-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 25 Aug 2017 14:16:40 -0400 Source: imagemagick Binary: imagemagick imagemagick-dbg imagemagick-common imagemagick-doc libmagickcore5 libmagickcore5-extra libmagickcore-dev libmagickwand5 libmagickwand-dev libmagick++5 libmagick++-dev perlmagick Architecture: source amd64 all Version: 8:6.7.7.10-5+deb7u16 Distribution: wheezy-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: imagemagick - image manipulation programs imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libmagick++-dev - object-oriented C++ interface to ImageMagick - development files libmagick++5 - object-oriented C++ interface to ImageMagick libmagickcore-dev - low-level image manipulation library - development files libmagickcore5 - low-level image manipulation library libmagickcore5-extra - low-level image manipulation library - extra codecs libmagickwand-dev - image manipulation library - development files libmagickwand5 - image manipulation library perlmagick - Perl interface to the ImageMagick graphics routines Closes: 867367 867721 867748 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 868184 868263 868264 868469 868950 869210 869711 869712 869713 869715 869721 869722 869725 869726 869727 869728 869796 869827 869834 870012 870013 870016 870017 870019 870020 870022 870023 870065 870067 870105 870106 870107 870109 870115 870118 870120 870480 870481 870489 870491 870501 870502 870503 870504 870525 870526 870530 872373 872609 873099 873100 873134 Changes: imagemagick (8:6.7.7.10-5+deb7u16) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix implicit function declaration introduced by earlier CVE-2017-9144 fix. * Fix heap-based buffer over-read via crafted SVG document which allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact. (CVE-2017-10928) (Closes: #867367) * Enable heap overflow check for stdin for mpc files. (CVE-2017-11449) (Closes: #867896) * Fix CPU exhaustion in ReadDPXImage via crafted DPX file. (CVE-2017-11188) (Closes: #867806) * Fix CPU exhaustion in ReadRLEImage via corrupted RLE file. (CVE-2017-11360) (Closes: #867808) * Fix memory exhaustion in ReadCINImage when identifying a CIN file that contains user defined data. (CVE-2017-11525) (Closes: #867810) * Fix denial of service (memory leak) in ReadDIBImage via a small crafted DIB file. (CVE-2017-11528) (Closes: #867811) * Fix memory exhaustion in ReadDPXImage when identifying a DPX file that contains user header data. (CVE-2017-11527) (Closes: #867812) * Fix assertion failure in WriteBlob. (CVE-2017-11524) (Closes: #867798) * Fix memory exhaustion in ReadEPTImage when identifying an EPT file. (CVE-2017-11530) (Closes: #867821) * Fix memory exhaustion in ReadMATImage when identifying a crafted MAT file. (CVE-2017-11141) (Closes: #868264) * Fix memory exhaustion in ReadTGAImage via a crafted VST file. (CVE-2017-11170) (Closes: #868184) * Fix denial of service via a crafted file in LockSemaphoreInfo [complete the fix by adding two patches in addition to the previous] (CVE-2017-9501) (Closes: #867721) * Fix CPU exhaustion in ReadOneJNGImage via crafted PNG file. (CVE-2017-11505, CVE-2017-11526) (Closes: #867824, #867825) * Fix CPU exhaustion in ReadOneDJVUImag via a crafted file. (CVE-2017-11478) (Closes: #867826) * Fix data leak by clearing buffer in case of incorrect JPEG file. (CVE-2017-11448) (Closes: #867893) * Fix denial of service (memory leak) in ReadMATImage via a small crafted MAT file. (CVE-2017-11529) (Closes: #867823) * Fix heap based overflow via a corrupted JPEG file. (CVE-2017-11450) (Closes: #867894) * CVE-2017-11166 was already fixed by the earlier fix for CVE-2017-8352 (Closes: #868263) * Fix denial of service (infinite loop) via corrup TXT file. (CVE-2017-11523) (Closes: #869210) * Fix denial of service (heap-based buffer over-read and application crash) in mng_get_long. (CVE-2017-10995) (Closes: #867748) * Fix infinite loop CPU exhaustion in ReadPESImage. (CVE-2017-11446) (Closes: #868950) * Fix denial of service via a crafted RLE file (improper handling of EOF), resulting from an incomplete fix for CVE-2017-9144. (CVE-2017-11352) (Closes: #868469) * Fix memory leak via crafted file in convert histogram processing. (CVE-2017-11531) (Closes: #869725) * Fix memory leak via crafted file in convert MPC image writing. (CVE-2017-11532) (Closes: #869726) * Fix heap-based buffer over-read via crafted file in convert UIL image writing. (CVE-2017-11533) (Closes: #869834) * Fix memory leak via crafted file in convert lite_font_map() function. (CVE-2017-11534) (Closes: #869711) * Fix heap-based buffer over-read via crafted file in convert PS image writing. (CVE-2017-11535) (Closes: #869827) * Fix floating point exception (FPE) via crafted file in convert PALM image writing. (CVE-2017-11537) (Closes: #869712) * Fix memory leak via crafted file in convert PNG image reading. (CVE-2017-11539) (Closes: #870120) * Fix heap-based buffer over-read via crafted file in convert CIP image writing. (CVE-2017-11639) (Closes: #870065) * Fix address access exception via crafted file in convert TIFF image writing (CVE-2017-11640) (Closes: #870067) * Fix memory leak via crafted file in convert MAT image reading. (CVE-2017-11644) (Closes: #870016) * Fix memory leak in MAT image reading. (CVE-2017-11724) (Closes: #870023) * Fix remote denial of service (memory leak) via crafted file in ICON image writing. (CVE-2017-11751) (Closes: #870480) * Fix denial of service (memory leak) via crafted file in MAGICK image reading. (CVE-2017-11752) (Closes: #870481) * Fix excessive memory consumption via crafted DCM file. (CVE-2017-12140) * Fix memory leaks in image writing. (CVE-2017-12418) * Fix remote denial of service (memory leak) in processing and writing of MSL images. (CVE-2017-12427) (Closes: #870525) * Fix denial of service (memory leak) in WMF image reading. (CVE-2017-12428) (Closes: #869713) * Fix denial of service (memory exhaustion) in MIFF image reading. (CVE-2017-12429) * Fix denial of service (memory exhaustion) in MPC and MIFF image reading. (CVE-2017-12430) (Closes: #869727) * Fix use-after-free vulnerability in WMF image reading. (CVE-2017-12431) (Closes: #869715) * Fix denial of service (memory exhaustion) in PCX image reading. (CVE-2017-12432) (Closes: #870491) * Fix memory leak in PES image reader. (CVE-2017-12433) * Fix memory exhaustion in SUN image reader. (CVE-2017-12435) (Closes: #870504) * Fix memory exhaustion in PSD image reader. (CVE-2017-12563) (Closes: #870530) * Fix denial of service (memory leak) in MAT image reader. (CVE-2017-12564) (Closes: #870017) * Fix denial of service (memory leak) in PNG image reader. (CVE-2017-12565, CVE-2017-12641) (Closes: #870115) * Fix denial of service (memory leak) in MVG image reader. (CVE-2017-12566) (Closes: #870503) * Fix denial of service (large loop vulnerability) in PWP image reader. (CVE-2017-12587) (Closes: #870526) * Fix heap-based buffer over-read in MNG image reader. (CVE-2017-12640) (Closes: #870106) * Fix denial of service (memory leak) in MPC image reader. (CVE-2017-12642) (Closes: #869796) * Fix denial of service (memory exhaustion) in PNG image reader. (CVE-2017-12643) (Closes: #870107) * Fix denial of service (memory leak) in PICT image reader. (CVE-2017-12654) (Closes: #870502) * Fix denial of service (memory leak) in PICT image writer. (CVE-2017-12665) (Closes: #870501) * Fix denial of service (memory leak) in PCX image writer. (CVE-2017-12668) (Closes: #870489) * Fix denial of service (missing validation) in MAT image reader. (CVE-2017-12670) (Closes: #870020) * Fix denial of service (CPU exhaustion) in PDB image reader. (CVE-2017-12674) (Closes: #872609) * Fix denial of service (missing validation) in MAT image reader. (CVE-2017-12675) (Closes: #870022) * Fix denial of service (memory leak) in PNG image reader. (CVE-2017-12676) (Closes: #870118) * Fix use-after-free in MAT image reader. (CVE-2017-12877) (Closes: #872373) * Fix heap-based buffer overflow via crafted file in SFW image reader. (CVE-2017-12983) (Closes: #873134) * Fix denial of service (offset validation/memory exhaustion) via crafted file in XCF image reader. (CVE-2017-13133) (Closes: #873100) * Fix heap-based buffer overflow via crafted file in SFW image reader. (CVE-2017-13134) (Closes: #873099) * Fix out-of-bounds read with MNG CLIP chunk in PNG image reader. (CVE-2017-13139) (Closes: #870109) * Fix denial of service (crash resulting from inadequate short file check) via crafted file in PNG image reader. (CVE-2017-13142) (Closes: #870105) * Fix remote disclosure of sensitive information (use of uninitialized data) in MAT image reader. (CVE-2017-13143) (Closes: #870012) * Fix application crash if image dimensions are too large. (CVE-2017-13144) (Closes: #869728) * Fix denial of service (memory leak) in MAT image reader. (CVE-2017-13146) (Closes: #870013) * Fix denial of service (assertion failure and application exit) in MAT image reader. (CVE-2017-13658) (Closes: #870019) * Fix denial of service (memory leak) in PALM image reader. (CVE-2017-12664) (Closes: #869721) * Fix denial of service (memory leak) in image quantizer. (CVE-2017-12664) (Closes: #869722) Checksums-Sha1: 770082040673a538f0631239e742f0e234322ec1 3160 imagemagick_6.7.7.10-5+deb7u16.dsc 40f9893f3fd545ac171d2edf8341c54ba8f0a332 238052 imagemagick_6.7.7.10-5+deb7u16.debian.tar.bz2 eedb723d1f0473de525988270ac02d3a44d361db 292468 imagemagick_6.7.7.10-5+deb7u16_amd64.deb d9bb378cb02f49e4a7ca43edef9578ea1efafa21 6321816 imagemagick-dbg_6.7.7.10-5+deb7u16_amd64.deb b93b5f51920fa5af87fbd14e00609ce641815819 134130 imagemagick-common_6.7.7.10-5+deb7u16_all.deb 6b78cb8e063e055888c6ca58f3ccd02855c9c0f2 5801344 imagemagick-doc_6.7.7.10-5+deb7u16_all.deb 7fe6d761862048f0ee2650404ec32a1fdea4a456 2126564 libmagickcore5_6.7.7.10-5+deb7u16_amd64.deb 608ac9412e37baa81b4678d2590db4ead34b1378 169870 libmagickcore5-extra_6.7.7.10-5+deb7u16_amd64.deb 20e77d3358e864debd5f11ac281fc6b8a5945cc8 1393070 libmagickcore-dev_6.7.7.10-5+deb7u16_amd64.deb d0679a996a748bfc96401eba0b252bfd3022d068 467992 libmagickwand5_6.7.7.10-5+deb7u16_amd64.deb abb6cd8ba1591cea01c19d3d4385acaa9f2775af 549080 libmagickwand-dev_6.7.7.10-5+deb7u16_amd64.deb af0076246faca5bd52c6bb09b9274fe626d68bc5 243094 libmagick++5_6.7.7.10-5+deb7u16_amd64.deb 6b622303d977696a47a493a15eb4a67cb93c7bde 289904 libmagick++-dev_6.7.7.10-5+deb7u16_amd64.deb 65c4028e8bc7c1fda9aa6b42206a802deb51f369 261392 perlmagick_6.7.7.10-5+deb7u16_amd64.deb Checksums-Sha256: 8f4e8dc4068a27d6933b950adb685b3062ecb278c67c52452363218b1bdd2a3f 3160 imagemagick_6.7.7.10-5+deb7u16.dsc 119cd980dfa33500c7bbdf4bcb73795e0d544e3abfe771e769ee75acc603b0fe 238052 imagemagick_6.7.7.10-5+deb7u16.debian.tar.bz2 91ff8e2a89c223329553e67f4fbd6a80b7e0caa08c2b1bf68a2a2a09d3c66fde 292468 imagemagick_6.7.7.10-5+deb7u16_amd64.deb c3221f2eb8bea49eca5cb3d41ffa638a25dd0bc3263f08ba63d075a32fbc996b 6321816 imagemagick-dbg_6.7.7.10-5+deb7u16_amd64.deb 3b65c72cb7904b19eb9463d8fd8b502121c11bd93498a8e68829b8b7d421b008 134130 imagemagick-common_6.7.7.10-5+deb7u16_all.deb 5b439f6bd3af7085b1522f66afbeb93e1f8a56ca906f75ee401407409f0f4adc 5801344 imagemagick-doc_6.7.7.10-5+deb7u16_all.deb b5e2f0957ce6036eb78804980947ab8358f74b18c8a022cda7ecdcf2e1e60b3e 2126564 libmagickcore5_6.7.7.10-5+deb7u16_amd64.deb 97f4217b6f32c4e3e68523d6b40bce0498b4c20db8c6fb0c27e6932e1c1d89cb 169870 libmagickcore5-extra_6.7.7.10-5+deb7u16_amd64.deb bafaf76f64a5f898baa8a856b1fc9773b651d22d7340f0bc560c5c744da90bd2 1393070 libmagickcore-dev_6.7.7.10-5+deb7u16_amd64.deb 25981d29c39f5dacf2b024bd7819c88622c3cc84e4cfb9691adc35236eddacb4 467992 libmagickwand5_6.7.7.10-5+deb7u16_amd64.deb dde3b6e1397a83417c88f172f21b889908407b6b32e5dde58a6fde9fa17de9bc 549080 libmagickwand-dev_6.7.7.10-5+deb7u16_amd64.deb d467e30cf6b8995391179db183d8b05f1582d443b83a1047c692d574f45cd3df 243094 libmagick++5_6.7.7.10-5+deb7u16_amd64.deb 74d6928654236d508e19ce26c5555da6d9fbba41131d98ba133c84134524e0ed 289904 libmagick++-dev_6.7.7.10-5+deb7u16_amd64.deb 664eb77a98eebe37c65f15d0a75c27144b23319be7989135cde3b6f5636cef6d 261392 perlmagick_6.7.7.10-5+deb7u16_amd64.deb Files: 3524e4df40b6a558a5729cde72663dd0 3160 graphics optional imagemagick_6.7.7.10-5+deb7u16.dsc a2b4f08a8eb634343bb33bdf4051aa7f 238052 graphics optional imagemagick_6.7.7.10-5+deb7u16.debian.tar.bz2 cab81c74924c642b91594665748560df 292468 graphics optional imagemagick_6.7.7.10-5+deb7u16_amd64.deb 8cde08e0ccf1a272cda39de591a5176e 6321816 debug extra imagemagick-dbg_6.7.7.10-5+deb7u16_amd64.deb a82b3e6ed440dabc6b63310af2716f6f 134130 graphics optional imagemagick-common_6.7.7.10-5+deb7u16_all.deb 1dee4b5234fef61b8bb51d76bf5bc6c0 5801344 doc optional imagemagick-doc_6.7.7.10-5+deb7u16_all.deb 7279edd22c8b8a8fa7e06f6d076a15cd 2126564 libs optional libmagickcore5_6.7.7.10-5+deb7u16_amd64.deb 2c43329609e26916c76a84fd0024e76b 169870 libs optional libmagickcore5-extra_6.7.7.10-5+deb7u16_amd64.deb df9f80795f23cace9c3c6180cc227ec1 1393070 libdevel optional libmagickcore-dev_6.7.7.10-5+deb7u16_amd64.deb 7074554456cb2baca972c1074a2603fe 467992 libs optional libmagickwand5_6.7.7.10-5+deb7u16_amd64.deb 63dc32e254d92fb71e4b65aa108a93ca 549080 libdevel optional libmagickwand-dev_6.7.7.10-5+deb7u16_amd64.deb 3f81f9d31d4b200381cacf7c844ffc52 243094 libs optional libmagick++5_6.7.7.10-5+deb7u16_amd64.deb 57c63113b8264cffab806e3bd571352f 289904 libdevel optional libmagick++-dev_6.7.7.10-5+deb7u16_amd64.deb d35f8cb5111a92de4af59be1785e4f41 261392 perl optional perlmagick_6.7.7.10-5+deb7u16_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJZp+UjAAoJECzXeF7dp7IP2DsQAIDAoewY1pdI4wTJlSwR0g5z naOSu9hj21yBOjr/NNlHG+bCKjgxvSooVMvyEP7pAobfhf/M/1ePUpBojm1j7nn9 aD/FPnFXt57ez2ARh+wbeRMzoWjb1dHSLRbUPxpsQ/VRoB3IGXi0Om3AKCc7GW+G x2VNqsdBBv89j1PD+hN4GDbu1Vvmy5eFpOy9RpfW5LGVqYW806CYRvW2pQCYNpAd t0tOcmUuuzoe6NtWHT/zL2wdDjEqq5200A60MpsDjajdM8lmrD3sKhEV4o0fHZ8T l54LA2TPiWjrox84yG0Ne1vQZEVHkKKSasDS8C2v/Y4t7o/x+IBXrORkNqDo53WZ 6d7xMozDjrzNaYA4gQ8H068ZbelKx/65cqj25vBk6jXjf2M2rMyUzmQSuh/kKkoc UTluSqx1QixzySCf1g39GBCMk6BxTKSNOH377LX01hcvvzzbWdl3Wraw0aDLuKuj NJPqZjAb0fjlWl7rzH4Wv9wGX77qPfJomGMOY42wU6MbBbbrfHtMygqBr0jlAADT q+1MmeRV/dxcNpeAA1aQuvVxQ7VgUsRlMF8srwPme3gcDQKZHBsxN8omUnGAv3nG bT13cbhTyMbC7IPS+nr8qx9KT3CkMQZiVJ0qUS2nDMMLdvZztA5NfqBMCGXw2BvO qJc3/1XS/4NCDrJC8woU =yVHN -----END PGP SIGNATURE-----