Accepted imagemagick 8:6.9.7.4+dfsg-11+deb9u11 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted imagemagick 8:6.9.7.4+dfsg-11+deb9u11 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 12 Jan 2021 17:00:12 +0000
Message-id: <[🔎] E1kzN1g-0002P8-RV@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 11 Jan 2021 16:13:15 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-11+deb9u11
Distribution: stretch-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
 libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Changes:
 imagemagick (8:6.9.7.4+dfsg-11+deb9u11) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2017-14528: the TIFFSetProfiles function in coders/tiff.c has
     incorrect expectations about whether LibTIFF TIFFGetField return
     values imply that data validation has occurred, which allows remote
     attackers to cause a denial of service (use-after-free after an
     invalid call to TIFFSetField, and application crash) via a crafted
     file.
   * CVE-2020-19667: stack-based buffer overflow and unconditional jump in
     ReadXPMImage in coders/xpm.c
   * CVE-2020-25665: the PALM image coder at coders/palm.c makes an
     improper call to AcquireQuantumMemory() in routine WritePALMImage()
     because it needs to be offset by 256. This can cause a out-of-bounds
     read later on in the routine. This could cause impact to reliability.
   * CVE-2020-25674: WriteOnePNGImage() from coders/png.c (the PNG coder)
     has a for loop with an improper exit condition that can allow an
     out-of-bounds READ via heap-buffer-overflow. This occurs because it is
     possible for the colormap to have less than 256 valid values but the
     loop condition will loop 256 times, attempting to pass invalid
     colormap data to the event logger.
   * CVE-2020-27560: ImageMagick allows Division by Zero in
     OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of
     service.
   * CVE-2020-27750: A flaw was found in MagickCore/colorspace-private.h
     and MagickCore/quantum.h. An attacker who submits a crafted file that
     is processedcould trigger undefined behavior in the form of values
     outside the range of type `unsigned char` and math division by
     zero. This would most likely lead to an impact to application
     availability, but could potentially cause other problems related to
     undefined behavior.
   * CVE-2020-27760: In `GammaImage()` of /MagickCore/enhance.c, depending
     on the `gamma` value, it's possible to trigger a divide-by-zero
     condition when a crafted input file is processed by ImageMagick. This
     could lead to an impact to application availability.
   * CVE-2020-27763: a flaw was found in MagickCore/resize.c. An attacker
     who submits a crafted file that is processed by ImageMagick could
     trigger undefined behavior in the form of math division by zero. This
     would most likely lead to an impact to application availability, but
     could potentially cause other problems related to undefined behavior.
   * CVE-2020-27765: a flaw was found in MagickCore/segment.c. An attacker
     who submits a crafted file that is processed by ImageMagick could
     trigger undefined behavior in the form of math division by zero. This
     would most likely lead to an impact to application availability, but
     could potentially cause other problems related to undefined behavior.
   * CVE-2020-27773: a flaw was found in MagickCore/gem-private.h. An
     attacker who submits a crafted file that is processed by ImageMagick
     could trigger undefined behavior in the form of values outside the
     range of type `unsigned char` or division by zero. This would most
     likely lead to an impact to application availability, but could
     potentially cause other problems related to undefined behavior.
   * CVE-2020-29599: ImageMagick mishandles the -authenticate option, which
     allows setting a password for password-protected PDF files. The
     user-controlled password was not properly escaped/sanitized and it was
     therefore possible to inject additional shell commands via
     coders/pdf.c.
Checksums-Sha1:
 37ca7a5c5be145f0842a8595c5deae78a5c8546c 4824 imagemagick_6.9.7.4+dfsg-11+deb9u11.dsc
 0a65b5805623735e2442d3af5a3ee770529b06d2 269016 imagemagick_6.9.7.4+dfsg-11+deb9u11.debian.tar.xz
 b4661bd71bb0f618bf0d3dd0c116e6769fbf5cf8 23827 imagemagick_6.9.7.4+dfsg-11+deb9u11_amd64.buildinfo
Checksums-Sha256:
 13f138f85832e9469f41663601b68828191b438e613b10c1d131fa82766ed0fe 4824 imagemagick_6.9.7.4+dfsg-11+deb9u11.dsc
 0f9aff7784e097129e93903387a0ae7fab4d0ea2da52ebc3b693ed58786b42e1 269016 imagemagick_6.9.7.4+dfsg-11+deb9u11.debian.tar.xz
 50ad26012d96883e6a4e63e0ac340ebefabafa2e655ad6f9e6d3396e9f6ef7a3 23827 imagemagick_6.9.7.4+dfsg-11+deb9u11_amd64.buildinfo
Files:
 45e5bfe96fe577a5eeb39aa063be2990 4824 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u11.dsc
 2b179db3b8a107ef2dde4e489a9f11c4 269016 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u11.debian.tar.xz
 5181ed423c2f3d505b0eb17aa53ad13a 23827 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u11_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl/90RYACgkQj/HLbo2J
BZ80HQgAglwrOukQWifeSO1bXJ1GIusj6kHwxsO3KqYbqAshfRuHn47ekquwP/uK
6I0a1z8m+ApYzhl6jAiZOLhEauAhb/O0+lgo1NA4ow54UxoXyILgItGJG8apthy2
DYXNn18Gw0ic0h0rNjQmalJhDljGfFz1Xx9tljCLwx6cdC7om+h1HbE+SlxRZFYI
+ZgRHmH/0Tq/v9LVoDLyxj+PYgcTX86kxljNweyrvR7/otGhs0x9sUhcQPBnCn4C
IRkt9ShdXhc2IPu5a1WyXKkVb7ajlsODDZPtDuJJXdmT7+S7NlLsUzoHneQxeQzA
/h+FBSJDqX/EX0faO2NMR1mhXXK9/w==
=0faI
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Accepted coturn 4.5.0.5-1+deb9u3 (source) into oldstable
Next by Date: Accepted spice-vdagent 0.17.0-1+deb9u1 (source amd64) into oldstable
Previous by thread: Accepted coturn 4.5.0.5-1+deb9u3 (source) into oldstable
Next by thread: Accepted spice-vdagent 0.17.0-1+deb9u1 (source amd64) into oldstable
Index(es):
- Date
- Thread