-
imagemagick (7:6.3.7.9.dfsg1-2ubuntu1.2) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via config files in the
current directory.
- debian/patches/CVE-2010-4167.patch: don't read config files from
the current directory for the "installed" version.
- CVE-2010-4167
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2010 15:08:44 -0500
-
imagemagick (7:6.3.7.9.dfsg1-2ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: integer overflow via crafted TIFF image
- debian/patches/CVE-2009-1882.patch: adjust xwindow.c, display.c and
animate.c to verify width and length
- CVE-2009-1882
-- Jamie Strandboge <email address hidden> Thu, 04 Jun 2009 12:54:55 -0500
-
imagemagick (7:6.3.7.9.dfsg1-2ubuntu1) hardy; urgency=low
* Merge from debian unstable, remaining changes:
- Magick++/lib/Geometry.cpp: build fix for g++-4.3.
- debian/control: Ubuntu maintainer address.
imagemagick (7:6.3.7.9.dfsg1-2) unstable; urgency=low
* Upload to unstable;
* Disable HDRI (Closes: #465526). Thanks to Lucas Nussbaum!
imagemagick (7:6.3.7.9.dfsg1-1) experimental; urgency=low
* New upstream release (Closes: #339776, #420672, #454809)
- fixed wrong image size when using montage (Closes: #357013);
- fixed support for "fixed" font (Closes: #370309);
- convert doesn't output grayscale images when using -colors switch
(Closes: #325828);
- using a percent sign on a montage label doesn't create a wrong label
anymore (Closes: #330115);
- fixed "identify -list format" (Closes: #337192);
- fixed composite (Closes: #338109);
- deffered LZW GIFs are handled correctly (Closes: #340553);
- display doesn't ignore alpha channel on PNG files anymore
(Closes: #352748);
- aspect ratio is preserved when using convert (Closes: #396956);
- fixed PS to PDF conversion (Closes: #419410);
- fixed SVG conversion (Closes: #435903);
- using -trim and -resize together doesn't produce incorrect images
anymore (Closes: #444058);
- "convert -list" doesn't result in glibc malloc failure (Closes: #326566);
- mogrify doesn't end silently with read only files (Closes: #292520);
- identify correctly displays the bit depth of an image (Closes: #391983);
- identify correctly reads files with a colon (Closes: #188834);
- fixed typo in composite manpage (Closes: #366499);
- doesn't fail when converting texts (Closes: #361141);
- fixed conversion of a PNG with transparency to a JPG, using -background
and -flatten (Closes: #358676);
- doesn't FTBFS with GCC/G++ 4.3 (Closes: #441538);
* Enabled DjVu support
* Acknowledge NMUs (Closes: #394923, #400939, #348576, #245960)
[ Luciano Bello ]
* The 'lets start again' release.
* Quilt implemented.
- manpages.patch: Replaced 'SEE-ALSO' for 'SEE ALSO' in the manpages.
Registered input character replaced.
[ Nelson A. de Oliveira ]
* Added watch file
* debian/rules: Fixed "debian rules ignores make clean error"
* debian/control:
- replaced deprecated ${Source-Version} by ${binary:Version}
- added Homepage field
- added Vcs-Svn and Vcs-Browser
* debian/compat: updated to debhelper compatibility level 5
* Updated menu file
* Updated Standards Version to 3.7.3
* Included myself to Uploaders field
[ Daniel Kobras ]
* debian/*.{preinst,postinst,prerm}: Removed. Dedicated checks are obsolete
by now, rest is handled automatically via debhelper these days.
* debian/control: Prune all references to packages that predate oldstable.
* debian/control: Move Suggests for delegate packages from imagemagick to
libmagick10.
* debian/control: Follow renaming of package gs to ghostscript, promote
from Suggests to Recommends, and also recommend gsfonts.
* debian/control: Update graphviz (build-)dependency to libgraphviz-dev.
* debian/copyright: Update with recent minor changes of upstream license.
* debian/imagemagick.menu: Add hack to make 'display' work without a
controlling tty.
* debian/rules: Consistently use $(CURDIR) rather than `pwd` to keep all
buildds equally happy.
* debian/upgrade-checklist.txt: Do not rename -dev packages, but provide a
list of C API changes between successive Debian releases.
* debian/patches/add_dfsg_free_logo.patch: Add dummy logo in place of
original logo that does not meet the DFSG, and therefore gets removed
from upstream tarball. Patch converted to quilt format from previous
diff.gz.
-- Kees Cook <email address hidden> Wed, 13 Feb 2008 11:34:24 -0800
-
imagemagick (7:6.2.4.5.dfsg1-2ubuntu1) gutsy; urgency=low
* Merge with Debian unstable for CVE fixes. Remaining changes:
- Magick++/lib/Geometry.cpp: build fix for g++-4.3.
- debian/control: Ubuntu maintainer address.
imagemagick (7:6.2.4.5.dfsg1-2) unstable; urgency=high
* Fix multiple vulnerabilities in imagemagick. Closes: #444267
+ magick/memory.c,magick/memory_.h,magick/methods.h: Add new allocator
wrapper AcquireQuantumMemory() to prevent potential integer overflows.
Backport from upstream version 6.3.5.9.
+ magick/image.c: Backport new implementation of SetImageExtent() from
upstream version 6.3.5.9.
+ coders/dcm.c,coders/xcf.c: Fix integer overflow in DCM and XCF coders.
(CVE-2007-4985) Backport of upstream patch from version 6.3.5.9.
+ coders/dcm.c,coders/dib.c,coders/xbm.c,coders/xcf.c,coders/xwd.c:
Fix multiple integer overflows in DCM, DIB, XBM, XCF, and XWD coders.
(CVE-2007-4986 and CVE-2007-4988) Based on upstream patch from
version 6.3.5.9.
+ magick/blob.c: Fix fencepost error in ReadBlobString()
(CVE-2007-4987) Backport of upstream patch from version 6.3.5.9.
+ coders/dib.c: Ensure positive value for image rows and columns.
Based on upstream patch from version 6.3.5.9.
+ All of the above patches have been derived from backports supplied by
Jonathan Smith.
-- Kees Cook <email address hidden> Tue, 02 Oct 2007 14:15:13 -0700