-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 27 Jul 2009 12:49:27 -0300 Source: imagemagick Binary: perlmagick libmagick9 libmagick9-dev imagemagick libmagick++9-dev libmagick++9c2a Architecture: source i386 Version: 7:6.2.4.5.dfsg1-0.15+etch1 Distribution: oldstable-security Urgency: high Maintainer: Ryuichi Arafune <arafune@debian.org> Changed-By: Luciano Bello <luciano@debian.org> Description: imagemagick - Image manipulation programs libmagick++9-dev - The object-oriented C++ API to the ImageMagick library--developme libmagick++9c2a - The object-oriented C++ API to the ImageMagick library libmagick9 - Image manipulation library libmagick9-dev - Image manipulation library -- development perlmagick - A perl interface to the libMagick graphics routines Closes: 412945 418057 444267 530838 Changes: imagemagick (7:6.2.4.5.dfsg1-0.15+etch1) oldstable-security; urgency=high . * Non-maintainer upload. * Fix various crashes on malformed input, including CVE-2007-1797, CVE-2007-1667, CVE-2008-1096 and CVE-2008-1097. Closes: #418057, #412945 * Fix multiple vulnerabilities in imagemagick. (It's a port of the diff between these tags of the SCM: debian_version_6_2_4_5_dfsg1-2 and debian_version_6_2_4_5_dfsg1-1). Closes: #444267 + magick/memory.c,magick/memory_.h,magick/methods.h: Add new allocator wrapper AcquireQuantumMemory() to prevent potential integer overflows. Backport from upstream version 6.3.5.9. + magick/image.c: Backport new implementation of SetImageExtent() from upstream version 6.3.5.9. + coders/dcm.c,coders/xcf.c: Fix integer overflow in DCM and XCF coders. (CVE-2007-4985) Backport of upstream patch from version 6.3.5.9. + coders/dcm.c,coders/dib.c,coders/xbm.c,coders/xcf.c,coders/xwd.c: Fix multiple integer overflows in DCM, DIB, XBM, XCF, and XWD coders. (CVE-2007-4986 and CVE-2007-4988) Based on upstream patch from version 6.3.5.9. + magick/blob.c: Fix fencepost error in ReadBlobString() (CVE-2007-4987) Backport of upstream patch from version 6.3.5.9. + coders/dib.c: Ensure positive value for image rows and columns. Based on upstream patch from version 6.3.5.9. + All of the above patches have been derived from backports supplied by Jonathan Smith. * Apply upstream patch to fix integer overflow in XMakeImage() (CVE-2009-1882). Closes: #530838 Files: 6c8ffe1f0d0efab6652070aabd8fab8d 958 graphics optional imagemagick_6.2.4.5.dfsg1-0.15+etch1.dsc cbb51d6956c6dd68f7dfaa068d0b416b 5202678 graphics optional imagemagick_6.2.4.5.dfsg1-0.15+etch1.tar.gz 1e40ed75296c5446e7f827662cb2490a 745936 graphics optional imagemagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb 73e5155f242af1d2d16e2e4458d9539f 1299682 libs optional libmagick9_6.2.4.5.dfsg1-0.15+etch1_i386.deb fe033745104b08e6ac962a1eef3332f7 1640482 libdevel optional libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb 87d4d44a22cfed4283420a0d58b33c20 179658 libs optional libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_i386.deb 8b431753808c82a4b4b537aa964dd558 229176 libdevel optional libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb 64b62cf6a14fdb016f2175d2f2944977 170978 perl optional perlmagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpvJZEACgkQQWTRs4lLtHnS1gCfUC1Xq12tKsYMdnHR5Y1VCYEw UKAAoJ8On51YsFaz2hcHTj4k4SvjkePt =GSZN -----END PGP SIGNATURE----- Accepted: imagemagick_6.2.4.5.dfsg1-0.15+etch1.dsc to main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.dsc imagemagick_6.2.4.5.dfsg1-0.15+etch1.tar.gz to main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.tar.gz imagemagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb to main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb to main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_i386.deb to main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_i386.deb libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb to main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb libmagick9_6.2.4.5.dfsg1-0.15+etch1_i386.deb to main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_i386.deb perlmagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb to main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb