Change logs for imagemagick source package in Hardy

  • imagemagick (7: hardy-security; urgency=low
      * SECURITY UPDATE: arbitrary code execution via config files in the
        current directory.
        - debian/patches/CVE-2010-4167.patch: don't read config files from
          the current directory for the "installed" version.
        - CVE-2010-4167
     -- Marc Deslauriers <email address hidden>   Thu, 02 Dec 2010 15:08:44 -0500
  • imagemagick (7: hardy-security; urgency=low
      * SECURITY UPDATE: integer overflow via crafted TIFF image
        - debian/patches/CVE-2009-1882.patch: adjust xwindow.c, display.c and
          animate.c to verify width and length
        - CVE-2009-1882
     -- Jamie Strandboge <email address hidden>   Thu, 04 Jun 2009 12:54:55 -0500
  • imagemagick (7: hardy; urgency=low
      * Merge from debian unstable, remaining changes:
        - Magick++/lib/Geometry.cpp: build fix for g++-4.3.
        - debian/control: Ubuntu maintainer address.
    imagemagick (7: unstable; urgency=low
      * Upload to unstable;
      * Disable HDRI (Closes: #465526). Thanks to Lucas Nussbaum!
    imagemagick (7: experimental; urgency=low
      * New upstream release (Closes: #339776, #420672, #454809)
        - fixed wrong image size when using montage (Closes: #357013);
        - fixed support for "fixed" font (Closes: #370309);
        - convert doesn't output grayscale images when using -colors switch
          (Closes: #325828);
        - using a percent sign on a montage label doesn't create a wrong label
          anymore (Closes: #330115);
        - fixed "identify -list format" (Closes: #337192);
        - fixed composite (Closes: #338109);
        - deffered LZW GIFs are handled correctly (Closes: #340553);
        - display doesn't ignore alpha channel on PNG files anymore
          (Closes: #352748);
        - aspect ratio is preserved when using convert (Closes: #396956);
        - fixed PS to PDF conversion (Closes: #419410);
        - fixed SVG conversion (Closes: #435903);
        - using -trim and -resize together doesn't produce incorrect images
          anymore (Closes: #444058);
        - "convert -list" doesn't result in glibc malloc failure (Closes: #326566);
        - mogrify doesn't end silently with read only files (Closes: #292520);
        - identify correctly displays the bit depth of an image (Closes: #391983);
        - identify correctly reads files with a colon (Closes: #188834);
        - fixed typo in composite manpage (Closes: #366499);
        - doesn't fail when converting texts (Closes: #361141);
        - fixed conversion of a PNG with transparency to a JPG, using -background
          and -flatten (Closes: #358676);
        - doesn't FTBFS with GCC/G++ 4.3 (Closes: #441538);
      * Enabled DjVu support
      * Acknowledge NMUs (Closes: #394923, #400939, #348576, #245960)
      [ Luciano Bello ]
      * The 'lets start again' release.
      * Quilt implemented.
        - manpages.patch: Replaced 'SEE-ALSO' for 'SEE ALSO' in the manpages.
          Registered input character replaced.
      [ Nelson A. de Oliveira ]
      * Added watch file
      * debian/rules: Fixed "debian rules ignores make clean error"
      * debian/control:
        - replaced deprecated ${Source-Version} by ${binary:Version}
        - added Homepage field
        - added Vcs-Svn and Vcs-Browser
      * debian/compat: updated to debhelper compatibility level 5
      * Updated menu file
      * Updated Standards Version to 3.7.3
      * Included myself to Uploaders field
      [ Daniel Kobras ]
      * debian/*.{preinst,postinst,prerm}: Removed. Dedicated checks are obsolete
        by now, rest is handled automatically via debhelper these days.
      * debian/control: Prune all references to packages that predate oldstable.
      * debian/control: Move Suggests for delegate packages from imagemagick to
      * debian/control: Follow renaming of package gs to ghostscript, promote
        from Suggests to Recommends, and also recommend gsfonts.
      * debian/control: Update graphviz (build-)dependency to libgraphviz-dev.
      * debian/copyright: Update with recent minor changes of upstream license.
      * debian/ Add hack to make 'display' work without a
        controlling tty.
      * debian/rules: Consistently use $(CURDIR) rather than `pwd` to keep all
        buildds equally happy.
      * debian/upgrade-checklist.txt: Do not rename -dev packages, but provide a
        list of C API changes between successive Debian releases.
      * debian/patches/add_dfsg_free_logo.patch: Add dummy logo in place of
        original logo that does not meet the DFSG, and therefore gets removed
        from upstream tarball. Patch converted to quilt format from previous
     -- Kees Cook <email address hidden>   Wed, 13 Feb 2008 11:34:24 -0800
  • imagemagick (7: gutsy; urgency=low
      * Merge with Debian unstable for CVE fixes.  Remaining changes:
        - Magick++/lib/Geometry.cpp: build fix for g++-4.3.
        - debian/control: Ubuntu maintainer address.
    imagemagick (7: unstable; urgency=high
      * Fix multiple vulnerabilities in imagemagick. Closes: #444267
        + magick/memory.c,magick/memory_.h,magick/methods.h: Add new allocator
          wrapper AcquireQuantumMemory() to prevent potential integer overflows.
          Backport from upstream version
        + magick/image.c: Backport new implementation of SetImageExtent() from
          upstream version
        + coders/dcm.c,coders/xcf.c: Fix integer overflow in DCM and XCF coders.
          (CVE-2007-4985) Backport of upstream patch from version
        + coders/dcm.c,coders/dib.c,coders/xbm.c,coders/xcf.c,coders/xwd.c:
          Fix multiple integer overflows in DCM, DIB, XBM, XCF, and XWD coders.
          (CVE-2007-4986 and CVE-2007-4988) Based on upstream patch from
        + magick/blob.c: Fix fencepost error in ReadBlobString()
          (CVE-2007-4987) Backport of upstream patch from version
        + coders/dib.c: Ensure positive value for image rows and columns.
          Based on upstream patch from version
        + All of the above patches have been derived from backports supplied by
          Jonathan Smith.
     -- Kees Cook <email address hidden>   Tue, 02 Oct 2007 14:15:13 -0700