diff -Nru imagemagick-6.8.9.9/debian/changelog imagemagick-6.8.9.9/debian/changelog --- imagemagick-6.8.9.9/debian/changelog 2019-06-14 17:59:51.000000000 +0000 +++ imagemagick-6.8.9.9/debian/changelog 2019-11-11 18:57:51.000000000 +0000 @@ -1,3 +1,20 @@ +imagemagick (8:6.8.9.9-7ubuntu5.15) xenial-security; urgency=medium + + * SECURITY UPDATE: multiple security issues + - debian/patches/CVE-*.patch: backport multiple upstream commits. + - CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12977, + CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13137, + CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, + CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, + CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13391, + CVE-2019-13454, CVE-2019-14981, CVE-2019-15139, CVE-2019-15140, + CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, + CVE-2019-16713 + * debian/patches/300-disable-ghostscript-formats.patch: also disable + PS2 and PS3 content per VU#332928 recommendations. + + -- Marc Deslauriers Mon, 11 Nov 2019 13:57:08 -0500 + imagemagick (8:6.8.9.9-7ubuntu5.14) xenial-security; urgency=medium * SECURITY UPDATE: multiple security issues diff -Nru imagemagick-6.8.9.9/debian/patches/300-disable-ghostscript-formats.patch imagemagick-6.8.9.9/debian/patches/300-disable-ghostscript-formats.patch --- imagemagick-6.8.9.9/debian/patches/300-disable-ghostscript-formats.patch 2018-09-11 22:52:23.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/300-disable-ghostscript-formats.patch 2019-11-11 18:05:21.000000000 +0000 @@ -2,6 +2,8 @@ Subject: disable ghostscript handled formats based on -SAFER insecurity Based on Tavis Ormandy's Recommendations +updated: 2019-11-11 + --- config/policy.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) @@ -10,12 +12,14 @@ =================================================================== --- a/config/policy.xml +++ b/config/policy.xml -@@ -66,4 +72,9 @@ +@@ -66,4 +72,11 @@ + + ++ ++ + + + diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-12974.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-12974.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-12974.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-12974.patch 2019-11-11 18:55:12.000000000 +0000 @@ -0,0 +1,42 @@ +From b4391bdd60df0a77e97a6ef1674f2ffef0e19e24 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 23 Mar 2019 16:19:07 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1515 + +--- + coders/pango.c | 7 +++++-- + coders/vid.c | 7 +++++-- + 2 files changed, 10 insertions(+), 4 deletions(-) + +--- a/coders/pango.c ++++ b/coders/pango.c +@@ -188,8 +188,11 @@ static Image *ReadPANGOImage(const Image + property=InterpretImageProperties(image_info,image,option+6); + else + property=InterpretImageProperties(image_info,image,option); +- (void) SetImageProperty(image,"caption",property); +- property=DestroyString(property); ++ if (property != (char *) NULL) ++ { ++ (void) SetImageProperty(image,"caption",property); ++ property=DestroyString(property); ++ } + caption=ConstantString(GetImageProperty(image,"caption")); + /* + Get context. +--- a/coders/vid.c ++++ b/coders/vid.c +@@ -172,8 +172,11 @@ static Image *ReadVIDImage(const ImageIn + if (next_image == (Image *) NULL) + break; + label=InterpretImageProperties(image_info,next_image,DefaultTileLabel); +- (void) SetImageProperty(next_image,"label",label); +- label=DestroyString(label); ++ if (label != (char *) NULL) ++ { ++ (void) SetImageProperty(next_image,"label",label); ++ label=DestroyString(label); ++ } + if (image_info->debug != MagickFalse) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "geometry: %.20gx%.20g",(double) next_image->columns,(double) diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-12975-1.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-12975-1.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-12975-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-12975-1.patch 2019-11-11 18:55:14.000000000 +0000 @@ -0,0 +1,39 @@ +From c01d8b02f3fa912a320ddad07a03212822f267ec Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 23 Mar 2019 14:52:24 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1517 + +--- + coders/dpx.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/coders/dpx.c ++++ b/coders/dpx.c +@@ -1970,13 +1970,16 @@ static MagickBooleanType WriteDPXImage(c + pixels=GetQuantumPixels(quantum_info); + for (y=0; y < (ssize_t) image->rows; y++) + { ++ size_t ++ length; ++ + p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception); + if (p == (const PixelPacket *) NULL) + break; +- (void) ExportQuantumPixels(image,(const CacheView *) NULL,quantum_info, ++ length=ExportQuantumPixels(image,(const CacheView *) NULL,quantum_info, + quantum_type,pixels,&image->exception); + count=WriteBlob(image,extent,pixels); +- if (count != (ssize_t) extent) ++ if (count != (ssize_t) length) + break; + status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, + image->rows); +@@ -1984,6 +1987,8 @@ static MagickBooleanType WriteDPXImage(c + break; + } + quantum_info=DestroyQuantumInfo(quantum_info); ++ if (y < (ssize_t) image->rows) ++ ThrowWriterException(CorruptImageError,"UnableToWriteImageData"); + (void) CloseBlob(image); + return(status); + } diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-12975-2.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-12975-2.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-12975-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-12975-2.patch 2019-11-11 18:55:16.000000000 +0000 @@ -0,0 +1,23 @@ +From b9c3aa197020ca091a21145cf46855afd4ddcb07 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 30 Mar 2019 08:46:12 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1517 + +--- + coders/dpx.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/coders/dpx.c ++++ b/coders/dpx.c +@@ -1978,8 +1978,10 @@ static MagickBooleanType WriteDPXImage(c + break; + length=ExportQuantumPixels(image,(const CacheView *) NULL,quantum_info, + quantum_type,pixels,&image->exception); ++ if (length == 0) ++ break; + count=WriteBlob(image,extent,pixels); +- if (count != (ssize_t) length) ++ if (count != (ssize_t) extent) + break; + status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, + image->rows); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-12976.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-12976.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-12976.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-12976.patch 2019-11-11 18:06:23.000000000 +0000 @@ -0,0 +1,25 @@ +Backport of: + +From ff840181f631b1b7f29160cae24d792fcd176bae Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 23 Mar 2019 14:36:27 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1520 + +--- + coders/pcl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/coders/pcl.c ++++ b/coders/pcl.c +@@ -319,7 +319,10 @@ static Image *ReadPCLImage(const ImageIn + else + delegate_info=GetDelegateInfo("pcl:color",(char *) NULL,exception); + if (delegate_info == (const DelegateInfo *) NULL) +- return((Image *) NULL); ++ { ++ image=DestroyImage(image); ++ return((Image *) NULL); ++ } + *options='\0'; + if ((page.width == 0) || (page.height == 0)) + (void) ParseAbsoluteGeometry(PSPageGeometry,&page); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-12977.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-12977.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-12977.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-12977.patch 2019-11-11 18:55:19.000000000 +0000 @@ -0,0 +1,19 @@ +From e6103897fae2ed47e24b9cf7de719eea877b0504 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 23 Mar 2019 16:13:55 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1518 + +--- + coders/jp2.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/coders/jp2.c ++++ b/coders/jp2.c +@@ -849,6 +849,7 @@ static MagickBooleanType WriteJP2Image(c + /* + Set tile size. + */ ++ (void) memset(&geometry,0,sizeof(geometry)); + flags=ParseAbsoluteGeometry(image_info->extract,&geometry); + parameters.cp_tdx=(int) geometry.width; + parameters.cp_tdy=(int) geometry.width; diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-12978.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-12978.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-12978.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-12978.patch 2019-11-11 18:55:21.000000000 +0000 @@ -0,0 +1,20 @@ +From ae1ded6140bfa8ae9f6dcba5413b72d98ed94614 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 23 Mar 2019 14:42:22 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1519 + +--- + coders/pango.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/coders/pango.c ++++ b/coders/pango.c +@@ -177,6 +177,8 @@ static Image *ReadPANGOImage(const Image + assert(exception->signature == MagickSignature); + image=AcquireImage(image_info); + (void) ResetImagePage(image,"0x0+0+0"); ++ if ((image->columns != 0) && (image->rows != 0)) ++ (void) SetImageBackgroundColor(image); + /* + Format caption. + */ diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-12979.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-12979.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-12979.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-12979.patch 2019-11-11 18:55:23.000000000 +0000 @@ -0,0 +1,27 @@ +From 27b1c74979ac473a430e266ff6c4b645664bc805 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 23 Mar 2019 14:05:29 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1522 + +--- + magick/image.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/magick/image.c ++++ b/magick/image.c +@@ -250,10 +250,11 @@ MagickExport Image *AcquireImage(const I + geometry_info; + + flags=ParseGeometry(image_info->density,&geometry_info); +- image->x_resolution=geometry_info.rho; +- image->y_resolution=geometry_info.sigma; +- if ((flags & SigmaValue) == 0) +- image->y_resolution=image->x_resolution; ++ if ((flags & RhoValue) != 0) ++ image->x_resolution=geometry_info.rho; ++ image->y_resolution=image->x_resolution; ++ if ((flags & SigmaValue) != 0) ++ image->y_resolution=geometry_info.sigma; + } + if (image_info->page != (char *) NULL) + { diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13135.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13135.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13135.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13135.patch 2019-11-11 17:58:52.000000000 +0000 @@ -0,0 +1,19 @@ +From 1e59b29e520d2beab73e8c78aacd5f1c0d76196d Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Tue, 18 Jun 2019 11:45:11 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1599 + +--- + coders/cut.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/coders/cut.c ++++ b/coders/cut.c +@@ -555,6 +555,7 @@ static Image *ReadCUTImage(const ImageIn + BImgBuff=(unsigned char *) AcquireQuantumMemory((size_t) ldblk, + sizeof(*BImgBuff)); /*Ldblk was set in the check phase*/ + if(BImgBuff==NULL) goto NoMemory; ++ (void) memset(BImgBuff,0,(size_t) ldblk*sizeof(*BImgBuff)); + + offset=SeekBlob(image,6 /*sizeof(Header)*/,SEEK_SET); + if (offset < 0) diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13137.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13137.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13137.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13137.patch 2019-11-11 18:55:26.000000000 +0000 @@ -0,0 +1,21 @@ +Backport of: + +From 7d11230060fa9c8f67e53c85224daf6648805c7b Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Tue, 18 Jun 2019 11:54:17 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1601 + +--- + coders/ps.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/coders/ps.c ++++ b/coders/ps.c +@@ -806,6 +806,7 @@ static Image *ReadPSImage(const ImageInf + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, + "InvalidGeometry","`%s'",option); ++ geometry=DestroyString(geometry); + image=DestroyImage(image); + return((Image *) NULL); + } diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13295.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13295.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13295.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13295.patch 2019-11-11 13:10:50.000000000 +0000 @@ -0,0 +1,22 @@ +From 55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Fri, 21 Jun 2019 16:52:14 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1608 + +--- + magick/threshold.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/magick/threshold.c b/magick/threshold.c +index 763eb8552..a53e839e6 100644 +--- a/magick/threshold.c ++++ b/magick/threshold.c +@@ -202,6 +202,8 @@ MagickExport Image *AdaptiveThresholdImage(const Image *image, + threshold_image=CloneImage(image,0,0,MagickTrue,exception); + if (threshold_image == (Image *) NULL) + return((Image *) NULL); ++ if (width == 0) ++ return(threshold_image); + if (SetImageStorageClass(threshold_image,DirectClass) == MagickFalse) + { + InheritException(exception,&threshold_image->exception); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13297.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13297.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13297.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13297.patch 2019-11-11 13:10:55.000000000 +0000 @@ -0,0 +1,22 @@ +From 35c7032723d85eee7318ff6c82f031fa2666b773 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Fri, 21 Jun 2019 17:30:44 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1609 + +--- + magick/threshold.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/threshold.c b/magick/threshold.c +index a53e839e6..4a8c6b2e7 100644 +--- a/magick/threshold.c ++++ b/magick/threshold.c +@@ -202,7 +202,7 @@ MagickExport Image *AdaptiveThresholdImage(const Image *image, + threshold_image=CloneImage(image,0,0,MagickTrue,exception); + if (threshold_image == (Image *) NULL) + return((Image *) NULL); +- if (width == 0) ++ if ((width == 0) || (height == 0)) + return(threshold_image); + if (SetImageStorageClass(threshold_image,DirectClass) == MagickFalse) + { diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13300.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13300.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13300.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13300.patch 2019-11-11 18:20:23.000000000 +0000 @@ -0,0 +1,57 @@ +Backport of: + +From 5e409ae7a389cdf2ed17469303be3f3f21cec450 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 16 Jun 2019 14:36:10 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1586 + +--- + magick/statistic.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -149,9 +149,12 @@ static MagickPixelPacket **DestroyPixelT + return(pixels); + } + +-static MagickPixelPacket **AcquirePixelThreadSet(const Image *image, ++static MagickPixelPacket **AcquirePixelThreadSet(const Image *images, + const size_t number_images) + { ++ const Image ++ *next; ++ + MagickPixelPacket + **pixels; + +@@ -160,6 +163,7 @@ static MagickPixelPacket **AcquirePixelT + j; + + size_t ++ columns, + number_threads; + + number_threads=(size_t) GetMagickResourceLimit(ThreadResource); +@@ -168,15 +172,17 @@ static MagickPixelPacket **AcquirePixelT + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); + (void) ResetMagickMemory(pixels,0,number_threads*sizeof(*pixels)); +- next=image; ++ columns=images->columns; ++ for (next=images; next != (Image *) NULL; next=next->next) ++ columns=MagickMax(next->columns,columns); + for (i=0; i < (ssize_t) number_threads; i++) + { +- pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(image->columns, ++ pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns, + sizeof(**pixels)); + if (pixels[i] == (MagickPixelPacket *) NULL) + return(DestroyPixelThreadSet(pixels)); +- for (j=0; j < (ssize_t) image->columns; j++) +- GetMagickPixelPacket(image,&pixels[i][j]); ++ for (j=0; j < (ssize_t) columns; j++) ++ GetMagickPixelPacket(images,&pixels[i][j]); + } + return(pixels); + } diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13300-pre0.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13300-pre0.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13300-pre0.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13300-pre0.patch 2019-11-11 18:55:29.000000000 +0000 @@ -0,0 +1,73 @@ +From 43cefeb92fc3b5cdfa90bf148255288cd4c9c3b0 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 9 Jan 2016 09:59:39 -0500 +Subject: [PATCH] + http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28952 + +--- + magick/statistic.c | 30 +++++++++++++++++++----------- + 1 file changed, 19 insertions(+), 11 deletions(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -152,15 +152,18 @@ static MagickPixelPacket **DestroyPixelT + static MagickPixelPacket **AcquirePixelThreadSet(const Image *image, + const size_t number_images) + { +- register ssize_t +- i, +- j; ++ const Image ++ *next; + + MagickPixelPacket + **pixels; + ++ register ssize_t ++ i, ++ j; ++ + size_t +- length, ++ columns, + number_threads; + + number_threads=(size_t) GetMagickResourceLimit(ThreadResource); +@@ -169,16 +172,21 @@ static MagickPixelPacket **AcquirePixelT + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); + (void) ResetMagickMemory(pixels,0,number_threads*sizeof(*pixels)); ++ next=image; ++ columns=next->columns; ++ for (i=0; i < (ssize_t) number_images; i++) ++ { ++ if (columns < next->columns) ++ columns=next->columns; ++ next=next->next; ++ } + for (i=0; i < (ssize_t) number_threads; i++) + { +- length=image->columns; +- if (length < number_images) +- length=number_images; +- pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(length, ++ pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns, + sizeof(**pixels)); + if (pixels[i] == (MagickPixelPacket *) NULL) + return(DestroyPixelThreadSet(pixels)); +- for (j=0; j < (ssize_t) length; j++) ++ for (j=0; j < (ssize_t) columns; j++) + GetMagickPixelPacket(image,&pixels[i][j]); + } + return(pixels); +@@ -637,8 +645,8 @@ MagickExport Image *EvaluateImages(const + + if (status == MagickFalse) + continue; +- q=QueueCacheViewAuthenticPixels(evaluate_view,0,y, +- image->columns,1,exception); ++ q=QueueCacheViewAuthenticPixels(evaluate_view,0,y,image->columns,1, ++ exception); + if (q == (PixelPacket *) NULL) + { + status=MagickFalse; diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13300-pre1.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13300-pre1.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13300-pre1.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13300-pre1.patch 2019-11-11 18:55:31.000000000 +0000 @@ -0,0 +1,92 @@ +From 23fb88d1c557da0132257d92688894a7597a918d Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 10 Jan 2016 08:39:56 -0500 +Subject: [PATCH] Utilize virtual pixel when evaluating an image sequence + +--- + magick/statistic.c | 28 +++++++++------------------- + 1 file changed, 9 insertions(+), 19 deletions(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -152,9 +152,6 @@ static MagickPixelPacket **DestroyPixelT + static MagickPixelPacket **AcquirePixelThreadSet(const Image *image, + const size_t number_images) + { +- const Image +- *next; +- + MagickPixelPacket + **pixels; + +@@ -163,7 +160,6 @@ static MagickPixelPacket **AcquirePixelT + j; + + size_t +- columns, + number_threads; + + number_threads=(size_t) GetMagickResourceLimit(ThreadResource); +@@ -173,20 +169,13 @@ static MagickPixelPacket **AcquirePixelT + return((MagickPixelPacket **) NULL); + (void) ResetMagickMemory(pixels,0,number_threads*sizeof(*pixels)); + next=image; +- columns=next->columns; +- for (i=0; i < (ssize_t) number_images; i++) +- { +- if (columns < next->columns) +- columns=next->columns; +- next=next->next; +- } + for (i=0; i < (ssize_t) number_threads; i++) + { +- pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns, ++ pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(image->columns, + sizeof(**pixels)); + if (pixels[i] == (MagickPixelPacket *) NULL) + return(DestroyPixelThreadSet(pixels)); +- for (j=0; j < (ssize_t) columns; j++) ++ for (j=0; j < (ssize_t) image->columns; j++) + GetMagickPixelPacket(image,&pixels[i][j]); + } + return(pixels); +@@ -214,8 +203,8 @@ static int IntensityCompare(const void * + + color_1=(const MagickPixelPacket *) x; + color_2=(const MagickPixelPacket *) y; +- intensity=(int) MagickPixelIntensity(color_2)- +- (int) MagickPixelIntensity(color_1); ++ intensity=(int) MagickPixelIntensity(color_2)-(int) ++ MagickPixelIntensity(color_1); + return(intensity); + } + +@@ -538,8 +527,8 @@ MagickExport Image *EvaluateImages(const + + if (status == MagickFalse) + continue; +- q=QueueCacheViewAuthenticPixels(evaluate_view,0,y, +- image->columns,1,exception); ++ q=QueueCacheViewAuthenticPixels(evaluate_view,0,y,image->columns,1, ++ exception); + if (q == (PixelPacket *) NULL) + { + status=MagickFalse; +@@ -666,14 +655,15 @@ MagickExport Image *EvaluateImages(const + *p; + + image_view=AcquireVirtualCacheView(next,exception); +- p=GetCacheViewVirtualPixels(image_view,0,y,next->columns,1,exception); ++ p=GetCacheViewVirtualPixels(image_view,0,y,image->columns,1, ++ exception); + if (p == (const PixelPacket *) NULL) + { + image_view=DestroyCacheView(image_view); + break; + } + indexes=GetCacheViewVirtualIndexQueue(image_view); +- for (x=0; x < (ssize_t) next->columns; x++) ++ for (x=0; x < (ssize_t) image->columns; x++) + { + evaluate_pixel[x].red=ApplyEvaluateOperator(random_info[id], + GetPixelRed(p),i == 0 ? AddEvaluateOperator : op, diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13301.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13301.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13301.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13301.patch 2019-11-11 18:55:34.000000000 +0000 @@ -0,0 +1,27 @@ +Backport of: + +From 0b7d3675438cbcde824e751895847a0794406e08 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 15 Jun 2019 22:04:30 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1589 + +--- + magick/annotate.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/magick/annotate.c ++++ b/magick/annotate.c +@@ -281,7 +281,12 @@ MagickExport MagickBooleanType AnnotateI + (void) ParseGeometry(annotate_info->geometry,&geometry_info); + } + if (SetImageStorageClass(image,DirectClass) == MagickFalse) +- return(MagickFalse); ++ { ++ annotate_info=DestroyDrawInfo(annotate_info); ++ annotate=DestroyDrawInfo(annotate); ++ textlist=(char **) RelinquishMagickMemory(textlist); ++ return(MagickFalse); ++ } + if (IsGrayColorspace(image->colorspace) != MagickFalse) + (void) SetImageColorspace(image,sRGBColorspace); + status=MagickTrue; diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-1.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-1.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-1.patch 2019-11-11 18:40:34.000000000 +0000 @@ -0,0 +1,28 @@ +Backport of: + +From bfa3b9610c83227894c92b0d312ad327fceb6241 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Fri, 21 Jun 2019 20:33:10 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1614 + +--- + coders/pnm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1761,13 +1761,13 @@ static MagickBooleanType WritePNMImage(c + { + *q++=(unsigned char) (GetPixelLuma(image,p) >= (QuantumRange/2.0) ? + '0' : '1'); +- *q++=' '; + if ((q-pixels+1) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); + q=pixels; + } ++ *q++=' '; + p++; + } + if (image->previous == (Image *) NULL) diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-2.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-2.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-2.patch 2019-11-11 18:41:17.000000000 +0000 @@ -0,0 +1,22 @@ +Backport of: + +From a2f84f23d064e98f423aa0d050ff98838cf0a1b1 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 10 Aug 2019 07:25:32 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1614 + +--- + coders/pnm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1761,7 +1761,7 @@ static MagickBooleanType WritePNMImage(c + { + *q++=(unsigned char) (GetPixelLuma(image,p) >= (QuantumRange/2.0) ? + '0' : '1'); +- if ((q-pixels+1) >= sizeof(pixels)) ++ if ((q-pixels+2) >= (ssize_t) sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-pre1.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-pre1.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-pre1.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13304-pre1.patch 2019-11-11 18:39:32.000000000 +0000 @@ -0,0 +1,60 @@ +Partial backport of: + +From 1684c4c35fa5a84e296d9b8a6fae6627fa046941 Mon Sep 17 00:00:00 2001 +From: cristy +Date: Fri, 22 May 2015 22:10:27 +0000 +Subject: [PATCH] + +--- + coders/pnm.c | 52 ++++++++++++++++++++++++++++++---------------------- + 1 file changed, 30 insertions(+), 22 deletions(-) + +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1762,7 +1762,7 @@ static MagickBooleanType WritePNMImage(c + *q++=(unsigned char) (GetPixelLuma(image,p) >= (QuantumRange/2.0) ? + '0' : '1'); + *q++=' '; +- if ((q-pixels+2) >= 80) ++ if ((q-pixels+1) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); +@@ -1828,7 +1828,7 @@ static MagickBooleanType WritePNMImage(c + extent=(size_t) count; + (void) strncpy((char *) q,buffer,extent); + q+=extent; +- if ((q-pixels+extent) >= 80) ++ if ((q-pixels+extent+1) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); +@@ -1836,6 +1836,9 @@ static MagickBooleanType WritePNMImage(c + } + p++; + } ++ *q++='\n'; ++ (void) WriteBlob(image,q-pixels,pixels); ++ q=pixels; + if (image->previous == (Image *) NULL) + { + status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, +@@ -1900,7 +1903,7 @@ static MagickBooleanType WritePNMImage(c + extent=(size_t) count; + (void) strncpy((char *) q,buffer,extent); + q+=extent; +- if ((q-pixels+extent) >= 80) ++ if ((q-pixels+extent+1) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); +@@ -1908,6 +1911,9 @@ static MagickBooleanType WritePNMImage(c + } + p++; + } ++ *q++='\n'; ++ (void) WriteBlob(image,q-pixels,pixels); ++ q=pixels; + if (image->previous == (Image *) NULL) + { + status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13305-1.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13305-1.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13305-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13305-1.patch 2019-11-11 18:55:39.000000000 +0000 @@ -0,0 +1,29 @@ +From cb5ec7d98195aa74d5ed299b38eff2a68122f3fa Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Fri, 21 Jun 2019 20:16:54 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1612 + +--- + coders/pnm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1828,7 +1828,7 @@ static MagickBooleanType WritePNMImage(c + extent=(size_t) count; + (void) strncpy((char *) q,buffer,extent); + q+=extent; +- if ((q-pixels+extent+1) >= sizeof(pixels)) ++ if ((q-pixels+extent+2) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); +@@ -1903,7 +1903,7 @@ static MagickBooleanType WritePNMImage(c + extent=(size_t) count; + (void) strncpy((char *) q,buffer,extent); + q+=extent; +- if ((q-pixels+extent+1) >= sizeof(pixels)) ++ if ((q-pixels+extent+2) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13305-2.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13305-2.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13305-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13305-2.patch 2019-11-11 18:55:41.000000000 +0000 @@ -0,0 +1,47 @@ +From 5c7fbf9a14fb83c9685ad69d48899f490a37609d Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Fri, 21 Jun 2019 20:27:25 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1613 + +--- + coders/pnm.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1826,14 +1826,14 @@ static MagickBooleanType WritePNMImage(c + count=(ssize_t) FormatLocaleString(buffer,MaxTextExtent,"%u ", + ScaleQuantumToLong(index)); + extent=(size_t) count; +- (void) strncpy((char *) q,buffer,extent); +- q+=extent; +- if ((q-pixels+extent+2) >= sizeof(pixels)) ++ if ((q-pixels+extent+1) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); + q=pixels; + } ++ (void) strncpy((char *) q,buffer,extent); ++ q+=extent; + p++; + } + *q++='\n'; +@@ -1901,14 +1901,14 @@ static MagickBooleanType WritePNMImage(c + ScaleQuantumToLong(GetPixelGreen(p)), + ScaleQuantumToLong(GetPixelBlue(p))); + extent=(size_t) count; +- (void) strncpy((char *) q,buffer,extent); +- q+=extent; +- if ((q-pixels+extent+2) >= sizeof(pixels)) ++ if ((q-pixels+extent+1) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); + q=pixels; + } ++ (void) strncpy((char *) q,buffer,extent); ++ q+=extent; + p++; + } + *q++='\n'; diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-1.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-1.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-1.patch 2019-11-11 19:30:09.000000000 +0000 @@ -0,0 +1,47 @@ +Backport of: + +From 91e58d967a92250439ede038ccfb0913a81e59fe Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 22 Jun 2019 08:23:29 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1615 + +--- + magick/statistic.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -94,6 +94,9 @@ + #include "magick/utility.h" + #include "magick/version.h" + ++ ++#define MagickMax(x,y) (((x) > (y)) ? (x) : (y)) ++ + /* + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + % % +@@ -164,18 +167,17 @@ static MagickPixelPacket **AcquirePixelT + + size_t + columns, +- number_threads; ++ rows; + +- number_threads=(size_t) GetMagickResourceLimit(ThreadResource); +- pixels=(MagickPixelPacket **) AcquireQuantumMemory(number_threads, +- sizeof(*pixels)); ++ rows=MagickMax(GetImageListLength(images), ++ (size_t) GetMagickResourceLimit(ThreadResource)); ++ pixels=(MagickPixelPacket **) AcquireQuantumMemory(rows,sizeof(*pixels)); + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); +- (void) ResetMagickMemory(pixels,0,number_threads*sizeof(*pixels)); + columns=images->columns; + for (next=images; next != (Image *) NULL; next=next->next) + columns=MagickMax(next->columns,columns); +- for (i=0; i < (ssize_t) number_threads; i++) ++ for (i=0; i < (ssize_t) rows; i++) + { + pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns, + sizeof(**pixels)); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-2.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-2.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-2.patch 2019-11-11 19:30:21.000000000 +0000 @@ -0,0 +1,68 @@ +From e6d26d4e2f07375ddbf46a857d309d51eeff7ee1 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 22 Jun 2019 09:04:54 -0400 +Subject: [PATCH] ... + +--- + magick/statistic.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -139,13 +139,19 @@ + % + */ + +-static MagickPixelPacket **DestroyPixelThreadSet(MagickPixelPacket **pixels) ++static MagickPixelPacket **DestroyPixelThreadSet(const Image *images, ++ MagickPixelPacket **pixels) + { + register ssize_t + i; + ++ size_t ++ rows; ++ + assert(pixels != (MagickPixelPacket **) NULL); +- for (i=0; i < (ssize_t) GetMagickResourceLimit(ThreadResource); i++) ++ rows=MagickMax(GetImageListLength(images), ++ (size_t) GetMagickResourceLimit(ThreadResource)); ++ for (i=0; i < (ssize_t) rows; i++) + if (pixels[i] != (MagickPixelPacket *) NULL) + pixels[i]=(MagickPixelPacket *) RelinquishMagickMemory(pixels[i]); + pixels=(MagickPixelPacket **) RelinquishMagickMemory(pixels); +@@ -174,6 +180,7 @@ static MagickPixelPacket **AcquirePixelT + pixels=(MagickPixelPacket **) AcquireQuantumMemory(rows,sizeof(*pixels)); + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); ++ (void) memset(pixels,0,rows*sizeof(*pixels)); + columns=images->columns; + for (next=images; next != (Image *) NULL; next=next->next) + columns=MagickMax(next->columns,columns); +@@ -182,7 +189,7 @@ static MagickPixelPacket **AcquirePixelT + pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns, + sizeof(**pixels)); + if (pixels[i] == (MagickPixelPacket *) NULL) +- return(DestroyPixelThreadSet(pixels)); ++ return(DestroyPixelThreadSet(images,pixels)); + for (j=0; j < (ssize_t) columns; j++) + GetMagickPixelPacket(images,&pixels[i][j]); + } +@@ -757,7 +764,7 @@ MagickExport Image *EvaluateImages(const + } + } + evaluate_view=DestroyCacheView(evaluate_view); +- evaluate_pixels=DestroyPixelThreadSet(evaluate_pixels); ++ evaluate_pixels=DestroyPixelThreadSet(images,evaluate_pixels); + random_info=DestroyRandomInfoThreadSet(random_info); + if (status == MagickFalse) + image=DestroyImage(image); +@@ -2674,7 +2681,7 @@ MagickExport Image *PolynomialImageChann + } + } + polynomial_view=DestroyCacheView(polynomial_view); +- polynomial_pixels=DestroyPixelThreadSet(polynomial_pixels); ++ polynomial_pixels=DestroyPixelThreadSet(images,polynomial_pixels); + if (status == MagickFalse) + image=DestroyImage(image); + return(image); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-3.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-3.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13307-3.patch 2019-11-11 19:30:24.000000000 +0000 @@ -0,0 +1,20 @@ +From 643921ca69a20b203faebd0b287d8b7012dc749d Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 22 Jun 2019 10:25:00 -0400 +Subject: [PATCH] ... + +--- + magick/statistic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -181,7 +181,7 @@ static MagickPixelPacket **AcquirePixelT + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); + (void) memset(pixels,0,rows*sizeof(*pixels)); +- columns=images->columns; ++ columns=GetImageListLength(images); + for (next=images; next != (Image *) NULL; next=next->next) + columns=MagickMax(next->columns,columns); + for (i=0; i < (ssize_t) rows; i++) diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13309.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13309.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13309.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13309.patch 2019-11-11 18:56:34.000000000 +0000 @@ -0,0 +1,30 @@ +Backport of: + +From 5982632109cad48bc6dab867298fdea4dea57c51 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 23 Jun 2019 11:47:36 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1616 + +--- + wand/mogrify.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/wand/mogrify.c ++++ b/wand/mogrify.c +@@ -7814,6 +7814,8 @@ WandExport MagickBooleanType MogrifyImag + channel,metric,&distortion,exception); + if (difference_image == (Image *) NULL) + break; ++ reconstruct_image=DestroyImage(reconstruct_image); ++ image=DestroyImage(image); + if (*images != (Image *) NULL) + *images=DestroyImage(*images); + *images=difference_image; +@@ -8125,6 +8127,7 @@ WandExport MagickBooleanType MogrifyImag + q=GetImageFromList(*images,index-1); + if (q == (Image *) NULL) + { ++ p=DestroyImage(p); + (void) ThrowMagickException(exception,GetMagickModule(), + OptionError,"NoSuchImage","`%s'",argv[i+1]); + status=MagickFalse; diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13311.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13311.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13311.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13311.patch 2019-11-11 18:56:43.000000000 +0000 @@ -0,0 +1,78 @@ +From bb812022d0bc12107db215c981cab0b1ccd73d91 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Mon, 1 Jul 2019 19:53:22 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1623 + +--- + wand/mogrify.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +--- a/wand/mogrify.c ++++ b/wand/mogrify.c +@@ -7735,6 +7735,9 @@ WandExport MagickBooleanType MogrifyImag + clut_image=RemoveFirstImageFromList(images); + if (clut_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ image=DestroyImage(image); + status=MagickFalse; + break; + } +@@ -7779,9 +7782,6 @@ WandExport MagickBooleanType MogrifyImag + } + if (LocaleCompare("compare",option+1) == 0) + { +- const char +- *option; +- + double + distortion; + +@@ -7802,6 +7802,9 @@ WandExport MagickBooleanType MogrifyImag + reconstruct_image=RemoveFirstImageFromList(images); + if (reconstruct_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ image=DestroyImage(image); + status=MagickFalse; + break; + } +@@ -7857,6 +7860,9 @@ WandExport MagickBooleanType MogrifyImag + composite_image=RemoveFirstImageFromList(images); + if (composite_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ image=DestroyImage(image); + status=MagickFalse; + break; + } +@@ -8057,6 +8063,9 @@ WandExport MagickBooleanType MogrifyImag + hald_image=RemoveFirstImageFromList(images); + if (hald_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ image=DestroyImage(image); + status=MagickFalse; + break; + } +@@ -8087,11 +8096,16 @@ WandExport MagickBooleanType MogrifyImag + phase_image=RemoveFirstImageFromList(images); + if (phase_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ magnitude_image=DestroyImage(magnitude_image); + status=MagickFalse; + break; + } + fourier_image=InverseFourierTransformImage(magnitude_image, + phase_image,*option == '-' ? MagickTrue : MagickFalse,exception); ++ magnitude_image=DestroyImage(magnitude_image); ++ phase_image=DestroyImage(phase_image); + if (fourier_image == (Image *) NULL) + break; + if (*images != (Image *) NULL) diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-13454.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-13454.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-13454.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-13454.patch 2019-11-11 18:56:45.000000000 +0000 @@ -0,0 +1,88 @@ +Backport of: + +From 4f31d78716ac94c85c244efcea368fea202e2ed4 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Mon, 8 Jul 2019 06:21:03 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1629 + +--- + magick/layer.c | 56 ++++++++++++++++++++++++++------------------------ + 1 file changed, 29 insertions(+), 27 deletions(-) + +--- a/magick/layer.c ++++ b/magick/layer.c +@@ -1634,45 +1634,47 @@ MagickExport void OptimizeImageTranspare + % o exception: return any errors or warnings in this structure. + % + */ +-MagickExport void RemoveDuplicateLayers(Image **images, +- ExceptionInfo *exception) ++MagickExport void RemoveDuplicateLayers(Image **images,ExceptionInfo *exception) + { +- register Image +- *curr, +- *next; +- + RectangleInfo + bounds; + ++ register Image ++ *image, ++ *next; ++ + assert((*images) != (const Image *) NULL); + assert((*images)->signature == MagickSignature); + if ((*images)->debug != MagickFalse) +- (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",(*images)->filename); ++ (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s", ++ (*images)->filename); + assert(exception != (ExceptionInfo *) NULL); + assert(exception->signature == MagickSignature); +- +- curr=GetFirstImageInList(*images); +- for (; (next=GetNextImageInList(curr)) != (Image *) NULL; curr=next) ++ image=GetFirstImageInList(*images); ++ for ( ; (next=GetNextImageInList(image)) != (Image *) NULL; image=next) + { +- if ( curr->columns != next->columns || curr->rows != next->rows +- || curr->page.x != next->page.x || curr->page.y != next->page.y ) ++ if ((image->columns != next->columns) || (image->rows != next->rows) || ++ (image->page.x != next->page.x) || (image->page.y != next->page.y)) + continue; +- bounds=CompareImageBounds(curr,next,CompareAnyLayer,exception); +- if ( bounds.x < 0 ) { +- /* +- the two images are the same, merge time delays and delete one. +- */ +- size_t time; +- time = curr->delay*1000/curr->ticks_per_second; +- time += next->delay*1000/next->ticks_per_second; +- next->ticks_per_second = 100L; +- next->delay = time*curr->ticks_per_second/1000; +- next->iterations = curr->iterations; +- *images = curr; +- (void) DeleteImageFromList(images); +- } ++ bounds=CompareImageBounds(image,next,CompareAnyLayer,exception); ++ if (bounds.x < 0) ++ { ++ /* ++ Two images are the same, merge time delays and delete one. ++ */ ++ size_t ++ time; ++ ++ time=1000*image->delay*PerceptibleReciprocal(image->ticks_per_second); ++ time+=1000*next->delay*PerceptibleReciprocal(next->ticks_per_second); ++ next->ticks_per_second=100L; ++ next->delay=time*image->ticks_per_second/1000; ++ next->iterations=image->iterations; ++ *images=image; ++ (void) DeleteImageFromList(images); ++ } + } +- *images = GetFirstImageInList(*images); ++ *images=GetFirstImageInList(*images); + } + + /* diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-14981.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-14981.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-14981.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-14981.patch 2019-11-11 18:56:47.000000000 +0000 @@ -0,0 +1,20 @@ +From b522d2d857d2f75b659936b59b0da9df1682c256 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Thu, 18 Apr 2019 19:55:44 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1552 + +--- + magick/feature.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/magick/feature.c ++++ b/magick/feature.c +@@ -2250,7 +2250,7 @@ MagickExport Image *MeanShiftImage(const + } + } + } +- gamma=1.0/count; ++ gamma=PerceptibleReciprocal(count); + mean_location.x=gamma*sum_location.x; + mean_location.y=gamma*sum_location.y; + mean_pixel.red=gamma*sum_pixel.red; diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-15139-1.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-15139-1.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-15139-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-15139-1.patch 2019-11-11 18:53:22.000000000 +0000 @@ -0,0 +1,30 @@ +Backport of: + +From 6d46f0a046a58e7c4567a86ba1b9cb847d5b1968 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 20 Apr 2019 09:39:53 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1553 + +--- + coders/xwd.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/coders/xwd.c ++++ b/coders/xwd.c +@@ -238,6 +238,8 @@ static Image *ReadXWDImage(const ImageIn + ThrowReaderException(CorruptImageError,"FileFormatVersionMismatch"); + if (header.header_size < sz_XWDheader) + ThrowReaderException(CorruptImageError,"CorruptImage"); ++ if ((MagickSizeType) header.xoffset >= GetBlobSize(image)) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + switch (header.visual_class) { + case StaticGray: + case GrayScale: +@@ -627,6 +629,7 @@ ModuleExport size_t RegisterXWDImage(voi + entry->encoder=(EncodeImageHandler *) WriteXWDImage; + #endif + entry->magick=(IsImageFormatHandler *) IsXWD; ++ entry->seekable_stream=MagickTrue; + entry->adjoin=MagickFalse; + entry->description=ConstantString("X Windows system window dump (color)"); + entry->module=ConstantString("XWD"); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-15139-2.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-15139-2.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-15139-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-15139-2.patch 2019-11-11 18:54:29.000000000 +0000 @@ -0,0 +1,47 @@ +Backport of: + +From e295b8193a1413a39d5c0b3e18fa7ca952c35cdf Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 20 Apr 2019 12:18:23 -0400 +Subject: [PATCH] ... + +--- + coders/xwd.c | 12 ++++++------ + configure | 2 +- + 2 files changed, 7 insertions(+), 7 deletions(-) + +--- a/coders/xwd.c ++++ b/coders/xwd.c +@@ -238,7 +238,7 @@ static Image *ReadXWDImage(const ImageIn + ThrowReaderException(CorruptImageError,"FileFormatVersionMismatch"); + if (header.header_size < sz_XWDheader) + ThrowReaderException(CorruptImageError,"CorruptImage"); +- if ((MagickSizeType) header.xoffset >= GetBlobSize(image)) ++ if (header.xoffset >= header.pixmap_width) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + switch (header.visual_class) { + case StaticGray: +@@ -290,10 +290,11 @@ static Image *ReadXWDImage(const ImageIn + ximage->red_mask=header.red_mask; + ximage->green_mask=header.green_mask; + ximage->blue_mask=header.blue_mask; +- if ((ximage->width < 0) || (ximage->height < 0) || (ximage->depth < 0) || +- (ximage->format < 0) || (ximage->byte_order < 0) || +- (ximage->bitmap_bit_order < 0) || (ximage->bitmap_pad < 0) || +- (ximage->bytes_per_line < 0)) ++ if ((ximage->depth < 0) || (ximage->format < 0) || (ximage->xoffset < 0) || ++ (ximage->width < 0) || (ximage->height < 0) || (ximage->bitmap_pad < 0) || ++ (ximage->bytes_per_line < 0) || (ximage->byte_order < 0) || ++ (ximage->bitmap_unit < 0) || (ximage->bitmap_bit_order < 0) || ++ (ximage->bits_per_pixel < 0)) + { + ximage=(XImage *) RelinquishMagickMemory(ximage); + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); +@@ -629,7 +630,6 @@ ModuleExport size_t RegisterXWDImage(voi + entry->encoder=(EncodeImageHandler *) WriteXWDImage; + #endif + entry->magick=(IsImageFormatHandler *) IsXWD; +- entry->seekable_stream=MagickTrue; + entry->adjoin=MagickFalse; + entry->description=ConstantString("X Windows system window dump (color)"); + entry->module=ConstantString("XWD"); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-15140.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-15140.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-15140.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-15140.patch 2019-11-11 18:56:52.000000000 +0000 @@ -0,0 +1,43 @@ +Backport of: + +From 5caef6e97f3f575cf7bea497865a4c1e624b8010 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 27 Apr 2019 08:32:39 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1554 + +--- + coders/mat.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/coders/mat.c ++++ b/coders/mat.c +@@ -691,9 +691,11 @@ static Image *ReadMATImage(const ImageIn + MATLAB_KO: ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + + filepos = TellBlob(image); +- while(!EOFBlob(image)) /* object parser loop */ ++ while(filepos < GetBlobSize(image) && !EOFBlob(image)) /* object parser loop */ + { + Frames = 1; ++ if(filepos > GetBlobSize(image) || filepos < 0) ++ break; + (void) SeekBlob(image,filepos,SEEK_SET); + /* printf("pos=%X\n",TellBlob(image)); */ + +@@ -701,6 +703,8 @@ MATLAB_KO: ThrowReaderException(CorruptI + if(EOFBlob(image)) break; + MATLAB_HDR.ObjectSize = ReadBlobXXXLong(image); + if(EOFBlob(image)) break; ++ if((MagickSizeType) (MATLAB_HDR.ObjectSize+filepos) >= GetBlobSize(image)) ++ goto MATLAB_KO; + filepos += MATLAB_HDR.ObjectSize + 4 + 4; + + clone_info=CloneImageInfo(image_info); +@@ -915,6 +919,7 @@ RestoreMSCWarning + { + if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), + " MAT cannot read scanrow %u from a file.", (unsigned)(MATLAB_HDR.SizeY-i-1)); ++ ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); + goto ExitLoop; + } + if((CellType==miINT8 || CellType==miUINT8) && (MATLAB_HDR.StructureFlag & FLAG_LOGICAL)) diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-16708.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-16708.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-16708.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-16708.patch 2019-11-11 18:56:54.000000000 +0000 @@ -0,0 +1,23 @@ +From 13801f5d0bd7a6fdb119682d34946636afdb2629 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Wed, 27 Mar 2019 14:22:00 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1531 + +--- + magick/xwindow.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/magick/xwindow.c ++++ b/magick/xwindow.c +@@ -298,6 +298,11 @@ MagickExport void DestroyXResources(void + (void) XFreePixmap(windows->display,magick_windows[i]->shadow_stipple); + magick_windows[i]->shadow_stipple=(Pixmap) NULL; + } ++ if (magick_windows[i]->matte_image != (XImage *) NULL) ++ { ++ XDestroyImage(magick_windows[i]->matte_image); ++ magick_windows[i]->matte_image=(XImage *) NULL; ++ } + if (magick_windows[i]->ximage != (XImage *) NULL) + { + XDestroyImage(magick_windows[i]->ximage); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-16710.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-16710.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-16710.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-16710.patch 2019-11-11 18:56:56.000000000 +0000 @@ -0,0 +1,23 @@ +From 80deac0626d2d69e1da836d7d893db1e022b10fc Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Tue, 26 Mar 2019 16:36:30 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1528 + +--- + coders/dot.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/coders/dot.c ++++ b/coders/dot.c +@@ -129,7 +129,10 @@ static Image *ReadDOTImage(const ImageIn + image=AcquireImage(image_info); + status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); + if (status == MagickFalse) +- return((Image *) NULL); ++ { ++ image=DestroyImageList(image); ++ return((Image *) NULL); ++ } + read_info=CloneImageInfo(image_info); + SetImageInfoBlob(read_info,(void *) NULL,0); + (void) CopyMagickString(read_info->magick,"SVG",MaxTextExtent); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-16711.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-16711.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-16711.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-16711.patch 2019-11-11 17:59:32.000000000 +0000 @@ -0,0 +1,36 @@ +From 448f301a781405a45717bb53578475de06df973a Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Thu, 11 Apr 2019 07:36:54 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1542 + +--- + coders/ps2.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/coders/ps2.c ++++ b/coders/ps2.c +@@ -202,19 +202,19 @@ static MagickBooleanType Huffman2DEncode + unsigned char + *group4; + +- status=MagickTrue; +- write_info=CloneImageInfo(image_info); +- (void) CopyMagickString(write_info->filename,"GROUP4:",MaxTextExtent); +- (void) CopyMagickString(write_info->magick,"GROUP4",MaxTextExtent); + group4_image=CloneImage(inject_image,0,0,MagickTrue,&image->exception); + if (group4_image == (Image *) NULL) + return(MagickFalse); ++ write_info=CloneImageInfo(image_info); ++ (void) CopyMagickString(write_info->filename,"GROUP4:",MaxTextExtent); ++ (void) CopyMagickString(write_info->magick,"GROUP4",MaxTextExtent); + group4=(unsigned char *) ImageToBlob(write_info,group4_image,&length, + &image->exception); ++ write_info=DestroyImageInfo(write_info); + group4_image=DestroyImage(group4_image); + if (group4 == (unsigned char *) NULL) + return(MagickFalse); +- write_info=DestroyImageInfo(write_info); ++ status=MagickTrue; + if (WriteBlob(image,length,group4) != (ssize_t) length) + status=MagickFalse; + group4=(unsigned char *) RelinquishMagickMemory(group4); diff -Nru imagemagick-6.8.9.9/debian/patches/CVE-2019-16713.patch imagemagick-6.8.9.9/debian/patches/CVE-2019-16713.patch --- imagemagick-6.8.9.9/debian/patches/CVE-2019-16713.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/CVE-2019-16713.patch 2019-11-11 18:57:00.000000000 +0000 @@ -0,0 +1,40 @@ +From 6954a3f7f1bf1dad417260c5965f2c30a64fa25e Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sun, 28 Apr 2019 10:32:34 +0200 +Subject: [PATCH] Fixed memory leak reported in #1558 and fixed other leak. + +--- + coders/dot.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +--- a/coders/dot.c ++++ b/coders/dot.c +@@ -129,10 +129,7 @@ static Image *ReadDOTImage(const ImageIn + image=AcquireImage(image_info); + status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); + if (status == MagickFalse) +- { +- image=DestroyImageList(image); +- return((Image *) NULL); +- } ++ return(DestroyImageList(image)); + read_info=CloneImageInfo(image_info); + SetImageInfoBlob(read_info,(void *) NULL,0); + (void) CopyMagickString(read_info->magick,"SVG",MaxTextExtent); +@@ -147,7 +144,7 @@ static Image *ReadDOTImage(const ImageIn + if (graph == (graph_t *) NULL) + { + (void) RelinquishUniqueFileResource(read_info->filename); +- return ((Image *) NULL); ++ return(DestroyImageList(image)); + } + option=GetImageOption(image_info,"dot:layout-engine"); + if (option == (const char *) NULL) +@@ -157,6 +154,7 @@ static Image *ReadDOTImage(const ImageIn + gvRenderFilename(graphic_context,graph,(char *) "svg",read_info->filename); + gvFreeLayout(graphic_context,graph); + agclose(graph); ++ image=DestroyImageList(image); + /* + Read SVG graph. + */ diff -Nru imagemagick-6.8.9.9/debian/patches/series imagemagick-6.8.9.9/debian/patches/series --- imagemagick-6.8.9.9/debian/patches/series 2019-06-14 19:25:29.000000000 +0000 +++ imagemagick-6.8.9.9/debian/patches/series 2019-11-11 18:52:25.000000000 +0000 @@ -387,3 +387,37 @@ CVE-2019-11597-3.patch CVE-2019-11598-1.patch CVE-2019-11598-2.patch +CVE-2019-12974.patch +CVE-2019-12975-1.patch +CVE-2019-12975-2.patch +CVE-2019-12976.patch +CVE-2019-12977.patch +CVE-2019-12978.patch +CVE-2019-12979.patch +CVE-2019-13135.patch +CVE-2019-13137.patch +CVE-2019-13295.patch +CVE-2019-13297.patch +CVE-2019-13300-pre0.patch +CVE-2019-13300-pre1.patch +CVE-2019-13300.patch +CVE-2019-13301.patch +CVE-2019-13304-pre1.patch +CVE-2019-13304-1.patch +CVE-2019-13304-2.patch +CVE-2019-13305-1.patch +CVE-2019-13305-2.patch +CVE-2019-13307-1.patch +CVE-2019-13307-2.patch +CVE-2019-13307-3.patch +CVE-2019-13309.patch +CVE-2019-13311.patch +CVE-2019-13454.patch +CVE-2019-14981.patch +CVE-2019-15139-1.patch +CVE-2019-15139-2.patch +CVE-2019-15140.patch +CVE-2019-16708.patch +CVE-2019-16710.patch +CVE-2019-16711.patch +CVE-2019-16713.patch