imagemagick 8:6.7.7.10-6ubuntu3.13 source package in Ubuntu

Changelog

imagemagick (8:6.7.7.10-6ubuntu3.13) trusty-security; urgency=medium

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution vulnerabilities in ghostscript as
    invoked by imagemagick
    - debian/patches/200-disable-ghostscript-formats.patch: disable
      ghostscript handled types by default in policy.xml
  * SECURITY UPDATE: information leak in ReadXBMImage
    - debian/patches/CVE-2018-16323.patch: don't leave data
      uninitialized with negative pixels
    - CVE-2018-16323
  * SECURITY UPDATE: memory leak of colormap in WriteMPCImage
    - debian/patches/CVE-2018-14434.patch: free colormap on bad
      color depth
    - CVE-2018-14434
  * SECURITY UPDATE: memory leak in DecodeImage
    - debian/patches/CVE-2018-14435.patch: free memory when given a
      bad plane
    - CVE-2018-14435
  * SECURITY UPDATE: memory leak in ReadMIFFImage
    - debian/patches/CVE-2018-14436.patch: free memory when given a bad
      depth
    - CVE-2018-14436
  * SECURITY UPDATE: memory leak in parse8BIM
    - debian/patches/CVE-2018-14437-prereq.patch: check for negative
      values
    - debian/patches/CVE-2018-14437.patch: free strings in error
      conditions
    - CVE-2018-14437
  * SECURITY UPDATE: memory leak in ReadOneJNGImage
    - debian/patches/CVE-2018-16640-prereq-1.patch: define DestroyJNG()
    - debian/patches/CVE-2018-16640-prereq-2.patch: fix DestroyJNG()
    - debian/patches/CVE-2018-16640.patch: free memory on error
    - CVE-2018-16640
  * SECURITY UPDATE: denial of service due to out-of-bounds write
    in InsertRow
    - debian/patches/CVE-2018-16642.patch: improve checking for errors
    - CVE-2018-16642
  * SECURITY UPDATE: denial of service due to missing fputc checks
    - debian/patches/CVE-2018-16643.patch: check fputc calls for error
    - CVE-2018-16643
  * SECURITY UPDATE: denial of service in ReadDCMImage and
    ReadPICTImage
    - debian/patches/CVE-2018-16644-prereq-1.patch: make
      ReadRectangle() a boolean returning function and use it.
    - debian/patches/CVE-2018-16644-prereq-2.patch: check for EOF
      when reading from file
    - debian/patches/CVE-2018-16644-prereq-3.patch: define
      ThrowPICTException() macro and use it
    - debian/patches/CVE-2018-16644-1.patch,
      debian/patches/CVE-2018-16644-2.patch: check for invalid length
    - CVE-2018-16644
  * SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage
    - debian/patches/CVE-2018-16645.patch: ensure number_colors is
      not too large
    - CVE-2018-16645
  * SECURITY UPDATE: denial of service in ReadOneJNGImage
    - debian/patches/CVE-2018-16749.patch; check for NULL color_image
    - CVE-2018-16749
  * SECURITY UPDATE: memory leak in formatIPTCfromBuffer
    - debian/patches/CVE-2018-16750.patch: free memory on error
    - CVE-2018-16750

  [ Marc Deslauriers ]
  * SECURITY REGRESSION: segfault in png to gif conversion (LP: #1793485)
    - debian/patches/0297-CVE-2017-13144.patch: removed pending further
      investigation.
    - debian/patches/CVE-2017-12430.patch: refreshed.

 -- Steve Beattie <email address hidden>  Fri, 28 Sep 2018 11:21:01 -0700

Upload details

Uploaded by:
Steve Beattie on 2018-09-28
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
graphics
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Trusty updates on 2018-10-04 main graphics
Trusty security on 2018-10-04 main graphics

Downloads

File Size SHA-256 Checksum
imagemagick_6.7.7.10.orig.tar.bz2 10.0 MiB 05fb23824b1c90ac35259715c94c65fb5cda6969eb597a7637762d8cf3998fda
imagemagick_6.7.7.10-6ubuntu3.13.debian.tar.bz2 275.5 KiB f2a6f862793a73c4071aaefb03efcb2d661c7a73d7d5085f7282c8486040928a
imagemagick_6.7.7.10-6ubuntu3.13.dsc 3.2 KiB b0cabfb45c4b86f52956dee45253d3f2d387399d5b3dbae49e7afdee26b67c36

View changes file

Binary packages built by this source

imagemagick: image manipulation programs

 ImageMagick is a software suite to create, edit, and compose bitmap images.
 It can read, convert and write images in a variety of formats (over 100)
 including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,
 SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,
 shear and transform images, adjust image colors, apply various special
 effects, or draw text, lines, polygons, ellipses and Bézier curves.
 All manipulations can be achieved through shell commands as well as through
 an X11 graphical interface (display).

imagemagick-common: image manipulation programs -- infrastructure

 imagemagick-common contains the filesystem infrastructure required for
 further installation of imagemagick in any configuration; it does not provide
 a full installation of binaries, libraries, and utilities
 required to run imagemagick.

imagemagick-dbg: debugging symbols for ImageMagick

 This package contains the debugging symbols for ImageMagick, a software suite
 to create, edit, and compose bitmap images.

imagemagick-dbgsym: debug symbols for package imagemagick

 ImageMagick is a software suite to create, edit, and compose bitmap images.
 It can read, convert and write images in a variety of formats (over 100)
 including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,
 SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,
 shear and transform images, adjust image colors, apply various special
 effects, or draw text, lines, polygons, ellipses and Bézier curves.
 All manipulations can be achieved through shell commands as well as through
 an X11 graphical interface (display).

imagemagick-doc: document files of ImageMagick

 This package contains the document files shipped with ImageMagick, a software
 suite to create, edit, and compose bitmap images.

libmagick++-dev: object-oriented C++ interface to ImageMagick - development files

 This package includes header files and static libraries needed to compile
 programs using Magick++.

libmagick++-dev-dbgsym: debug symbols for package libmagick++-dev

 This package includes header files and static libraries needed to compile
 programs using Magick++.

libmagick++5: object-oriented C++ interface to ImageMagick

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package contains the C++ libraries needed to run executables that make
 use of libMagick++.

libmagick++5-dbgsym: debug symbols for package libmagick++5

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package contains the C++ libraries needed to run executables that make
 use of libMagick++.

libmagickcore-dev: low-level image manipulation library - development files

 This package includes header files and static libraries needed to compile
 programs using MagickCore.

libmagickcore-dev-dbgsym: debug symbols for package libmagickcore-dev

 This package includes header files and static libraries needed to compile
 programs using MagickCore.

libmagickcore5: low-level image manipulation library

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickCore.

libmagickcore5-dbgsym: debug symbols for package libmagickcore5

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickCore.

libmagickcore5-extra: low-level image manipulation library - extra codecs

 This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to
 MagickCore.

libmagickcore5-extra-dbgsym: debug symbols for package libmagickcore5-extra

 This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to
 MagickCore.

libmagickwand-dev: image manipulation library - development files

 This package includes header files and static libraries needed to compile
 programs using MagickWand.

libmagickwand-dev-dbgsym: debug symbols for package libmagickwand-dev

 This package includes header files and static libraries needed to compile
 programs using MagickWand.

libmagickwand5: image manipulation library

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickWand.

libmagickwand5-dbgsym: debug symbols for package libmagickwand5

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickWand.

perlmagick: Perl interface to the ImageMagick graphics routines

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.

perlmagick-dbgsym: debug symbols for package perlmagick

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.