-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 Oct 2018 13:13:38 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickcore-6.q16-dev libmagickwand-6.q16-6 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-6 libmagickcore-6.q16hdri-6-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-6 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.10.14+dfsg-1 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-6 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-6-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-6 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-6-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-6 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-6 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 907776 910887 910888 910889 Changes: imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium . * New upstream version * Fix new privacy breach * Fix duplicate files in documentation * Fix security bugs: + CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of coders/msl.c + CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the coders/bmp.c file can cause a DOS via a crafted bmp file. + CVE-2018-18023: A heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. + CVE-2018-16645: Fix an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c, which allows remote attackers to cause a denial of service via a crafted image file. (Closes: #910889) + CVE-2018-16644: Fix a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c, which allows remote attackers to cause a denial of service via a crafted image. (Closes: #910888) + CVE-2018-16413: Fix a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. (Closes: #910887) + CVE-2018-16323: Fix an information disclosure vulnerability that existed in ImageMagick when processing XBM images. An attacker could use this to expose sensitive information. (Closes: #907776) + CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. + CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage in coders/sgi.c. + CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage in coders/pdb.c. + CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage in coders/bgr.c. + CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage in coders/pcx.c. Checksums-Sha1: 972ca44de25be18b0863a731412a8a1bb858138c 5088 imagemagick_6.9.10.14+dfsg-1.dsc b89e12b1bb347599a554a0d8956df155bc3e8424 9064460 imagemagick_6.9.10.14+dfsg.orig.tar.xz 00fd312cce21ed868240aaa98e38b04f3cd3ee2e 220640 imagemagick_6.9.10.14+dfsg-1.debian.tar.xz c2af8003036c39e6bcc287c31b5387ee55ab41c7 13028 imagemagick_6.9.10.14+dfsg-1_source.buildinfo Checksums-Sha256: 067d2fe88c0a45752ddd4c10abbf8cc378f290e1c72d53c8582896fd36f0f31c 5088 imagemagick_6.9.10.14+dfsg-1.dsc 20f48004c696eee645c5e468b1ff291ceed2759d9c0ed75eb9e616067cc096fd 9064460 imagemagick_6.9.10.14+dfsg.orig.tar.xz 9f529960fdca255aa70d120320a1d9db7688c5e3c658b193384b06c2265af97c 220640 imagemagick_6.9.10.14+dfsg-1.debian.tar.xz 93b5fe1a6162bce2f3a0e053c24126e678fbc160144f19a0aa488c4730f3a3cb 13028 imagemagick_6.9.10.14+dfsg-1_source.buildinfo Files: f465fd83511edb9d141e6ce8f2925e48 5088 graphics optional imagemagick_6.9.10.14+dfsg-1.dsc 0d020c6128ef3a8bbf4324eda0d550ad 9064460 graphics optional imagemagick_6.9.10.14+dfsg.orig.tar.xz 0334fca01ab4646eb030bc7c42c756cd 220640 graphics optional imagemagick_6.9.10.14+dfsg-1.debian.tar.xz 2baf1f1047178cc4688307309220df92 13028 graphics optional imagemagick_6.9.10.14+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlvXOLYACgkQADoaLapB CF/mag//XEHjTIr1u1zhst4RsdDpNCH5fYfO/NoKQjqzMGdVxF2shg3cIgR8k0cS 3tOI7fbybazecbbni4m2QR83dAO4h9FoeTWKiivlRK9uKggDNu6RnxBfK5Pk5WLz tUMMOEOxeDIri5IT+csC+bVo+kWH8+iH8oPMp98/QGFP0pysUUTtbmEBpnxyK+OA MtAWaVXXXcsBa0efjj28j8WSYiIXsYMbmiF1xnpWvZpRI0nntSbAa2IPviaHlwz7 OtfzYVmXz5Ho/9bomzdY7AlNEr4e2nMCIc7iK4lnyoeYwMgaqXfU8uwftMcDFOCg 2QRLIrRYNmVPE3Fr9NYA6BtzVampwUqB6E6PL+5zIN4w08f2YsQIaSstHJep5ofP MHY3U7RKB/mhsZ+7xVB+ubf0CKOQ55fw+YCorlgq5uT5O4poFpPGful9tM4IW3ot 7SsgPlE6hIyDkVRNejAG7YXaOS2As5xtH2/hVmu42yPjsGhAlgJ901W5QtAniTmV tra5s+HFGOzklkH50Ocfg2wxuRnWK50FmF2W3KGr1OXh1xU0Mz1Fg85NXan1WGkX yjBaCFW/q29Vijn2iNOEcSAYz7/mthYC5N40Zg1OJFw9re7dWIcDrwYqdbVC3LIk n/nbr+javZqJBt7CP+JdApi89Jiksbpzc6uYqczsX/+t8lxWmaI= =0pvk -----END PGP SIGNATURE-----
