian/patches/CVE-2021-20246.patch: Avoid division by zero in
magick/resample.c
- debian/patches/CVE-2021-20309.patch: Avoid division by zero in
magick/fx.c
- CVE-2021-20241
- CVE-2021-20243
- CVE-2021-20244
- CVE-2021-20245
- CVE-2021-20246
- CVE-2021-20309
* SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
imagemagick allow a remote attacker to cause a denial of service or
possible leak of cryptographic information via a crafted image file
- debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
coders/thumbnail.c, division by zero in magick/colorspace.c and
a potential cipher leak in magick/memory.c
- CVE-2021-20312
- CVE-2021-20313
* SECURITY UPDATE: memory leaks when executing convert command
- debian/patches/CVE-2021-3574.patch: fix memory leaks
- CVE-2021-3574
* SECURITY UPDATE: Security Issue when Configuring the ImageMagick
Security Policy
- debian/patches/CVE-2021-39212.patch: Added missing policy checks in
RegisterStaticModules
- CVE-2021-39212 (Closes: #996588)
* SECURITY UPDATE: DoS while processing crafted SVG files
- debian/patches/CVE-2021-4219.patch: fix denial of service
- CVE-2021-4219
* SECURITY UPDATE: use-after-free in magick
- debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
dcm.c
- CVE-2022-1114
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-28463.patch: fix buffer overflow
- CVE-2022-28463 (Closes: #1013282)
* SECURITY UPDATE: out-of-range value
- debian/patches/CVE-2022-32545.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned char in
coders/psd.c.
- debian/patches/CVE-2022-32546.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned long in
coders/pcl.c.
- CVE-2022-32545
- CVE-2022-32546
* SECURITY UPDATE: load of misaligned address
- debian/patches/CVE-2022-32547.patch: addresses the potential for the
loading of misaligned addresses in magick/property.c.
- CVE-2022-32547 (Closes: #1016442)
-- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 21:50:44 -0500
-
imagemagick (8:6.9.11.60+dfsg-1.4) unstable; urgency=medium
* Non-maintainer upload.
[ Vagrant Cascadian ]
* debian/rules: Pass MVDelegate and RMDelegate to configure. (Closes:
#983303)
-- Paul Gevers <email address hidden> Sat, 31 Dec 2022 22:36:57 +0100
-
imagemagick (8:6.9.11.60+dfsg-1.3) unstable; urgency=medium
* Non-maintainer upload.
* autopkgtest: Drop PDF related tests which will fail after disabling
ghostscript handled formats by default (Closes: #987247)
-- Salvatore Bonaccorso <email address hidden> Tue, 20 Apr 2021 16:37:59 +0200
-
imagemagick (8:6.9.11.60+dfsg-1.2) unstable; urgency=medium
* Non-maintainer upload.
* Disable ghostscript handled formats based on -SAFER insecurity
-- Salvatore Bonaccorso <email address hidden> Mon, 19 Apr 2021 20:16:51 +0200
-
imagemagick (8:6.9.11.60+dfsg-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Import upstream patch to fix font size (Closes: #980202).
-- Jochen Sprickerhof <email address hidden> Tue, 13 Apr 2021 20:58:45 +0200
-
imagemagick (8:6.9.11.60+dfsg-1) unstable; urgency=high
* New upstream version
- Bug fix: "gscan2pdf tests fail", thanks to Sergio Durigan Junior
(Closes: #980202).
-- Bastien Roucariès <email address hidden> Mon, 01 Feb 2021 16:22:02 +0000
-
imagemagick (8:6.9.11.58+dfsg-1) unstable; urgency=medium
* New upstream version:
- Fix error on i386 with php
* Bug fix (workarround): "Many doubled www/www; broken links on
index.html", thanks to 積丹尼 Dan Jacobson (Closes: #978138).
-- Bastien Roucariès <email address hidden> Fri, 22 Jan 2021 21:59:16 +0000
-
imagemagick (8:6.9.11.57+dfsg-1) unstable; urgency=medium
* New upstream version:
- Bug fix: "CVE-2020-29599", imagemagick mishandles the
-authenticate option, which allows setting a password
for password-protected PDF files. The user-controlled
password was not properly escaped/sanitized and it
was therefore possible to inject additional shell commands
via coders/pdf.c. Thanks to Salvatore Bonaccorso
(Closes: #977205).
- Bug fix: "CVE-2020-27560: Division by Zero in function
OptimizeLayerFrames", thanks to Salvatore Bonaccorso
(Closes: #972797).
* Fix dh_doxygen FTBFS (Closes: #971216)
-- Bastien Roucariès <email address hidden> Mon, 11 Jan 2021 22:14:26 +0000
-
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
* Acknowledge NMU
* New upstream version:
- Fix CVE-2019-11470: Cineon image parsing DOS (Closes: #927830).
- Fix CVE-2019-11472: XWD image parsing DOS (Closes: #927828).
- Fix CVE-2020-13902: Heap based overflow in TIFF image decoding.
(Closes: #928207).
- Fix CVE-2019-11598: Heap-based buffer over-read in PNM image
decoding (Closes: #928206).
- Fix CVE-2019-12974: NULL pointer dereference in pango coder.
(Closes: #931196).
- Fix CVE-2019-12977: use of uninitialized value" vulnerability
in the WriteJP2Image of jp2 coder (Closes: #931191).
- Fix CVE-2019-12978: use of uninitialized value" vulnerability
in the pango coder. (Closes: #931190).
- Fix CVE-2019-12979: use of uninitialized value" vulnerability
in MagickCore/image.c (Closes: #931189).
- Fix CVE-2019-13135: use of uninitialized value" vulnerability
in the cut coder (Closes: #932079).
- Fix CVE-2019-13295: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931457).
- Fix CVE-2019-13297: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931455).
- Fix CVE-2019-13300: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931454).
- Fix CVE-2019-13304: stack-based buffer overflow for
PNM image (Closes: #931453).
- Fix CVE-2019-13305: stack-based buffer overflow for
PNM image (Closes: #931452).
- Fix CVE-2019-13306: stack-based buffer overflow for
PNM image (Closes: #931449).
- Fix CVE-2019-13307: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931448).
- Fix CVE-2019-13308: heap-based buffer overflow in
MagickCore/fourier.c (Closes: #931447).
- Fix CVE-2019-13391: heap-based buffer over-read (Closes: #931633).
- Fix CVE-2019-13454: Division by Zero in MagickCore/layer.c
(Closes: #931740).
- Fix CVE-2019-14981: divide-by-zero in MeanShiftImage
(Closes: #955025).
- Fix CVE-2019-15139: DOS for XWD images (Closes: #941670).
- Fix CVE-2019-15140: DOS for mat images (Closes: #941671).
- Fix CVE-2019-19948: Heap-based buffer overflow in SGI coder
(Closes: #947308).
- Fix CVE-2019-19949: Heap buffer over-read in PNG coder
(Closes: #947309).
- Fix CVE-2020-10251: out-of-bounds read vulnerability for HEIC
coder (Closes: #953741).
- Fix CVE-2020-13902: heap-based buffer over-read for TIFF coder.
* Bug fix: "Updating the imagemagick Uploaders list", thanks to Tobias
Frost (Closes: #962110). Thanks Nelson A. de Oliveira
* Add link in api doc dir to assets javascript library
* Fix a typo in convert man page (Closes: #953279,#947983,#921594).
* Fix a pkgconfig error that pull q16 instead of q16hdri (Closes: #950282).
-- Bastien Roucariès <email address hidden> Mon, 27 Jul 2020 03:13:36 +0200
-
imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Stack-based buffer overflow in function PopHexPixel in coders/ps.c
(CVE-2019-9956) (Closes: #925395)
* Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650)
(Closes: #926091)
-- Salvatore Bonaccorso <email address hidden> Fri, 03 May 2019 16:34:26 +0200
-
imagemagick (8:6.9.10.23+dfsg-2) unstable; urgency=medium
* Bug fix: "identify 6.9.10-23 does not convert units (pixels per
cm/in)", thanks to Cédric Boutillier (Closes: #918642).
-- Bastien Roucariès <email address hidden> Tue, 08 Jan 2019 15:08:25 +0100
-
imagemagick (8:6.9.10.23+dfsg-1) unstable; urgency=high
* Bug fix: "Silent ABI break in 6.9.10-11 on i386", thanks to Balint
Reczey (Closes: #916839).
* Fix CVE-2018-20467: infinite loop for malformed BMP file
(Closes: #917326).
* Enable HEIF/HEIC image format support (Closes: #914120).
* Enable WEBP image format (Closes: #806425, #912777)
-- Bastien Roucariès <email address hidden> Sun, 06 Jan 2019 21:11:34 +0100
-
imagemagick (8:6.9.10.14+dfsg-7) unstable; urgency=medium
* Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev,
libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne
(Closes: #912833).
-- Bastien Roucariès <email address hidden> Sun, 04 Nov 2018 21:09:08 +0100
-
imagemagick (8:6.9.10.14+dfsg-5) unstable; urgency=high
* Use jdupes instead of rdfind in order to avoid link to build dir
* Bug fix: "Please remove me from uploaders", thanks to Vincent Fourmond
(Closes: #897293).
* Bump policy (no changes)
-- Bastien Roucariès <email address hidden> Thu, 01 Nov 2018 22:07:12 +0100
-
imagemagick (8:6.9.10.14+dfsg-4) unstable; urgency=medium
* Use salsa in control
* Add Pre-depends on dpkg for versionned provides
* Bug fix: "make foreign dependencies on transitional -dev packages
satisfiable", thanks to Helmut Grohne (Closes: #893030).
-- Bastien Roucariès <email address hidden> Wed, 31 Oct 2018 07:27:50 +0100
-
imagemagick (8:6.9.10.14+dfsg-3) unstable; urgency=medium
* Fix FTBFS due to == in control.
-- Bastien Roucariès <email address hidden> Tue, 30 Oct 2018 14:56:27 +0100
-
imagemagick (8:6.9.10.14+dfsg-2) unstable; urgency=medium
* Bug fix: "imagemagick binary-all FTBFS: rdfind: Command not found",
thanks to Adrian Bunk (Closes: #912309).
* Use ${binary:Version} instead of hard coded version for compat dev
packages.
-- Bastien Roucariès <email address hidden> Tue, 30 Oct 2018 10:00:51 +0100
-
imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium
* New upstream version
* Fix new privacy breach
* Fix duplicate files in documentation
* Fix security bugs:
+ CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of
coders/msl.c
+ CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the
coders/bmp.c file can cause a DOS via a crafted bmp file.
+ CVE-2018-18023: A heap-based buffer over-read in the SVGStripString
function of coders/svg.c, which allows attackers to cause a denial
of service via a crafted SVG image file.
+ CVE-2018-16645: Fix an excessive memory allocation issue in the functions
ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c,
which allows remote attackers to cause a denial of service via
a crafted image file.
(Closes: #910889)
+ CVE-2018-16644: Fix a missing check for length in the functions
ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c,
which allows remote attackers to cause a denial of service via
a crafted image.
(Closes: #910888)
+ CVE-2018-16413: Fix a heap-based buffer over-read in the
MagickCore/quantum-private.h PushShortPixel function when called
from the coders/psd.c ParseImageResourceBlocks function.
(Closes: #910887)
+ CVE-2018-16323: Fix an information disclosure vulnerability that existed
in ImageMagick when processing XBM images. An attacker could use this
to expose sensitive information.
(Closes: #907776)
+ CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c
ParseImageResourceBlocks function.
+ CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage
in coders/sgi.c.
+ CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage
in coders/pdb.c.
+ CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage
in coders/bgr.c.
+ CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage
in coders/pcx.c.
-- Bastien Roucariès <email address hidden> Mon, 29 Oct 2018 13:13:38 +0100
-
imagemagick (8:6.9.10.8+dfsg-1) unstable; urgency=high
* New upstream version
* Fix security bugs:
+ CVE-2018-14551: The ReadMATImageV4 function in coders/mat.c
uses an uninitialized variable, leading to memory corruption.
(Closes: #904713)
+ CVE-2018-9135: A heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-14437: Memory leak in parse8BIM in coders/meta.c.
+ CVE-2018-14436: Memory leak in ReadMIFFImage in coders/miff.c.
+ CVE-2018-14435: Memory leak in DecodeImage in coders/pcd.c.
+ CVE-2018-14434: Memory leak for a colormap in WriteMPCImage
in coders/mpc.c.
+ CVE-2018-13153: Memory leak in the XMagickCommand function
in MagickCore/animate.c.
-- Bastien Roucariès <email address hidden> Mon, 30 Jul 2018 15:14:16 +0200
-
imagemagick (8:6.9.10.2+dfsg-3) unstable; urgency=high
* Fix perlmagick (Closes: #903404)
-- Bastien Roucariès <email address hidden> Tue, 10 Jul 2018 00:32:34 +0200
-
imagemagick (8:6.9.10.2+dfsg-2) unstable; urgency=medium
* Upload to unstable
-- Bastien Roucariès <email address hidden> Sun, 08 Jul 2018 18:49:44 +0200
-
imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium
* Fix security bugs (Closes: #890805):
+ Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c
does not properly validate the amount of image data in a file,
which allows remote attackers to cause a denial of service
(memory allocation failure in the AcquireMagickMemory function
in MagickCore/memory.c). (Closes: #891291)
+ Fix CVE-2018-7470: The IsWEBPImageLossless function in
coders/webp.c allows attackers to cause a denial of service
(segmentation violation) via a crafted file.(Closes: #891420)
+ Fix CVE-2017-17880: there is a stack-based buffer over-read in
WriteWEBPImage in coders/webp.c, related to a
WEBP_DECODER_ABI_VERSION check.
* Provide transitional packages from arch:any packages.
(Closes: #893030)
-- Bastien Roucariès <email address hidden> Mon, 19 Mar 2018 17:03:39 +0100
-
imagemagick (8:6.9.9.34+dfsg-3) unstable; urgency=high
* Upload to unstable (urgency high due to security issues).
-- Bastien Roucariès <email address hidden> Sun, 18 Feb 2018 00:12:41 +0100
-
imagemagick (8:6.9.7.4+dfsg-16.1) unstable; urgency=medium
* Non-maintainer upload.
* Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev
and libmagick++-dev. (Closes: #856601)
-- Helmut Grohne <email address hidden> Sun, 28 Jan 2018 15:12:24 +0100
-
imagemagick (8:6.9.7.4+dfsg-16) unstable; urgency=high
* Security fix release
* Fix a memory exhaustion in ReadPSDImage
(Closes: #870530)
* Fix a memory-Leak in ReadPWPImage()
(Closes: #870527)
* Avoid unbounded loop in pwp coder
(Closes: #870526)
* Fix a memory leaks in WriteMSLImage
(Closes: #870525)
* Fix another memory leak in WriteMSLImage
(Closes: #870524)
* Fix a memory exhaustion bug in ReadSUNImage
(Closes: #870504)
* Fix a memory leak in ReadSVGImage
(Closes: #870503)
* Fix a memory leak in WriteMAPImage
(Closes: #870483)
* Fix a memory leak in ReadPICTImage
(Closes: #870502)
* Fix a memory leak in WritePICTImage
(Closes: #870501)
* Fix a memory leak in pdf coder
(Closes: #870492)
* Fix a memory leak in PCX coder
(Closes: #870489)
* Memory exhaustion in PCX coder
(Closes: #870491)
* Memory leak in WriteINLINEImage
(Closes: #870482)
* CVE-2017-11752
The ReadMAGICKImage function in coders/magick.c
allows remote attackers to cause a denial of
service (memory leak) via a crafted file.
(Closes: #870481)
* CVE-2017-11751
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of
service (memory leak) via a crafted file.
(Closes: #870481)
* CVE-2017-11750
Fix improper use of NULL in the JNG decoder
(Closes: #870478)
* memory leak in WriteCALSImage
(Closes: #870475)
-- Bastien Roucariès <email address hidden> Wed, 02 Aug 2017 22:38:50 +0200
-
imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high
* Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3",
thanks to Adrian Bunk and Gianfranco Costamagna
(Closes: #870047).
* Security fixes:
+ CVE-2017-11639
When ImageMagick processes a crafted file in convert,
it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c,
related to the GetPixelLuma function
in MagickCore/pixel-accessor.h.
(Closes: #870065).
+ CVE-2017-11640
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
(Closes: #870067)
+ Validate png file.
Detect corrupted png early and avoid a crash
(Closes: #870105)
+ Heap buffer overflow in ReadOneMNGImage
A crafted file will cause x_off[i] out-of-bound operation vulnerability.
(Closes: #870106)
+ memory exhaustion in ReadOneJNGImage in png.c
When identify JNG file that contains chunk data, imagemagick will
allocate memory to store the chunk data in function ReadOneJNGImage
Due to a lack of valition, memory is not limited for corrupted files.
(Closes: #870107)
+ memory leak in ReadOneJNGImage #550
A crafted file could trigger a memory leak
(Closes: #870108)
+ out-of-bounds read with the MNG CLIP chunk.
(Closes: #870109)
+ coders/png.c: Memory leak Fixed Issue 600
(Closes: #870116)
+ memory leak in ReadOneJNGImage (upstream 602)
Fix a leak triggered by a corrupted file
(Closes: #870115)
+ Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT
Some version of libpng need serialization for error recovery of hard lock
Could be triggered by a corrupted file
(Closes: #870111)
+ memory leak in ReadOneMNGImage #619
A memory leak vulnerability was found in function ReadOneMNGImage,
which allow attackers to cause a denial of service (memory leak) via
a crafted file.
(Closes: #870117)
+ memory leak in ReadOneJNGImage #618
Triggered by a corrupted file
(Closes: #870118)
+ bad free in RelinquishMagickMemory
(Closes: #870119)
+ CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage
(Closes: #870120)
-- Bastien Roucariès <email address hidden> Sat, 29 Jul 2017 17:14:38 +0200
-
imagemagick (8:6.9.7.4+dfsg-14) unstable; urgency=high
* Security bugs:
+ assertion failed in DestroyImageInfo
A assertion failed in DestroyImageInfo, leading to DOS
(Closes: 870014)
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Memory leak in mat coder
Fix a memory leak in mat coder triggered by a special crafted file
(Closes: #870013).
+ Use of uninitialized data in ImageMagick/coders/mat.c
The coder accesses uninitialized data
which might pose a security issue or at least a bug. The first
undefined access happens within coders/mat.c:1196 in a call to
calcMinMax(). The back part of the buffer bImgBuff is now large enough
but does seemingly not contain any sensible data.
(Closes: #870012)
+ CVE-2017-11644
A special crafted file create a memory leak in MAT file coder.
The code need to free two buffer in some exceptionnal
circonstances, instead than just one is freed
(Closes: #870016)
+ Memory leak in mat coder
A special crafted file create a memory leak in MAT coder
(Closes: #870015)
+ Memory leak in mat coder
In case of corrupted file, cloned image (temporarly image) should be freed
(Closes: #870017)
+ assertion failed in DestroyImageInfo due to mat coder
(Closes: #870019)
+ assertion failed in DestroyImage due to mat coder
(Closes: #870020)
+ Memory leak in mat coder (upstream 617)
(Closes: #870021)
+ Memory leak in mat coder (upstream 616)
(Closes: #870022)
+ Memory leak in mat coder (upstream 616)
(Closes: #870023)
-- Bastien Roucariès <email address hidden> Sat, 29 Jul 2017 00:51:39 +0200
-
imagemagick (8:6.9.7.4+dfsg-13) unstable; urgency=high
* Fix a typo in changelog about CVE numbers
* Security fixes:
+ Really Fix CVE-2017-9500 (Closes: #867778)
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-11446 (Closes: #868950)
The ReadPESImage function in coders\pes.c has an infinite
loop vulnerability that can cause CPU exhaustion via a crafted
PES file.
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Use after free in ReadWMFImage
When identify WMF file, a crafted file revealed a use-after-free
vulnerability. (Closes: #869715).
+ CVE-2017-11534: Memory-Leak in lite_font_map()
In coders/wmf.c a memory leak is triggered by a crafted file.
(Closes: #869711).
+ CVE-2017-11537: palm coder FPE
When ImageMagick processes a crafted file in convert, it can
lead to a Floating Point Exception (FPE) in the WritePALMImage()
function in coders/palm.c, related to an incorrect bits-per-pixel
calculation.
(Closes: #869712)
+ Memory leak in WritePALMImage
Fix memory leak due to crafted file in palm coder.
(Closes: #869721)
+ Fix another memory leak in quantize.c
(Closes: #869722)
+ CVE-2017-11531 Memory-Leak in WriteHISTOGRAMImage()
A crafted file could trigger a
Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c
(Closes: #869725)
+ Avoid a crash in mpc coder
A crafted file could trigger a crash in the mpc coder.
(Closes: #869728).
+ Fix a memory leak in enhance.c
Fix a potential memory leak if memory could not be allocated for one
of histogram or stretch_map.
If both cannot be allocated, there is no memory leak. If only one is
allocated and the other fails,
there is a memory leak of the one that could not be allocated. There
is very little chance the allocations would fail.
(Closes: #869769).
+ Fix a memory leak in jpeg and mpc coder
A leak due to exception handling exist in MPC and JPEG coder.
This could be triggerd by a crafted file.
(Closes: #869791).
+ Fix memory exhaustion in mpc coder
When identify MPC file , imagemagick will allocate memory to store the
data.
The function StringToUnsignedLong convert string to unsigned long
type, but the return value was not checked.
Here is my policy.xml to limit memory usage,but 256MB limit
can be bypassed.
(Closes: #869727).
+ Fix a leak in mpc file due to corrupted profiles
(Closes: #869796).
+ CVE-2017-11532: memory leak
When Imagemagick processes a crafted file in convert,
it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
(Closes: #869726)
+ CVE-2017-11535: heap based overflow in ps.c
When ImageMagick processes a crafted file in
convert, it can lead to a heap-based buffer over-read in the
WritePSImage() function in coders/ps.c.
(Closes: #869827)
+ CVE-2017-11536 memory leak in jp2 coder
When ImageMagick processes a crafted file in convert, it
can lead to a Memory Leak in the WriteJP2Image() function in
coders/jp2.c.
(Closes: #869831)
+ Fix a crash in jp2 codec
Lack of validation of jp2 could lead to a crash
(Closes: #869830)
+ CVE-2017-11533: heap buffer overflow in uil coder
When ImageMagick processes a crafted file in convert, it can
lead to a heap-based buffer over-read in the WriteUILImage() function
in coders/uil.c.
(Closes: #869834)
-- Bastien Roucariès <email address hidden> Tue, 25 Jul 2017 22:13:44 +0200
-
imagemagick (8:6.9.7.4+dfsg-12) unstable; urgency=medium
* Fix security bugs:
+ Previous CVE-2017-9144 fix was incomplete.
A crafted RLE image can trigger a crash because of incorrect
EOF handling in coders/rle.c
(Closes: #863126)
+ CVE-2017-10928:
A heap-based buffer over-read in the GetNextToken
function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have
unspecified other impact via a crafted SVG document
that is mishandled in the GetUserSpaceCoordinateValue
function in coders/svg.c.
(Closes: #867367).
+ CVE-2017-9500:
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause
a denial of service via a crafted file.
(Closes: #867778).
+ CVE-2017-9501:
An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.
(Closes: #867721).
+ CVE-2017-9440:
A memory leak was found in the function ReadPSDChannel
in coders/psd.c, which allows attackers to cause a denial
of service via a crafted file.
(Closes: 864273).
+ CVE-2017-9439:
A memory leak was found in the function ReadPDBImage in
coders/pdb.c, which allows attackers to cause a denial of
service via a crafted file.
(Closes: #864274).
+ CVE-2017-11188: CPU exhaustion in ReadDPXImage
Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.
(Closes: #867806)
+ CVE-2017-11141: memory exhaustion in ReadMATImage
When identify MAT file, imagemagick will allocate memory to store data
in function ReadMATImage.
Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
a anysize amount of memory, this may cause a memory exhaustion
(Closes: #868264)
+ CVE-2017-11170: memory exhaustion in ReadTGAImage
When identify VST file, imagemagick will allocate memory to store
data in function ReadTGAImage in coders/tga.c
using tga_info.bits_per_pixel field diretly from VST file without
checking in tga.c
By review the founction code, tga_info.bits_per_pixel max valid
value is 32.
On 32bit os, size_t one will be 32bit, so image->colors can be
overflow to 0.
On 64bit os, size_t one will be 64bit, so image->colors
can be large as 0x100000000(64GB).
(Closes: #868184)
+ Memory exhaustion in ReadCINImage
When identify CIN file that contains User defined data,
imagemagick will allocate memory to store the
data in function ReadCINImage in coders\inc.c
There is a security checking in the function SetImageExtent,
but it after memory allocation, so IM can not control the memory usage
(Closes: #867810)
+ CPU exhaustion in ReadRLEImage
A corrupted rle file could trigger a DOS
(Closes: #867808)
+ Memory leak in ReadDIBImage in dib.c
The ReadDIBImage function in dib.c allows attackers
to cause a denial of service (memory leak)
via a small crafted dib file.
(Closes: #867811)
+ Memory exhaustion in ReadDPXImage in dpx.c
When identify DPX file that contains user header data,
imagemagick will allocate memory to store the data in function
ReadDPXImage in coders\dpx.c
There is a security checking in the function SetImageExtent,
but it is too late, so IM can not control the memory usage.
(Closes: #867812)
+ Enable heap overflow check for stdin for mpc files
Enabling seekable streams is required to ensure checking
the blob size works when an image is streamed on stdin.
(Closes: #867896)
+ Assertion failure in WriteBlob
A crafted file revealed an assertion failure in blob.c.
(Closes: #867798)
+ Memory exhaustion in ReadEPTImage in ept.c
When identify EPT file , imagemagick will allocate memory
to store the data.
There is a security checking in the function SetImageExtent,
but it is not used in the allocation function,
so IM can not control the memory usage.
(Closes: #867821)
+ CPU exhaustion in ReadOneJNGImage
Due to lack of validation of PNG format, imagemagick could loop
2^32 in a CPU intensive loop.
(Closes: #867824, #867825).
+ CPU exhaustion in ReadOneDJVUImag
Due to lack of format validation, a crafted file will cause a
loop to run endless.
(Closes: #867826).
+ Zero pixel buffer
Avoid a data leak in case of incorrect file by clearing a buffer
(Closes: #867893).
+ memory leak in ReadMATImage in mat.c
The ReadMATImage function in mat.c allows attackers to cause a
denial of service (memory leak) via a small crafted mat file.
(Closes: #867823).
+ Avoid heap based overflow for jpeg
A corrupted jpeg file could trigger an heap overflow
(Closes: #867894).
+ Fix a memory leak in screenshot coder
(Closes: #867897)
-- Bastien Roucariès <email address hidden> Fri, 14 Jul 2017 15:35:15 +0200
-
imagemagick (8:6.9.7.4+dfsg-11) unstable; urgency=high
* Fix minor security bugs:
+ CVE-2017-9409: Memory leak in the icon file coder.
(Closes: #864087)
+ CVE-2017-9407: the ReadPALMImage function in palm.c
allows attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #864089).
+ CVE-2017-9409: the ReadMPCImage function in mpc.c
allows attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #864090).
-- Bastien Roucariès <email address hidden> Sun, 04 Jun 2017 12:02:50 +0200
-
imagemagick (8:6.9.7.4+dfsg-10) unstable; urgency=medium
* Fix minor security bugs:
+ CVE-2017-9262: Memory leak in the ReadJNGImage function
(Closes: #863834).
+ CVE-2017-9261: Memory leak in the ReadMNGImage function
(Closes: #863833).
-- Bastien Roucariès <email address hidden> Thu, 01 Jun 2017 11:57:38 +0200
-
imagemagick (8:6.9.7.4+dfsg-9) unstable; urgency=high
* Security fixes assertion failure and memory leaks:
+ Check for EOF conditions for RLE image format. (Closes: #863126).
Fix CVE-2017-9144.
+ A crafted file revealed an assertion failure in blob.c.
(Closes: #863125).
Fix CVE-2017-9142.
+ A crafted file revealed an assertion failure in profile.c.
(Closes: #863124). Fix CVE-2017-9142.
+ Specially crafted arts file could lead to memory leak.
(Closes: #863123). Fix CVE-2017-9143.
* Fix an information leak due to the use of uninitialized memory
in RLE decoder. (Closes: #862967). Fix CVE-2017-9098.
-- Bastien Roucariès <email address hidden> Sat, 27 May 2017 15:54:06 +0200
-
imagemagick (8:6.9.7.4+dfsg-8) unstable; urgency=high
* Bug fix: "Built-Using field with binary version", thanks to Aurelien
Jarno (Closes: #862690).
-- Bastien Roucariès <email address hidden> Mon, 15 May 2017 23:35:30 +0200
-
imagemagick (8:6.9.7.4+dfsg-7) unstable; urgency=medium
* Fix a few securities bug:
+ Fix CVE-2017-8343: The ReadAAIImage function in
aai.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (Closes: #862572).
+ Fix CVE-2017-8344: Fix DOS in PCX file coders.
(Closes: #862574).
+ Fix CVE-2017-8345: The ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #862573)
+ Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file. (Closes: #862575).
+ Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577).
+ Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578).
+ Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579).
+ Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587).
+ Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589).
+ Fix CVE-2017-8352: Fix DOS in xwd file coders. (Closes: #862590).
+ Fix CVE-2017-8353: Fix DOS in pict file coders. (Closes: #862632).
+ Fix CVE-2017-8354: Fix DOS in bmp file coders. (Closes: #862633).
+ Fix CVE-2017-8355: Fix DOS in mtv file coders. (Closes: #862634).
+ Fix CVE-2017-8356: Fix DOS in sun file coders. (Closes: #862635).
+ Fix CVE-2017-8357: Fix DOS in ept file coders. (Closes: #862636).
+ Fix CVE-2017-8765: Fix DOS in icon file coders. (Closes: #862653).
+ Fix CVE-2017-8830: Fix DOS in bmp file coders. (Closes: #862637).
-- Bastien Roucariès <email address hidden> Mon, 15 May 2017 14:59:33 +0200
-
imagemagick (8:6.9.7.4+dfsg-6) unstable; urgency=high
* Fix three securities bug:
+ CVE-2017-7941 memory leak in sgi (Closes: #860734).
+ CVE-2017-7942 memory leak in avs (Closes: #860735).
+ CVE-2017-7943 Memory leak in svg (Closes: #860736).
-- Bastien Roucariès <email address hidden> Wed, 19 Apr 2017 22:23:18 +0200
-
imagemagick (8:6.9.7.4+dfsg-5) unstable; urgency=medium
* Bug fix: "imagemagick-doc upgrade failure: dpkg-maintscript-helper:
error: missing arguments after --", thanks to Adrian Bunk (Closes:
#860280).
-- Bastien Roucariès <email address hidden> Fri, 14 Apr 2017 12:19:36 +0200
-
imagemagick (8:6.9.7.4+dfsg-4) unstable; urgency=high
* Security fixes:
+ CVE-2017-7606: Undefined behavior in rle (Closes: #859771).
+ CVE-2017-7619: Infinite loop due to rounding error (Closes: #859769).
* Bug fix: "fails to upgrade wheezy jessie stretch", thanks
to Andreas Beckmann (Closes: #847282).
-- Bastien Roucariès <email address hidden> Wed, 12 Apr 2017 23:20:43 +0200
-
imagemagick (8:6.9.7.4+dfsg-3) unstable; urgency=medium
* Bug fix: "fails to upgrade wheezy jessie stretch", thanks
to Andreas Beckmann (Closes: #847282).
* Fix man pages typo due to bad pattern in debian/rules
(Closes: #859495).
* Add my debian address.
-- Bastien Roucariès <email address hidden> Tue, 04 Apr 2017 15:05:41 +0200
-
imagemagick (8:6.9.7.4+dfsg-2) unstable; urgency=high
* Fix a few security bugs:
+ Assertion failure in TGA coder (Closes: #856878).
Fix CVE-2017-6498.
+ Out of bound in sun file coder (Closes: #856879).
Fix CVE-2017-6500.
+ Memory leak in libmagick++ library (Closes: #856880).
Fix CVE-2017-6499.
+ Missing null pointer check in xcf coder (Closes: #856881)
and psd coder (Closes: #856882).
Fix CVE-2017-6501 and CVE-2017-6497.
-- Bastien Roucariès <email address hidden> Sun, 05 Mar 2017 23:21:36 +0100
-
imagemagick (8:6.9.7.4+dfsg-1) unstable; urgency=high
* New upstream version:
+ Fix display -loop option not working/missing (Closes: #793629).
+ Honor $TMPDIR (Closes: #791460).
+ Fix inverted colors for monochrome images (Closes: #849507).
+ Fix imagemagick not run from menu in Mate (Closes: #773426).
* Fix a few security bugs:
+ off-by-one string copy in wpg file handling (Closes: #851483).
+ check return of memory allocation in ipl file handling.
(Closes: #851485)
+ Fix a heap overflow in psb file handling (Closes: #851374).
+ Fix Crash - PushQuantumPixel - Heap-Buffer-Overflow in tiff file
handling (Closes: #851381).
+ Fix a memory corruption in psb file (Closes: #851376).
+ Fix an out of bound in psd file handling (Closes: #851377).
+ Check fwrite by using ferror (Closes: #849439). Fix
CVE-2016-10062.
+ Avoid double free in profile.c (Closes: #851383).
+ Fix memory leak in MPC image format. (Closes: #851382).
* update copyright years in debian/copyright.
* Relax ${source:Version} depends for imagemagick-6-common.
* Add more security POC
-- Bastien Roucariès <email address hidden> Sun, 15 Jan 2017 16:38:03 +0100
-
imagemagick (8:6.9.7.0+dfsg-2) unstable; urgency=medium
* Generate symbols file from generic version for core
and wand.
* Bug fix: "also clean up quantum control file fragments during
update_pkg", thanks to Nishanth Aravamudan (Closes: #846261).
* Use %F instead of %f in .desktop file.
* Upload to unstable.
-- Bastien Roucariès <email address hidden> Fri, 30 Dec 2016 09:47:13 +0100
-
imagemagick (8:6.9.6.6+dfsg-1) unstable; urgency=high
* New upstream release.
* Fix CVE-2016-8862: memory allocation failure in
AcquireMagickMemory (memory.c).
(Closes: #845634).
* Drop a few debians patches used by upstream.
-- Bastien Roucariès <email address hidden> Fri, 25 Nov 2016 23:17:24 +0100
-
imagemagick (8:6.9.6.5+dfsg-1) unstable; urgency=high
* Upload to unstable
* Fix CVE-2016-9298: heap overflow in WaveletDenoiseImage().
(Closes: #844211).
* Fixed memory leak in psd file handling.
(Closes: #845239).
* Fix security bug; "Prevent fault in MSL interpreter"
(Closes: #845241).
* Fix null pointer dereference in TIFF file handling
(Closes: #845243).
* Prevent heap buffer overflow in heap-buffer-overflow
in IsPixelGray. Backport fixes from upstream.
(Closes: #845242).
* Supports XPM with > 8464 colours. (Closes: #842632).
* Use safer policy.xml file.
* Improve postinst file by checking version.
* Improve rules by using set -e
-- Bastien Roucariès <email address hidden> Wed, 23 Nov 2016 13:59:54 +0100
-
imagemagick (8:6.9.6.2+dfsg-2) unstable; urgency=medium
* Upload to unstable.
-- Bastien Roucariès <email address hidden> Thu, 13 Oct 2016 12:32:02 +0200
-
imagemagick (8:6.8.9.9-7.2) unstable; urgency=medium
* Non-maintainer upload.
* Remove libjasper-dev dependencies. Closes: #818203
-- Mattia Rizzolo <email address hidden> Mon, 27 Jun 2016 12:55:02 +0000
-
imagemagick (8:6.8.9.9-7.1) unstable; urgency=medium
* Non-maintainer upload.
* 0082-Fix-CVE-2016-5118-disable-filename-pipes.patch:
+ Fix CVE-2016-5118: disable pipes in filenames to avoid arbitrary
command execution. Closes: #825799.
-- Emilio Pozuelo Monfort <email address hidden> Wed, 01 Jun 2016 21:48:10 +0200
-
imagemagick (8:6.8.9.9-7) unstable; urgency=low
* Fix various minor security issues
- Fix an integer overflow that can lead to a buffer overrun
in the icon parsing code (LP: #1459747, closes: #806441)
- Fix an integer overflow that can lead to a double free in
pict parsing (LP: #1448803, closes: #806441).
- Memory Leak while handle psd file (closes: #811308)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
- IM 6.9.2 crash with some PNG (closes: #811308, LP: #1492881)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
- Null pointer access in magick/constitute.c (closes: #811308)
https://github.com/ImageMagick/ImageMagick/pull/34
- PixelColor off by one on i386 (closes: #811308)
https://github.com/ImageMagick/ImageMagick/issues/54
- Fixed other memory leaks (closes: #811308)
-- Vincent Fourmond <email address hidden> Sun, 17 Jan 2016 21:18:19 +0100
-
imagemagick (8:6.8.9.9-6) unstable; urgency=high
* Fix build on mips by printing progress (Closes: #770009).
* Fix a few security bugs: (closes: #799524)
- A DOS on specially crafted MIFF file (TEMP-0000000-FDAC72).
- A DOS on specially crafted Vicar file (TEMP-0000000-EEF23C).
- A DOS on specially crafted HDR file (TEMP-0000000-7C079F).
- A DOS on specially crafted PDB file (TEMP-0000000-2FC21E).
- Avoid a null pointer dereference in JNG decoder.
- Avoid a DOS for RLE file.
- Avoid double free on TGA file.
- Avoid a bufer overflow by using field limit in sprintf.
- Avoid a stack overflow in fx handling.
* Replace density of 1 for JPEG by unknown working around
a TeX bug (Closes: #763799).
-- Bastien Roucariès <email address hidden> Sat, 12 Sep 2015 23:06:08 +0200
-
imagemagick (8:6.8.9.9-5.1) unstable; urgency=medium
* Non-maintainer upload.
[ Matthias Klose ]
* Renamed library for gcc5 transition libmagick++-6.q16-5 ->
libmagick++-6.q16-5v5
[ Simon McVittie ]
* Don't add a lintian override for the libmagick++-6.q16-5v5 name,
current lintian accepts this name
* Don't clear the symbols files for the C ABIs, only the C++ ABI
-- Simon McVittie <email address hidden> Wed, 12 Aug 2015 07:50:55 +0100
-
imagemagick (8:6.8.9.9-5) unstable; urgency=high
* Fix incorrect fix for xpm security problem.
This patch fixed the buffer overflow but
xpm coder output garbage, thanks to Adam Sjøgren
(Closes: #773980).
* Workarround "Imagemagick FTBFS on mips on mips-aql-* not on ball".
Do not execute testsuite if FPU is not present. Security team
want this bug fixed in order to ease it work, thanks
to Ivo De Decker (Closes: #770009).
-- Bastien Roucariès <email address hidden> Mon, 29 Dec 2014 11:51:58 +0100
-
imagemagick (8:6.8.9.9-4) unstable; urgency=high
* Fix a few security bugs (Closes: #773834):
- Avoid a DOS in vision.c due to an infinite loop.
- Avoid a SEGV due to a corrupted pnm file.
- Do not leak fd due to corrupted file.
- Fix a double free in pdb coder.
- Fix a SEGV due to corrupted dpc and xwd images.
- Fix a SEGV in dpx file handler.
- Fix a SEGV in malformed xwd file handler.
- Avoid a NULL pointer dereference in ps file handling.
- Fix a crash with corrupted viff file.
- Fix a NULL pointer dereference in wpg file handling.
- Do not continue on corrupted wpg file.
- Avoid an out of bound access in viff image.
- Avoid a heap buffer overflow in pdb file handling.
- Avoid an out of bound acess on malformed sun file.
- Avoid heap overflow in palm, pnm and xpm files.
- Fix heap overflow in quantum, palm and psd file.
- Fix handling of corrupted of psd, sun and xpm file.
- Fix corrupted (too many colors) psd file.
- Fix an out of bound acess in sun file.
- Fix handling of corrupted sun and wpg file.
- Fix heap overflow in pcx file, psd, pict and wpf files
and DOS in xpm files.
- Add additional PNM sanity checks.
- Avoid a crash to out of memory in magick/cache.c
- Fix a theorical out of bound access in magick/colormap-private.h
- Fix an out of bound access in palm file.
- Fixed throwing of exceptions in psd handling and fix a memory leak.
- Fixed boundary checks in DecodePSDPixels.
- Fix another out of bound problem in rle file.
- Fix crash due to corrupted dib file.
- Added checks to prevent overflow in rle file.
- Impose a limit of 10 million columns or rows in an input PNG
- Don't try to handle a "previous" image in the JNG decoder.
- Avoid a memory leak in quantum management.
- Avoid a crash in png coder.
- Thread limit should be at least 1 in order to be efficient.
- In psd file handling fixed parsing resource block and
avoid a crash.
- In cache fix usage of object after it has been destroyed.
- Avoid a memory leak in rle file handling.
- During identification of image do not fill memory
-- Bastien Roucariès <email address hidden> Tue, 23 Dec 2014 22:02:08 +0100
-
imagemagick (8:6.8.9.9-3) unstable; urgency=high
* Fix a security bug (DOS). Some special crafted JPEG
files could create a dos due to missing check in
embeded EXIF properties (EXIF directory offsets
must be greater than 0). Fix CVE-2014-8716
(Closes: #768494).
-- Bastien Roucariès <email address hidden> Fri, 07 Nov 2014 21:16:20 +0100
-
imagemagick (8:6.8.9.9-2) unstable; urgency=high
* Remove build-dep loop. Remove inkscape.
-- Bastien Roucariès <email address hidden> Tue, 28 Oct 2014 18:48:01 +0100
-
imagemagick (8:6.8.9.9-1) unstable; urgency=high
* New upstream version, fixing four security problems:
- Remotely DOS: "convert +profile regression enters
infinite loop exhausting memory", thanks to
Yuri D'Elia (Closes: #764872).
- Fixed buffer overflow in PCX and DCM coder.
- Don't clone a 0x0 image breaking some assumption
in client code.
- Off-by-one count when parsing an 8BIM profile.
* Fix identify -quiet has non zero exit code on warnings
(Closes: #763686).
* Fix "convert -crop" doesn't just crop,
but makes the output darker than the input (Closes: #731157).
* Fix identify warning is now an error (Closes: #761918).
* Fix unrecognized color in xpm image (Closes: #754107).
* Fix display exits with non-zero return code (Closes: #763794).
* Fix imagemagick changes contrast of b/w images.
(Closes: #712493).
* Fix desktop file icons are not displayed due to wrong icon names.
(Closes: #765416, #758276).
* Tighten up the depends between imagemagick-common and other components.
(Closes: #753770).
* Add obsolete config scripts (not multiarch safe) to
/usr/lib/$DEB_HOST_MULTIARCH/ImageMagick-6/bin-$QUANTUMDEPTH/
where $DEB_HOST_MULTIARCH is the multiarch triplet and
$QUANTUMDEPTH is the current quantum depth.
(Closes: #764899). Document it under NEWS (Closes: #761927).
* Bump policy version. No changes.
-- Bastien Roucariès <email address hidden> Mon, 27 Oct 2014 13:24:54 +0100
-
imagemagick (8:6.8.9.6-4) unstable; urgency=medium
* Upload to unstable
-- Bastien Roucariès <email address hidden> Fri, 05 Sep 2014 21:58:20 +0200
-
imagemagick (8:6.7.7.10+dfsg-5) unstable; urgency=medium
* Apply patch courtesy of Hilko Bengen <email address hidden> to fix FTBS on ppc64le
(closes: #760079)
* Now running dh-autoreconf to ensure smooth builds on newer arches
* Disable silent rules in configure, they are a real pain when one needs to debug
failed builds from build logs
-- Vincent Fourmond <email address hidden> Wed, 03 Sep 2014 23:18:08 +0200
-
imagemagick (8:6.7.7.10+dfsg-4) unstable; urgency=medium
* Prepare perl transition (/usr/lib/perl5 move to
/usr/lib/$ARCH_TRIPLET/perl5/) and avoid FTBFS (closes: #750095).
-- Bastien Roucariès <email address hidden> Sun, 01 Jun 2014 20:49:48 +0200
-
imagemagick (8:6.7.7.10+dfsg-3) unstable; urgency=low
* Deactivate parallel build to avoid spurious FTBSes (damn #704225)
-- Vincent Fourmond <email address hidden> Sun, 25 May 2014 14:19:02 +0200
-
imagemagick (8:6.7.7.10+dfsg-2) unstable; urgency=low
* Drop build dependency on graphicsmagick, but use built imagemagick
(closes: #747822)
-- Vincent Fourmond <email address hidden> Mon, 12 May 2014 23:02:58 +0200
-
imagemagick (8:6.7.7.10+dfsg-1) unstable; urgency=high
* Fix three security bugs (Closes: #740250):
- Fix CVE-2014-1958 and CVE-2014-2030, two buffer overflow
in psd file handling.
- Fix CVE-2014-1947 a buffer overflow in log handling.
* repack due to license problem (Closes: #734800).
-- Bastien Roucariès <email address hidden> Sun, 02 Mar 2014 19:28:30 +0100
-
imagemagick (8:6.7.7.10-7) unstable; urgency=low
* Backporting SVN revision 10757 in the hope to fix the build with newer
freetype (closes: #732418), running autoconf at beginning of build to
regenerate configure (but not dh-autoreconf, it seems to make a mess
of the build system)
-- Vincent Fourmond <email address hidden> Sun, 22 Dec 2013 21:34:19 +0100
-
imagemagick (8:6.7.7.10-6) unstable; urgency=high
* Security Fix: Buffer overflow "Memory corruption while processing
GIF comments.", (Closes: #721273).
-- Bastien Roucariès <email address hidden> Fri, 30 Aug 2013 00:29:40 +0200
-
imagemagick (8:6.7.7.10-5) unstable; urgency=high
* Fix three security bug (Closes: #692367):
- Fix a memory leak: after setjmp used variable need to be volatile.
Fix jpeg and png coder.
- Fix a memory leak: in webp handling add a forgotten WebPPictureFree
- Fix another memory leak in case of corrupted image in magick++ read method.
-- Bastien Roucariès <email address hidden> Mon, 05 Nov 2012 13:55:44 +0100
-
imagemagick (8:6.7.7.10-4) unstable; urgency=high
* Security Bug fix: "Fails an assertion due to OpenMP related problem",
thanks to Willi Mann (Closes: #685903).
-- Bastien Roucariès <email address hidden> Mon, 27 Aug 2012 11:50:22 +0200
-
imagemagick (8:6.7.7.10-3) unstable; urgency=high
* Bug fix: "CVE-2012-3437", ImageMagick: Magick_png_malloc() size
argument thanks to Moritz Muehlenhoff (Closes: #683285).
-- Bastien Roucariès <email address hidden> Mon, 30 Jul 2012 22:47:47 +0200
-
imagemagick (8:6.7.7.10-2) unstable; urgency=low
* Really solve the upgrade problem (Closes: #679188, #679063).
* Build-depend on debhelper >= 9~
-- Vincent Fourmond <email address hidden> Fri, 29 Jun 2012 23:18:39 +0200
-
imagemagick (8:6.7.7.10-1) unstable; urgency=low
* Bug fix: "fails to upgrade from wheezy - trying to overwrite
/usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/pango.so",
thanks to Andreas Beckmann (Closes: #679188 and Closes: #679063).
* New upstream version:
- Fix FTBS on arm (closes: #679430).
- drop previous patch queue (merged upstream).
- Fix pointer size missmatch.
- Document feature: "SVG displayed in wrong size", thanks to Marc-Jano Knopp
(Closes: #632526).
-- Bastien Roucariès <email address hidden> Thu, 28 Jun 2012 17:44:21 +0200
-
imagemagick (8:6.7.7.9-1) unstable; urgency=low
[ Bastien Roucariès ]
* New upstream version
* Bug fix: "Menu entry of imagemagick does not launch it", thanks to
Michael Biebl (Closes: #675453).
* Bug fix: "Please include large 256x256px icon", thanks to Ralph
Aichinger (Closes: #675484). Add scalable icons, 16x16, 32x32, 48x48
* Copyright review:
- move to dep5 format.
- Remove dot support due to incompatibility between EPL and GPL
(Closes: #677413).
- Remove non modifiable sRGB.icc (Closes: #677414).
* Add automation script for source download and git machinery
* Use manual delegate to rsvg for icons creation
* Documentation bugfixes:
- Bug fix: "identify man page lists writing options even though command
is readonly", thanks to jidanni; (Closes: #636932).
- Bug fix: "SYNOPSIS should drive home more than one input-file point",
thanks to jidanni; (Closes: #662579).
- Bug fix: "document that they are no way to make real white
and black jpg", thanks to jidanni. format.html under upstream
documentation say now: "Note, JPEG is a lossy compression.
In addition, you cannot create black and white images with JPEG
nor can you save transparency." (Closes: #603097).
- Bug fix: "convert -- [man] input-options and output-options not
referenced", thanks to Jari Aalto (Closes: #602474). Now man
page read: "Use any setting or operator as an output-option.
Only a limited number of setting are input-option,
they include: [...]"
[ Vincent Fourmond ]
* Enable pango support (closes: #678390), placed in libmagickcore5-extra
* Use graphicsmagick's convert for building the XPM files, in order to
avoid circular dependencies
* Add a reference to the GPL and Artistic license in debian/copyright
* Word-wrap changelog
-- Vincent Fourmond <email address hidden> Mon, 25 Jun 2012 22:55:44 +0200
-
imagemagick (8:6.7.7.2-1) unstable; urgency=low
[ Bastien Roucariès ]
* New upstream version:
- Drop previous patches: merged upstream.
- Bug fix: "identify -verbose reports incorrect Class (correct w/o
-verbose)", thanks to Jason Woofenden (Closes: #656942).
- Bug fix: "conversion to postscript is missing grestore in DisplayImage
definition", thanks to Daniel Kahn Gillmor (Closes: #655762).
* Bug fix: "mailcap still broken (as #589887)", thanks to Felix
Salfelder (Closes: #619667):
- revert bug fix #562959.
- replace display by display.im6
* Bug fix: "Please add imagemagick.desktop", thanks to Sérgio Cipolla
(Closes: #621799).
* Add xz support.
* Bug fix: "Obsolete conffile /etc/ImageMagick/sRGB.icm not cleaned up
on upgrade", thanks to Josh Triplett (Closes: #669964).
[ Vincent Fourmond ]
* Improve the new hook scripts
* Fix (very) minor typo in package description (closes: #675011)
-- Bastien Roucariès <email address hidden> Tue, 29 May 2012 11:23:50 +0200
-
imagemagick (8:6.7.4.0-5) unstable; urgency=high
* Bug fix when converting from pdf to png, thanks to Thomas
Preud'homme (Closes: #668214).
* Provides: libmagickcore-extra in order to avoid broken depends. Thanks
to Julien Cristau (closes: #667826). Urgency high to make sure the
FTBS-inducing bug is closed fast...
-- Bastien Roucariès <email address hidden> Mon, 16 Apr 2012 11:18:10 +0200
-
imagemagick (8:6.7.4.0-4) unstable; urgency=high
* Fix CVE-2012-0259 / CVE-2012-0260 / CVE-2012-1798 /
CVE-2012-1610 (Closes: #667635)
- Vulnerability CVE-2012-0259 can cause a DoS in a system
via handing JPEG files with invalid EXIF XResolution tag.
- Vulnerability CVE-2012-0260 can lead to excessive use of
memory in target system, when processing a malicious JPEG file.
Excessive use of memory can lead to denial of service.
- Vulnerability CVE-2012-1798 can cause program to crash when
reading invalid memory, while parsing EXIF IFD in a TIFF file.
- Vulnerability CVE-2012-1610 Fix a Potential EXIF Integer Overflow
* Fix menu file to run display.im6 instead of display (fix lintian warning)
-- Bastien Roucariès <email address hidden> Tue, 10 Apr 2012 17:24:02 +0200
-
imagemagick (8:6.7.4.0-3) unstable; urgency=low
[ Bastien Roucariès ]
* Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186"
(Closes: #665007)
[ Vincent Fourmond ]
* Uploading to unstable, opening the way for the transition (see bug
#652650)
* Hurray, it seems the package conforms to standards 3.9.3 !
-- Vincent Fourmond <email address hidden> Sun, 01 Apr 2012 20:51:53 +0200
-
imagemagick (8:6.6.9.7-7) unstable; urgency=high
* Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186"
(Closes: #665007)
* Bumping urgency to high to fix open security issue in testing
-- Bastien Roucariès <email address hidden> Tue, 27 Mar 2012 16:47:41 +0200
-
imagemagick (8:6.6.9.7-6) unstable; urgency=high
* Security bug fix: "Invalid validation DoS
CVE-2012-0247/CVE-2012-02478", thanks to Henri Salo (Closes: #659339).
* Bumping urgency to high to fix open security issue in testing
* Apply patch from revision r6606 to fix compilation with newer zlib.
-- Vincent Fourmond <email address hidden> Wed, 22 Feb 2012 23:08:56 +0100
-
imagemagick (8:6.6.9.7-5) unstable; urgency=low
* Replace a overlapped memcopy by a memmove * Fix a PNG reduction bug "Corrupted (?) icons", thanks to Torbjörn Andersson <email address hidden> (Closes: #630619). * Fix parallel build issue. Make debian/rules install target depend on check. Thanks Colin Watson <email address hidden> (Closes: #593041). -- Bastien Roucariès <email address hidden> Thu, 16 Jun 2011 00:18:36 +0200
-
imagemagick (8:6.6.9.7-4) unstable; urgency=low
[ Bastien Roucariès ] * Acknowledge NMUs. Thanks Vincent Fourmond. * Add Vincent Fourmond as comaintainer. * Fixed one-off bug in option parser (Closes: #609177). * Move configuration files to a common package: Fix bug "non-versioned files in a shared library packages is *wrong*", thanks to Julien Cristau (Closes: #629945). [ Vincent Fourmond ] * Do not forget to depend on that package... * And add a Replaces: libmagickcore4 (= 8:6.6.9.7-3.1) stanza on imagemagick-common to allow a neat upgrade path. -- Vincent Fourmond <email address hidden> Sat, 11 Jun 2011 21:31:54 +0200
-
imagemagick (8:6.6.9.7-3.1) unstable; urgency=low
* Non-maintainer upload, with permission of Bastien Roucariès * Move configuration file to the libmagickcore4 package where they belong. -- Vincent Fourmond <email address hidden> Fri, 03 Jun 2011 00:17:27 +0200
-
imagemagick (8:6.6.9.7-2) unstable; urgency=low
* Upload to unstable -- Bastien Roucariès <email address hidden> Fri, 06 May 2011 19:26:53 +0200
-
imagemagick (8:6.6.0.4-3) unstable; urgency=medium
* Apply fix for reading config files from current directory, found by
Jakub Wilk <email address hidden> (Closes: #601824).
Thanks to Andreas Metzler <email address hidden> for the nicely
formatted patch.
-- Nelson A. de Oliveira <email address hidden> Tue, 16 Nov 2010 10:53:04 -0200
-
imagemagick (8:6.6.0.4-2.2) unstable; urgency=low
* Non-maintainer upload.
* Change Recommends on ufraw to ufraw-batch (closes: #579775).
-- Julien Cristau <email address hidden> Tue, 10 Aug 2010 18:21:24 -0400
-
imagemagick (8:6.6.0.4-2.1) unstable; urgency=low
* Non-maintainer upload.
* Re-upload 6.6.0.4 with bumped epoch to revert ABI breakage (closes:
#587227).
-- Julien Cristau <email address hidden> Thu, 05 Aug 2010 13:19:32 -0400
-
imagemagick (7:6.6.2.6-1) unstable; urgency=low
* New upstream release;
* Change Recommends on ufraw to ufraw-batch (Closes: #579775);
* Fix FTBFS when using dash to run the configure script, by setting
CONFIG_SHELL=/bin/bash (Closes: #582073, #583024). Thank you, Niko Tyni!
-- Nelson A. de Oliveira <email address hidden> Sun, 20 Jun 2010 19:59:55 -0300
-
imagemagick (7:6.6.0.4-2) unstable; urgency=low
* Revert debian/patches/type.xml.patch for now, while we address this issue
with upstream (Closes: #573983).
* debian/control: make libmagickcore3-extra provides libmagickcore-extra
(Closes: #574058). Thanks, Stuart Prescott!
-- Nelson A. de Oliveira <email address hidden> Wed, 17 Mar 2010 10:18:13 -0300
-
imagemagick (7:6.6.0.4-1) unstable; urgency=low
* New upstream release.
* Upload to unstable.
-- Nelson A. de Oliveira <email address hidden> Fri, 12 Mar 2010 15:13:35 -0300
-
imagemagick (7:6.5.8.3-1) unstable; urgency=low
* New upstream release:
- Fix the display of consecutive images with 'display' (Closes: #558046).
* Convert package to the new format 3.0 (quilt);
* Add some packages to Recommends, as they are necessary to convert to/from
some formats (Closes: #557734):
- ghostscript, netpbm, ufraw.
* Like above, also add some packages to Suggests:
- autotrace, cups-bsd | lpr | lprng, curl, enscript, ffmpeg, gimp, gnuplot,
grads, groff-base, hp2xx, html2ps, libwmf-bin, mplayer, povray, radiance,
sane-utils, texlive-base-bin, transfig, ufraw, xdg-utils.
-- Nelson A. de Oliveira <email address hidden> Sun, 06 Dec 2009 10:28:52 -0200
-
imagemagick (7:6.5.7.8-1) unstable; urgency=low
* New upstream release;
* Fix recommends on libmagickcore2-extra (Closes: #556360);
* Fix versioned dependency on libmagick* libs (Closes: #556740).
-- Nelson A. de Oliveira <email address hidden> Tue, 17 Nov 2009 16:46:29 -0200
-
imagemagick (7:6.5.7.7-1) unstable; urgency=low
* New upstream release;
- Fixes "perferred" typos (Closes: #550503). Thanks A. Costa!
- Patch to fix FTBFS on hurd-i386 has been merged upstream
(Closes: #551017). Thanks Pino Toscano!
* Upload to unstable.
-- Nelson A. de Oliveira <email address hidden> Sat, 14 Nov 2009 15:07:22 -0200
-
imagemagick (7:6.5.5.3-1) unstable; urgency=low
* New upstream release;
* Removed SA35216.diff as it was fixed upstream;
* The imagemagick package now suggests imagemagick-doc (Closes: #523401);
* "identify -verbose" now displays EXIF thumbnail info (Closes: #527918);
* Fix image placing when displaying to the X server root (Closes: #523608);
* Fix wrong exit code in display (Closes: #524058);
* Fix loading of MS Windows icons with compressed PNG elements
(Closes: #534159);
* Fix requirement of an X server for running display (Closes: #533494);
* Fix title misplacing with montage (Closes: #528569);
* Fix filetype detection with mogrify (Closes: #531350);
* Fix image loop with "display -delay" (Closes: #529702);
* Fix crashing on non-image XML files with identify (Closes: #533704);
* Add debian/README.source;
* debian/control: updated libltdl-dev dependency;
* debian/rules:
- updated build process for PerlMagick;
- empties dependency_libs from *.la files.
* Updated Standards-Version:
- disable tests when nocheck is present.
-- Nelson A. de Oliveira <email address hidden> Thu, 27 Aug 2009 00:15:35 -0300
-
imagemagick (7:6.5.1.0-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Apply upstream patch to fix integer overflow in XMakeImage()
(SA35216.diff; Closes: #530838).
-- Nico Golde <email address hidden> Fri, 29 May 2009 12:46:08 +0200
-
imagemagick (7:6.5.1.0-1) unstable; urgency=low
* New upstream release;
* Upload to unstable;
* Add libmagickcore-dev dependency on liblqr-1-0-dev (Closes: #521871);
* Fixes segfault while converting to Braille format (Closes: #521395);
* Fixes conversion from SVG to PNG (Closes: #520412);
* Change imagemagick-dbg section to "debug".
-- Nelson A. de Oliveira <email address hidden> Thu, 09 Apr 2009 14:02:38 -0300
-
imagemagick (7:6.3.7.9.dfsg2-1) unstable; urgency=medium
* Repackage upstream tarball to replace non-free fonts (Closes: #510751).
-- Nelson A. de Oliveira <email address hidden> Sat, 14 Mar 2009 15:32:48 -0300
-
imagemagick (7:6.3.7.9.dfsg1-3) unstable; urgency=low
* Include missing config files (LP: #303477).
-- Nelson A. de Oliveira <email address hidden> Wed, 10 Dec 2008 08:12:08 -0200
-
imagemagick (7:6.3.7.9.dfsg1-2.1+lenny1) testing-proposed-updates; urgency=high
* Reupload to tpu
-- Moritz Muehlenhoff <email address hidden> Wed, 12 Nov 2008 00:07:36 +0100
-
imagemagick (7:6.3.7.9.dfsg1-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team:
* Fix CVE-2008-1096 (patch taken from Red Hat)
-- Moritz Muehlenhoff <email address hidden> Sat, 11 Oct 2008 00:17:21 +0200
