diff -Nru imagemagick-6.7.7.10/debian/changelog imagemagick-6.7.7.10/debian/changelog --- imagemagick-6.7.7.10/debian/changelog 2017-07-21 13:59:31.000000000 +0000 +++ imagemagick-6.7.7.10/debian/changelog 2017-07-31 11:24:18.000000000 +0000 @@ -1,3 +1,13 @@ +imagemagick (8:6.7.7.10-6ubuntu3.9) trusty-security; urgency=medium + + * SECURITY REGRESSION: image composite function regression (LP: #1707015) + - disabled the following patches which cause issue: + 0224-Ensure-token-does-not-overflow.patch, + 0225-Fix-off-by-one-error-when-checking-token-length.patch, + 0226-Use-proper-cast.patch. + + -- Marc Deslauriers Mon, 31 Jul 2017 07:24:18 -0400 + imagemagick (8:6.7.7.10-6ubuntu3.8) trusty-security; urgency=medium * SECURITY UPDATE: multiple security issues diff -Nru imagemagick-6.7.7.10/debian/patches/0227-CVE-2017-10928.patch imagemagick-6.7.7.10/debian/patches/0227-CVE-2017-10928.patch --- imagemagick-6.7.7.10/debian/patches/0227-CVE-2017-10928.patch 2017-07-21 13:47:41.000000000 +0000 +++ imagemagick-6.7.7.10/debian/patches/0227-CVE-2017-10928.patch 2017-07-31 11:24:11.000000000 +0000 @@ -21,15 +21,15 @@ Index: imagemagick-6.7.7.10/magick/token.c =================================================================== ---- imagemagick-6.7.7.10.orig/magick/token.c 2017-07-21 09:45:54.069251335 -0400 -+++ imagemagick-6.7.7.10/magick/token.c 2017-07-21 09:47:24.621255558 -0400 -@@ -179,10 +179,13 @@ MagickExport void GetMagickToken(const c - size_t - extent = MaxTextExtent-1; +--- imagemagick-6.7.7.10.orig/magick/token.c 2017-07-31 07:22:28.457067853 -0400 ++++ imagemagick-6.7.7.10/magick/token.c 2017-07-31 07:24:03.161072269 -0400 +@@ -176,9 +176,13 @@ MagickExport void GetMagickToken(const c + register ssize_t + i; + size_t + length; - ++ assert(start != (const char *) NULL); assert(token != (char *) NULL); i=0; @@ -37,30 +37,29 @@ for (p=start; *p != '\0'; ) { while ((isspace((int) ((unsigned char) *p)) != 0) && (*p != '\0')) -@@ -219,6 +222,8 @@ MagickExport void GetMagickToken(const c +@@ -214,6 +218,8 @@ MagickExport void GetMagickToken(const c + break; } - if (i < (ssize_t) (extent-1)) - token[i++]=(*p); + token[i++]=(*p); + if ((p-start) >= length) + break; } break; } -@@ -241,8 +246,12 @@ MagickExport void GetMagickToken(const c +@@ -234,7 +240,11 @@ MagickExport void GetMagickToken(const c if ((p != q) && (*p != ',')) { for ( ; (p < q) && (*p != ','); p++) + { - if (i < (ssize_t) (extent-1)) - token[i++]=(*p); + token[i++]=(*p); + if ((p-start) >= length) + break; + } if (*p == '%') - if (i < (ssize_t) (extent-1)) - token[i++]=(*p++); -@@ -273,7 +282,11 @@ MagickExport void GetMagickToken(const c - token[i++]=(*p); + token[i++]=(*p++); + break; +@@ -261,7 +271,11 @@ MagickExport void GetMagickToken(const c + token[i++]=(*p); if ((*p == ')') && (*(p-1) != '\\')) break; + if ((p-start) >= length) diff -Nru imagemagick-6.7.7.10/debian/patches/series imagemagick-6.7.7.10/debian/patches/series --- imagemagick-6.7.7.10/debian/patches/series 2017-07-21 13:58:16.000000000 +0000 +++ imagemagick-6.7.7.10/debian/patches/series 2017-07-31 11:20:15.000000000 +0000 @@ -216,9 +216,9 @@ 0220-CVE-2017-9407-the-ReadPALMImage-function-in-palm.c-a.patch 0221-CVE-2017-9405-the-ReadICONImage-function-in-icon.c-4.patch 0222-CVE-2017-9439.patch -0224-Ensure-token-does-not-overflow.patch -0225-Fix-off-by-one-error-when-checking-token-length.patch -0226-Use-proper-cast.patch +#0224-Ensure-token-does-not-overflow.patch +#0225-Fix-off-by-one-error-when-checking-token-length.patch +#0226-Use-proper-cast.patch 0227-CVE-2017-10928.patch 0228-1-2-Enable-heap-overflow-check-for-stdin-for-mpc-fil.patch 0229-1-2-CPU-exhaustion-in-ReadDPXImage.patch