-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 28 Nov 2016 00:30:16 -0500 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.7.7.10-5+deb7u8 Distribution: wheezy-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: imagemagick - image manipulation programs imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++5 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore5 - low-level image manipulation library libmagickcore5-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand5 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 773980 833730 833735 833744 834183 834501 836172 Changes: imagemagick (8:6.7.7.10-5+deb7u8) wheezy-security; urgency=high . [ Ben Hutchings ] * Non-maintainer upload by the LTS Team * Avoid a SEGV due to a corrupted pnm file (CVE-2014-9805) * Added missing calls to RelinquishUniqueFileResource (CVE-2014-9806) * Fix a double free in pdb coder (CVE-2014-9807) * Fix handling of corrupted dpc and xwd image (CVE-2014-9808, CVE-2014-9809) * Bail out early in case of malformed dpx file (CVE-2014-9810) * Avoid SEGV in malformed xwd file (CVE-2014-9811) * Avoid a NULL dereference in ps handling (CVE-2014-9812) * Avoid out of bound access in xwd file handling * Fix a SEGV with corrupted viff image (CVE-2014-9813) * Fix a null pointer dereference in wpg file handling (CVE-2014-9814) * Do not continue on corrupted wpg file (CVE-2014-9815) * Avoid a out of bound access in viff image (CVE-2014-9816) * Avoid a heap buffer overflow in pdb file handling (CVE-2014-9817) * Avoid an out of bound acess on malformed sun file (CVE-2014-9818) * Avoid heap overflow in palm and xpm files (CVE-2014-9819, CVE-2014-9821) * Fix heap overflow in quantum.c, palm image handling and psd image handling (CVE-2014-9822, CVE-2014-9823, CVE-2014-9824) * Do not try to read corrupted sun image (CVE-2014-9826) * Fix corrupted (too many colors) psd file (CVE-2014-9828) * Fix out of bound access in sun image handling (CVE-2014-9829) * Fix handling of corrupted sun and wpg file (CVE-2014-9830, CVE-2014-9831) * Fix heap overflow in pcx file, psd, pict and wpf files and DOS in xpm file (CVE-2014-9832, CVE-2014-9833, CVE-2014-9834, CVE-2014-9835, CVE-2014-9836) * Additional PNM sanity checks (CVE-2014-9837) * Robustify xmp and pnm reader * Detect allocation error earlier (CVE-2014-9838) * Avoid a crash in coders/rle.c * Avoid an overflow in ConstrainColormapIndex (CVE-2014-9839) * Avoid an out of bound access in palm file (CVE-2014-9840) * Fix another crash in xpm parser (Closes: #773980) * Fixed boundary checks in DecodePSDPixels (CVE-2014-9843) * Fix another out of bound problem in rle file (CVE-2014-9844) * Fix crash due to corrupted dib file (CVE-2014-9845) * Added checks to prevent overflow in rle file (CVE-2014-9846) * Impose a limit of 10 million columns or rows in an input PNG * Avoid heap overflow in rle file * Don't try to handle a "previous" image in the JNG decoder (CVE-2014-9847) * Avoid a memory leak in quantum management (CVE-2014-9848) * Avoid a crash in png coder (CVE-2014-9849) * Fix mis-applied patch for CVE-2016-3714 . [ Roberto C. Sanchez ] * Prevent buffer overflow in PDB, MAP, and CALS coders (Closes: #836172) * Avoid out of bound for malformed jpeg files (Closes: #834501) * Prevent memory use after free (Closes: #834183) * RLE check for pixel offset less than 0 (Closes: #833744) * In psd file handling fixed parsing resource block and avoid a crash (CVE-2014-9851) * Avoid a memory leak in rle file handling (CVE-2014-9853) * During identification of image do not fill memory (CVE-2014-9854) * Fix DOS due to corrupted DDS files (CVE-2014-9907) * Fix a buffer overflow and a SEGV in sun file handling (CVE-2015-8957) * Avoid a SIGABRT in sun file handling (CVE-2015-8958) * Fix a DOS for corrupted DDS file (CVE-2015-8959) * Prevent buffer overflow in magick/draw.c (CVE-2016-4562, CVE-2016-4564) * Prevent possible buffer overflow when reading TIFF images (CVE-2016-5010) * Fix out of bounds memory read for DDS files (CVE-2016-5687) * Fix out of bound access for corrupted WPG file (CVE-2016-5688) * Add additional checks to DCM reader to prevent data-driven faults (CVE-2016-5689, CVE-2016-5690, CVE-2016-5691) * Improve checking of EXIF profile to prevent integer overflow (CVE-2016-5841, CVE-2016-5842) * Prevent buffer overflow in properties reading (CVE-2016-6491) * Avoid a buffer overflow in bmp file reader (CVE-2016-6823) * Fix SGI file buffer overflow (CVE-2016-7101) * Fix an out-of-bounds read in coders/psd.c (CVE-2016-7514) * Fix rle file handling for corrupted file (CVE-2016-7515) * Fix multiple out of bounds problems in rle, pict, viff and sun files (CVE-2016-7516, CVE-2016-7517, CVE-2016-7518, CVE-2016-7519) * Fix a heap overflow in hdr file handling (CVE-2016-7520) * Fix a heap buffer overflow in psd file handling (CVE-2016-7521) * Fix an out of bound access for malformed psd file (CVE-2016-7522) * Fix a meta file out of bounds access (CVE-2016-7523, CVE-2016-7524) * Fix an out of bound access in wpg file coder (CVE-2016-7526, CVE-2016-7527) * Fix out of bound access for viff file coder (CVE-2016-7528) * Fix an out of bound access in xcf file coder (CVE-2016-7529) * Fix out of bound in quantum handling (CVE-2016-7530) * Fix a pbd file out of bound access (CVE-2016-7531) * Fix handling of corrupted psd file (CVE-2016-7532) * Fix a wpg file out of bound for corrupted file (CVE-2016-7533) * Fix an out of bound access in generic decoder (CVE-2016-7534) * Fix an out of bound access for corrupted psd file (CVE-2016-7535) * Fix a SEGV reported in corrupted profile handling (CVE-2016-7536) * Fix an out of bound access for corrupted pdb file (CVE-2016-7537) * Fix a SIGABRT for corrupted pdb file (CVE-2016-7538) * Fix potential DOS by not releasing memory (CVE-2016-7539) * Prevent buffer overflow in draw.c (Closes: #833730) * Fix loading arbitrary module from user side (Closes: #833735) Checksums-Sha1: 9a878bd6e04b4c51a65bd68c30ac10192e0e3a98 3156 imagemagick_6.7.7.10-5+deb7u8.dsc 659e36c61ff544b685816950846373ff79e199fd 186236 imagemagick_6.7.7.10-5+deb7u8.debian.tar.bz2 308269e5a3afeb394b3127e8036d9032924e8e60 289016 imagemagick_6.7.7.10-5+deb7u8_amd64.deb c997aa0b089a2bbaaab8d55f6bb2d88d5218144b 6296980 imagemagick-dbg_6.7.7.10-5+deb7u8_amd64.deb 0605ab3e5f00d80b9971f7e1d29531f5b49741b0 131510 imagemagick-common_6.7.7.10-5+deb7u8_all.deb de504a59be2a69144a77dee26196ff94754b2486 5801672 imagemagick-doc_6.7.7.10-5+deb7u8_all.deb 4782c66d0a1a994f3491ab4e321f299c4204cbe9 2112468 libmagickcore5_6.7.7.10-5+deb7u8_amd64.deb 8b3af7da74752e3c2271a051313170e3621bca76 167804 libmagickcore5-extra_6.7.7.10-5+deb7u8_amd64.deb 5b68045134f28a92dcc471eea9d19d700b2fb8de 1388570 libmagickcore-dev_6.7.7.10-5+deb7u8_amd64.deb 88bc5c5f783e700c6b4d12a0fb0c0f947c996bf8 465076 libmagickwand5_6.7.7.10-5+deb7u8_amd64.deb 676bea2453063ba1ccf920481a70baeb3eb031ba 546728 libmagickwand-dev_6.7.7.10-5+deb7u8_amd64.deb 4401e8a7469cea51e43219ee2f62c4833af8b2f6 239820 libmagick++5_6.7.7.10-5+deb7u8_amd64.deb cbd16691da3f51d63e35e0f3cac4203f6b681015 287626 libmagick++-dev_6.7.7.10-5+deb7u8_amd64.deb 82fd9f01072fa2d3565f3a8c82224884d7dbef23 258856 perlmagick_6.7.7.10-5+deb7u8_amd64.deb Checksums-Sha256: 252668269d3d09d9e1860ac8128daf94819233f1e750e65b55634a3abe884395 3156 imagemagick_6.7.7.10-5+deb7u8.dsc c6272307761dc4d5bddb111bea80e2d67e080a8d440fc82f0c0a1d849b36e4d0 186236 imagemagick_6.7.7.10-5+deb7u8.debian.tar.bz2 7103ee7d44090d21ed4ec3bd1e74bcf3317644bcd3e3bbc28f6da7b72c6083c2 289016 imagemagick_6.7.7.10-5+deb7u8_amd64.deb b269f7a885aaefc6fba137a9adf847216292176e5c382052edf15d2cad2308f0 6296980 imagemagick-dbg_6.7.7.10-5+deb7u8_amd64.deb 1605a2876b3e71ad3af8415729d71ace6246c8c8741b5947f1e5d4a2e03a2708 131510 imagemagick-common_6.7.7.10-5+deb7u8_all.deb 6ddc683d087f01b5999536464cbd4c5fd68928277038a7cd8211e2c7952707ed 5801672 imagemagick-doc_6.7.7.10-5+deb7u8_all.deb f7da7163642e38780444a252ec08ee231c333e722e04c215c972077f76dae265 2112468 libmagickcore5_6.7.7.10-5+deb7u8_amd64.deb b4b8f853f44c3a4649cabb869481f5236347799fa9c7e41ec1bc67a1835fea2e 167804 libmagickcore5-extra_6.7.7.10-5+deb7u8_amd64.deb 19a734cb4370862d96442cdfdefa5020f4c83d0627a5c9fc07898e75f433071b 1388570 libmagickcore-dev_6.7.7.10-5+deb7u8_amd64.deb e91912316976ada6619f00ee6d2d016fd1007bab029c11243c5f1d45da95ae71 465076 libmagickwand5_6.7.7.10-5+deb7u8_amd64.deb d087eeb6568c66b8238e7d270e50deeaf312a94c44e6a89be35c3398fd9e8d0b 546728 libmagickwand-dev_6.7.7.10-5+deb7u8_amd64.deb ce7aea9800609749e39417f27f1f57d8e11095bdcc16a57d568187f93084b145 239820 libmagick++5_6.7.7.10-5+deb7u8_amd64.deb da1aa860bc4ded4688b5bf3b5aac6f47f9c3f782a40910d47dc55005fe3492b3 287626 libmagick++-dev_6.7.7.10-5+deb7u8_amd64.deb f9619489a412d0e8218e6d0e0e85655b6c52721b531088d0f0964116aa00db00 258856 perlmagick_6.7.7.10-5+deb7u8_amd64.deb Files: 967740b8fc58d561ee018ade15f7f6fe 3156 graphics optional imagemagick_6.7.7.10-5+deb7u8.dsc 4de52886efb5ad2307f86dcb112e1dfa 186236 graphics optional imagemagick_6.7.7.10-5+deb7u8.debian.tar.bz2 f1b7c0059cb9d691eeba1b4780d8f8df 289016 graphics optional imagemagick_6.7.7.10-5+deb7u8_amd64.deb e1b998b3da1ef75eb8968852854c503d 6296980 debug extra imagemagick-dbg_6.7.7.10-5+deb7u8_amd64.deb a1193d4d8e43e1e2049e8cb9dd43e437 131510 graphics optional imagemagick-common_6.7.7.10-5+deb7u8_all.deb f1e203108eb5287d25148d700d39f374 5801672 doc optional imagemagick-doc_6.7.7.10-5+deb7u8_all.deb 0334e49381d9e6f0fe62a91044ed76a9 2112468 libs optional libmagickcore5_6.7.7.10-5+deb7u8_amd64.deb c281f4b34e4c293ecdee1ce0ee898cf8 167804 libs optional libmagickcore5-extra_6.7.7.10-5+deb7u8_amd64.deb 3c1d0591c1b682c46f4ec960801bbcb0 1388570 libdevel optional libmagickcore-dev_6.7.7.10-5+deb7u8_amd64.deb 0c1a54f55cb0c5be3ae3aa73b8486d8d 465076 libs optional libmagickwand5_6.7.7.10-5+deb7u8_amd64.deb 527202a7cc9153725851a2facd4c9de9 546728 libdevel optional libmagickwand-dev_6.7.7.10-5+deb7u8_amd64.deb a7ca11a51b151801ca412f3155311d3f 239820 libs optional libmagick++5_6.7.7.10-5+deb7u8_amd64.deb 0508be5c638ace76f1da30b1b5881737 287626 libdevel optional libmagick++-dev_6.7.7.10-5+deb7u8_amd64.deb eff6fff1398e58b40ca94e6227f09ab1 258856 perl optional perlmagick_6.7.7.10-5+deb7u8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJYQQNdAAoJECzXeF7dp7IPkCMP/0FIIJ58t7btsoLKOdHk+Wrg BQIDhQ2tzALcqWTwsnvpj3v/qNoGhu5uVaFwMj3EHmSM+8EQJDa369KNs5dcLuIV N9Iec48TnFfcVrIZdf73kGiesHI2PzkhiErVH8YEfHGTbJzSCU4RkTqhB4fe7Bt/ BdUBuJQj7FrhJWyEbAkQn9OpzNi5+ZIjy33fjKw24i125vh7TJwJ8+YhUqKa37I+ bgoDEebujHKHwNXuWNC6GnVqyJ1SrX2x6rlX1pifGdDmqYSXd/iIkDjIkQvKUw41 RBDFSBw4Wa02wXx+SZKdIltZubryZoqg4kzbjeZ/iulhCOHu+kyAkhsTkvf6DO3f o26ngluBlFagyUw5uCTDR8dlptX3+Xq2OItt2WDlPbKWPvTiclrjSgi/PY2eJvxD kMNVMdKm3BJM6RsfRKoz4vE6exjneW3U8PWsME3soM+bTeq4nGwdTKpDYN2djf3H Koe/4ZKiaYrTaJG+xnCAJJaH8JtiNSqIny8tiqKAOfgJ8F/QTKDfrwinQBD1lf+0 wzct4ekPuM7fkNdIJcvV6/5qUU0hIufTIl95HDJTCGYExtydULIKTQ1V4naoWqJI o6PKt859QoUFCK6CvSGhru2eINjBiA8eKhZhfqJLiN6hUZWg05Mhg9w8FGYAq6Ca kFep3INWvZVXDlB16JWz =yg2/ -----END PGP SIGNATURE-----