imagemagick 6:6.2.3.4-1ubuntu1.1 source package in Ubuntu
Changelog
imagemagick (6:6.2.3.4-1ubuntu1.1) breezy-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution with malicious file names.
* Patch taken from Debian upload, thanks to Daniel Kobras.
* magick/{animate.c,blob.c,display.c,image.c,log.c,montage.c,string.c,
string_.h}: Implement new utility function FormatMagickStringNumeric()
to securely expand a user-supplied format string with a single numeric
argument. Adjust code to use this function where appropriate.
(CVE-2006-0082) Closes: #345876
* coders/pdf.c,coders/ps.c,magick/delegate.c,magick/delegate.h,
magick/methods.h: Do not call external delegates with user-supplied
filename, but with securely named symlinks only to prevent shell command
injection (CVE-2005-4601). Closes: #345238
* magick/display.c: In DisplayImageCommand(), expand command line before
allocating ressources based on argc. Patch and analysis thanks to
Eero Häkkinen. Closes: #345595
-- Martin Pitt <email address hidden> Tue, 24 Jan 2006 13:34:59 +0000
Upload details
- Uploaded by:
- Ubuntu Archive Auto-Sync
- Uploaded to:
- Breezy
- Original maintainer:
- Ryuichi Arafune
- Architectures:
- any
- Section:
- graphics
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| imagemagick_6.2.3.4-1ubuntu1.1.dsc | 899 bytes | c351a43802e897acfbe57ae07e5dd2b3c1f76371675b50533676857f5ab49563 |
| imagemagick_6.2.3.4.orig.tar.gz | 5.5 MiB | 5672ae3cec9d7be49ec5430dba9a5af058291dc75c9b736be0019faabb9ffe58 |
| imagemagick_6.2.3.4-1ubuntu1.1.diff.gz | 138.4 KiB | f6487becbfc8d9805414914485a39c0b8f24857e05b7402c387ddc92b1ac9fe8 |
No changes file available.
Binary packages built by this source
- imagemagick: No summary available for imagemagick in ubuntu breezy.
No description available for imagemagick in ubuntu breezy.
- libmagick++6-dev: No summary available for libmagick++6-dev in ubuntu breezy.
No description available for libmagick++6-dev in ubuntu breezy.
- libmagick++6c2: No summary available for libmagick++6c2 in ubuntu breezy.
No description available for libmagick++6c2 in ubuntu breezy.
- libmagick6: No summary available for libmagick6 in ubuntu breezy.
No description available for libmagick6 in ubuntu breezy.
- libmagick6-dev: No summary available for libmagick6-dev in ubuntu breezy.
No description available for libmagick6-dev in ubuntu breezy.
- perlmagick: No summary available for perlmagick in ubuntu breezy.
No description available for perlmagick in ubuntu breezy.
