-
imagemagick (8:6.7.7.10-2ubuntu4.2) quantal-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via psd
images processing rle decoding buffer overflow
- debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
- CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
crafted restart markers
- debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
coders/psd.c.
- CVE-2014-2030
-- Marc Deslauriers <email address hidden> Thu, 06 Mar 2014 11:20:37 -0500
-
imagemagick (8:6.7.7.10-2ubuntu4.1) quantal-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution in GIF
image comment decoding (LP: #1218248)
- debian/patches/CVE-2013-4298.patch: properly handle comments in
coders/gif.c.
- CVE-2013-4298
-- Marc Deslauriers <email address hidden> Mon, 09 Sep 2013 14:59:39 -0400
-
imagemagick (8:6.7.7.10-2ubuntu4) quantal; urgency=low
* SECURITY UPDATE: denial of service via large resource consumption
- debian/patches/CVE-2012-3437.patch: always use correct size argument
with libpng memory allocation
- CVE-2012-3437
-- Jamie Strandboge <email address hidden> Fri, 17 Aug 2012 09:31:02 -0500
-
imagemagick (8:6.7.7.10-2ubuntu3) quantal; urgency=low
* debian/control, debian/rules:
- Don't use graphicmagick's convert executable just to convert our
svg into a menu xpm. Instead, run the convert we build.
-- Michael Terry <email address hidden> Tue, 10 Jul 2012 14:00:56 -0400
-
imagemagick (8:6.7.7.10-2ubuntu2) quantal; urgency=low
* debian/control:
- Depend on fftw3-dev, not fftw-dev. fftw-dev is very old and not in
main, like fftw3-dev is. Plus, imagemagick doesn't even check for
fftw2, it only can use fftw3.
-- Michael Terry <email address hidden> Tue, 10 Jul 2012 12:45:07 -0400
-
imagemagick (8:6.7.7.10-2ubuntu1) quantal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make ufraw-batch (universe) a suggestion instead of a recommendation.
- Don't set MAKEFLAGS in debian/rules; just pass it to the build.
* debian/control:
- Build-Depend on libtiff5-dev instead of libtiff-dev
-- Michael Terry <email address hidden> Tue, 10 Jul 2012 11:21:50 -0400
-
imagemagick (8:6.6.9.7-5ubuntu3.1) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
malformed ResolutionUnit or IOP tags.
- debian/patches/CVE-2012-0247.patch: properly calculate
lengths and sizes in magick/{profile,property}.c.
- CVE-2012-0247
- CVE-2012-0248
- CVE-2012-1185
- CVE-2012-1186
* SECURITY UPDATE: denial of service and possible code execution via
EXIF tags.
- debian/patches/CVE-2012-0259.patch: don't copy invalid memory in
coders/tiff.c, properly initialize buffers in magick/property.c.
- CVE-2012-0259
- CVE-2012-1798
* SECURITY UPDATE: denial of service and possible code execution via
JPEG EXIF integer overflow.
- debian/patches/CVE-2012-1610.patch: check number of bytes in
magick/{profile,property}.c.
- CVE-2012-1610
-- Marc Deslauriers <email address hidden> Wed, 25 Apr 2012 10:22:49 -0400
-
imagemagick (8:6.6.9.7-5ubuntu3) precise; urgency=low
* 0006-rsvg-convert.patch: upstream removed the rsvg command from
librsvg2-bin, use rsvg-convert instead (LP: #929573)
-- Scott Howard <email address hidden> Fri, 17 Feb 2012 12:39:05 +0200
