Accepted imagemagick 8:6.9.7.4+dfsg-12 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Jul 2017 15:35:15 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-12
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 863126 864273 864274 867367 867721 867778 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897 868184 868264
Changes:
imagemagick (8:6.9.7.4+dfsg-12) unstable; urgency=medium
.
* Fix security bugs:
+ Previous CVE-2017-9144 fix was incomplete.
A crafted RLE image can trigger a crash because of incorrect
EOF handling in coders/rle.c
(Closes: #863126)
+ CVE-2017-10928:
A heap-based buffer over-read in the GetNextToken
function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have
unspecified other impact via a crafted SVG document
that is mishandled in the GetUserSpaceCoordinateValue
function in coders/svg.c.
(Closes: #867367).
+ CVE-2017-9500:
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause
a denial of service via a crafted file.
(Closes: #867778).
+ CVE-2017-9501:
An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.
(Closes: #867721).
+ CVE-2017-9440:
A memory leak was found in the function ReadPSDChannel
in coders/psd.c, which allows attackers to cause a denial
of service via a crafted file.
(Closes: 864273).
+ CVE-2017-9439:
A memory leak was found in the function ReadPDBImage in
coders/pdb.c, which allows attackers to cause a denial of
service via a crafted file.
(Closes: #864274).
+ CVE-2017-11188: CPU exhaustion in ReadDPXImage
Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.
(Closes: #867806)
+ CVE-2017-11141: memory exhaustion in ReadMATImage
When identify MAT file, imagemagick will allocate memory to store data
in function ReadMATImage.
Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
a anysize amount of memory, this may cause a memory exhaustion
(Closes: #868264)
+ CVE-2017-11170: memory exhaustion in ReadTGAImage
When identify VST file, imagemagick will allocate memory to store
data in function ReadTGAImage in coders/tga.c
using tga_info.bits_per_pixel field diretly from VST file without
checking in tga.c
By review the founction code, tga_info.bits_per_pixel max valid
value is 32.
On 32bit os, size_t one will be 32bit, so image->colors can be
overflow to 0.
On 64bit os, size_t one will be 64bit, so image->colors
can be large as 0x100000000(64GB).
(Closes: #868184)
+ Memory exhaustion in ReadCINImage
When identify CIN file that contains User defined data,
imagemagick will allocate memory to store the
data in function ReadCINImage in coders\inc.c
There is a security checking in the function SetImageExtent,
but it after memory allocation, so IM can not control the memory usage
(Closes: #867810)
+ CPU exhaustion in ReadRLEImage
A corrupted rle file could trigger a DOS
(Closes: #867808)
+ Memory leak in ReadDIBImage in dib.c
The ReadDIBImage function in dib.c allows attackers
to cause a denial of service (memory leak)
via a small crafted dib file.
(Closes: #867811)
+ Memory exhaustion in ReadDPXImage in dpx.c
When identify DPX file that contains user header data,
imagemagick will allocate memory to store the data in function
ReadDPXImage in coders\dpx.c
There is a security checking in the function SetImageExtent,
but it is too late, so IM can not control the memory usage.
(Closes: #867812)
+ Enable heap overflow check for stdin for mpc files
Enabling seekable streams is required to ensure checking
the blob size works when an image is streamed on stdin.
(Closes: #867896)
+ Assertion failure in WriteBlob
A crafted file revealed an assertion failure in blob.c.
(Closes: #867798)
+ Memory exhaustion in ReadEPTImage in ept.c
When identify EPT file , imagemagick will allocate memory
to store the data.
There is a security checking in the function SetImageExtent,
but it is not used in the allocation function,
so IM can not control the memory usage.
(Closes: #867821)
+ CPU exhaustion in ReadOneJNGImage
Due to lack of validation of PNG format, imagemagick could loop
2^32 in a CPU intensive loop.
(Closes: #867824, #867825).
+ CPU exhaustion in ReadOneDJVUImag
Due to lack of format validation, a crafted file will cause a
loop to run endless.
(Closes: #867826).
+ Zero pixel buffer
Avoid a data leak in case of incorrect file by clearing a buffer
(Closes: #867893).
+ memory leak in ReadMATImage in mat.c
The ReadMATImage function in mat.c allows attackers to cause a
denial of service (memory leak) via a small crafted mat file.
(Closes: #867823).
+ Avoid heap based overflow for jpeg
A corrupted jpeg file could trigger an heap overflow
(Closes: #867894).
+ Fix a memory leak in screenshot coder
(Closes: #867897)
Checksums-Sha1:
3d90914c6d86d4b36fbc80400725b25384f8735c 5137 imagemagick_6.9.7.4+dfsg-12.dsc
893fa5b030147239ca39394dc7a335dc7aa4934e 230416 imagemagick_6.9.7.4+dfsg-12.debian.tar.xz
a59faecc6842d8fc0b26d6e9c3280dd73be53207 12956 imagemagick_6.9.7.4+dfsg-12_source.buildinfo
Checksums-Sha256:
f445c59ca48e8869b7676ed7336295c780478acfef00161a652f5a228a34cec3 5137 imagemagick_6.9.7.4+dfsg-12.dsc
8b91345baf34eeeadc6ea8e744a4d0f57ebf976c386833b55411b5faa862aa65 230416 imagemagick_6.9.7.4+dfsg-12.debian.tar.xz
856cd6486e65aa3170819b0430e65fcaeb59a8474f857ef4ee71295852ba18c8 12956 imagemagick_6.9.7.4+dfsg-12_source.buildinfo
Files:
a6227a37d15c2b19bf999fe91d4b373b 5137 graphics optional imagemagick_6.9.7.4+dfsg-12.dsc
20c4df2b2199408aee6abea9baacaed4 230416 graphics optional imagemagick_6.9.7.4+dfsg-12.debian.tar.xz
e005c9489d784877411aef2032dd4b55 12956 graphics optional imagemagick_6.9.7.4+dfsg-12_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlloyNcACgkQADoaLapB
CF92VA/6AsGc6Ezo71sxhMxClnTl6tentb3Zv+KAujRiNyOe8qwrdppL40mAYvaV
NImBUxk26Fbypbvs9UxzBEb52BP5ZcOS7t/e/De5SPYdMlDpdzOFFs5ygvVU9MmZ
eDAz3lRfnEAIVtLwrhYbxzfhsRNkXqrsmmSKge90Zc28VSO1vibE3Tu1VCYQJPzx
gEe2K5ghTrbG/DRF6L96u+bilajP76GUQFbbTEjtd8XLczmrAMZgpWEXiG5ZqQBh
OhvgjATw5WbiSbenErnxciCxu82wAOetsLtGwzwfrfDcOwqzfI6J5Oss6C1pf9uB
YNbrP6EwmUzjm23qDunnyZdOUZngNs7JOJvN9MhK3udBOU0tqvEsq+qAtv89wnTi
X7mWlHl5DAStNYFUIGgRnezJ+4IzXJHh5qsRC2WD3C8ebizvuRWUMy1RbT+07QaD
5D4lFuu3XQldfpmb/N3cGGPsD6WiwrigQeEdjA7XmDJbSmj2pACuuu+JJWq33dHU
3vLwND2qHBEBW9yaeQZf3zYYV22XzWxfu3s/a3PZZ/j88mHDrAWhCS3PEIvzi2g5
D0z/dJwt0/oykRPJAMln80eBqKnBdbeYKcwpE8IUM/pq/dg3y21diJj/fAaNbv36
FNmW9mELe3ZVTEBqkDITD054q1fJYKuCT8uBIZ0ElnP8o8hRZk4=
=m2Hc
-----END PGP SIGNATURE-----
Reply to: