Imagemagick 8%6.7.7.10-5+deb7u11
Hi,
since this is my first stab at imagemagick it would be great if someone
could have a look at the attached debdiff. It's based on the
https://anonscm.debian.org/git/collab-maint/debian-lts/imagemagick.git
git repo. The check the verify that the CVEs are fixed and it's not
totally broken are here:
https://github.com/agx/imagemagick-checks
This might evolve into proper autopkgtests in the future.
Cheers,
-- Guido
diff --git a/debian/changelog b/debian/changelog
index c71897e0f..ee16d0b69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+imagemagick (8:6.7.7.10-5+deb7u11) wheezy-security; urgency=medium
+
+ [ Emilio Pozuelo Monfort ]
+ * Non-maintainer upload by the LTS Security Team.
+ * debian/patches/0127-CVE-2016-8677.patch:
+ + Drop incomplete fix.
+ * debian/patches/0128-CVE-2016-8707.patch:
+ + Refreshed.
+ * 0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch:
+ + Add complete fix for CVE-2016-8677.
+
+ [ Guido Günther ]
+ * Fix recent security issues.
+ CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507
+ CVE-2017-5508 CVE-2017-5510 CVE-2017-5511
+ (Closes: #851485, #851483, #851380, #851383, #851382,
+ #851381, #851376, #851374)
+
+ -- Guido Günther <agx@sigxcpu.org> Sat, 28 Jan 2017 18:33:48 +0100
+
imagemagick (8:6.7.7.10-5+deb7u10) wheezy-security; urgency=high
* Non-maintainer upload by the LTS Security Team.
diff --git a/debian/patches/0127-CVE-2016-8677.patch b/debian/patches/0127-CVE-2016-8677.patch
deleted file mode 100644
index 5c297c1a2..000000000
--- a/debian/patches/0127-CVE-2016-8677.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From 524349d2b3fed7fa0e53de2c908458474eb24418 Mon Sep 17 00:00:00 2001
-From: Cristy <urban-warrior@imagemagick.org>
-Date: Thu, 15 Sep 2016 20:26:36 -0400
-Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/268
-
----
- coders/tiff.c | 131 +++++++++++++++++++++++++++++-----------------------------
- 1 file changed, 65 insertions(+), 66 deletions(-)
-
---- a/coders/tiff.c
-+++ b/coders/tiff.c
-@@ -1678,7 +1678,8 @@ static Image *ReadTIFFImage(const ImageI
- }
- SetQuantumImageType(image,quantum_type);
- next_tiff_frame:
-- quantum_info=DestroyQuantumInfo(quantum_info);
-+ if (quantum_info != (QuantumInfo *) NULL)
-+ quantum_info=DestroyQuantumInfo(quantum_info);
- if ((photometric == PHOTOMETRIC_LOGL) ||
- (photometric == PHOTOMETRIC_MINISBLACK) ||
- (photometric == PHOTOMETRIC_MINISWHITE))
diff --git a/debian/patches/0128-CVE-2016-8707.patch b/debian/patches/0128-CVE-2016-8707.patch
index 711a8cd8a..472d16260 100644
--- a/debian/patches/0128-CVE-2016-8707.patch
+++ b/debian/patches/0128-CVE-2016-8707.patch
@@ -23,7 +23,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
(reference www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=21288).
--- a/coders/tiff.c
+++ b/coders/tiff.c
-@@ -866,7 +866,7 @@ static Image *ReadTIFFImage(const ImageI
+@@ -866,7 +866,7 @@
width;
unsigned char
@@ -32,7 +32,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
/*
Open image.
-@@ -1223,7 +1223,13 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1223,7 +1223,13 @@
method=ReadTileMethod;
quantum_info->endian=LSBEndian;
quantum_type=RGBQuantum;
@@ -47,7 +47,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
switch (method)
{
case ReadSingleSampleMethod:
-@@ -1294,7 +1300,6 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1294,7 +1300,6 @@
TIFFClose(tiff);
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
}
@@ -55,7 +55,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
for (y=0; y < (ssize_t) image->rows; y++)
{
int
-@@ -1303,14 +1308,14 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1303,14 +1308,14 @@
register PixelPacket
*restrict q;
@@ -72,7 +72,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
(void) length;
if (SyncAuthenticPixels(image,exception) == MagickFalse)
break;
-@@ -1352,7 +1357,6 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1352,7 +1357,6 @@
TIFFClose(tiff);
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
}
@@ -80,7 +80,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
for (y=0; y < (ssize_t) image->rows; y++)
{
int
-@@ -1361,14 +1365,14 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1361,14 +1365,14 @@
register PixelPacket
*restrict q;
@@ -97,7 +97,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
if (SyncAuthenticPixels(image,exception) == MagickFalse)
break;
if (image->previous == (Image *) NULL)
-@@ -1397,7 +1401,7 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1397,7 +1401,7 @@
status;
status=TIFFReadPixels(tiff,bits_per_sample,(tsample_t) i,y,(char *)
@@ -106,7 +106,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
if (status == -1)
break;
q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
-@@ -1423,7 +1427,7 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1423,7 +1427,7 @@
default: quantum_type=UndefinedQuantum; break;
}
length=ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
@@ -115,7 +115,7 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
if (SyncAuthenticPixels(image,exception) == MagickFalse)
break;
}
-@@ -1460,13 +1464,13 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1460,13 +1464,13 @@
break;
if (i == 0)
{
@@ -131,11 +131,11 @@ Patch was modified to remove ReadYCCKMethod case because absent from wheezy.
for (x=0; x < (ssize_t) image->columns; x++)
{
SetPixelRed(q,ScaleCharToQuantum((unsigned char)
-@@ -1676,6 +1680,7 @@ static Image *ReadTIFFImage(const ImageI
+@@ -1676,6 +1680,7 @@
break;
}
}
+ tiff_pixels=(unsigned char *) RelinquishMagickMemory(tiff_pixels);
SetQuantumImageType(image,quantum_type);
next_tiff_frame:
- if (quantum_info != (QuantumInfo *) NULL)
+ quantum_info=DestroyQuantumInfo(quantum_info);
diff --git a/debian/patches/0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch b/debian/patches/0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch
new file mode 100644
index 000000000..a705f9830
--- /dev/null
+++ b/debian/patches/0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch
@@ -0,0 +1,81 @@
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1129,6 +1129,34 @@
+ if ((option == (const char *) NULL) ||
+ (IsMagickTrue(option) != MagickFalse))
+ TIFFGetEXIFProperties(tiff,image);
++ quantum_info=(QuantumInfo *) NULL;
++ if ((photometric == PHOTOMETRIC_PALETTE) &&
++ (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize))
++ {
++ size_t
++ colors;
++
++ colors=(size_t) GetQuantumRange(bits_per_sample)+1;
++ if (AcquireImageColormap(image,colors) == MagickFalse)
++ {
++ TIFFClose(tiff);
++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++ }
++ }
++ if (units == RESUNIT_INCH)
++ image->units=PixelsPerInchResolution;
++ if (units == RESUNIT_CENTIMETER)
++ image->units=PixelsPerCentimeterResolution;
++ value=(unsigned short) image->scene;
++ (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages);
++ image->scene=value;
++ if (image_info->ping != MagickFalse)
++ {
++ if (image_info->number_scenes != 0)
++ if (image->scene >= (image_info->scene+image_info->number_scenes-1))
++ break;
++ goto next_tiff_frame;
++ }
+ /*
+ Allocate memory for the image and pixel buffer.
+ */
+@@ -1189,33 +1217,6 @@
+ if (image->matte != MagickFalse)
+ (void) SetImageProperty(image,"tiff:alpha",
+ associated_alpha != MagickFalse ? "associated" : "unassociated");
+- if ((photometric == PHOTOMETRIC_PALETTE) &&
+- (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize))
+- {
+- size_t
+- colors;
+-
+- colors=(size_t) GetQuantumRange(bits_per_sample)+1;
+- if (AcquireImageColormap(image,colors) == MagickFalse)
+- {
+- TIFFClose(tiff);
+- ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+- }
+- }
+- if (units == RESUNIT_INCH)
+- image->units=PixelsPerInchResolution;
+- if (units == RESUNIT_CENTIMETER)
+- image->units=PixelsPerCentimeterResolution;
+- value=(unsigned short) image->scene;
+- (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages);
+- image->scene=value;
+- if (image_info->ping != MagickFalse)
+- {
+- if (image_info->number_scenes != 0)
+- if (image->scene >= (image_info->scene+image_info->number_scenes-1))
+- break;
+- goto next_tiff_frame;
+- }
+ status=SetImageExtent(image,image->columns,image->rows);
+ if (status == MagickFalse)
+ {
+@@ -1714,7 +1715,8 @@
+ tiff_pixels=(unsigned char *) RelinquishMagickMemory(tiff_pixels);
+ SetQuantumImageType(image,quantum_type);
+ next_tiff_frame:
+- quantum_info=DestroyQuantumInfo(quantum_info);
++ if (quantum_info != (QuantumInfo *) NULL)
++ quantum_info=DestroyQuantumInfo(quantum_info);
+ if ((photometric == PHOTOMETRIC_LOGL) ||
+ (photometric == PHOTOMETRIC_MINISBLACK) ||
+ (photometric == PHOTOMETRIC_MINISWHITE))
diff --git a/debian/patches/CVE-2016-10144.patch b/debian/patches/CVE-2016-10144.patch
new file mode 100644
index 000000000..afdb50324
--- /dev/null
+++ b/debian/patches/CVE-2016-10144.patch
@@ -0,0 +1,23 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Fri, 27 Jan 2017 17:02:40 +0100
+Subject: CVE-2016-10144
+
+Upstream-Commit: 97566cf2806c0a5a86e884c96831a0c3b1ec6c20
+Closes: #851485
+---
+ coders/ipl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/coders/ipl.c b/coders/ipl.c
+index 70dbeb7..b18dad5 100644
+--- a/coders/ipl.c
++++ b/coders/ipl.c
+@@ -543,6 +543,8 @@ static MagickBooleanType WriteIPLImage(const ImageInfo *image_info,Image *image)
+
+
+ quantum_info=AcquireQuantumInfo(image_info, image);
++ if (quantum_info == (QuantumInfo *) NULL)
++ ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+ if ((quantum_info->format == UndefinedQuantumFormat) &&
+ (IsHighDynamicRangeImage(image,&image->exception) != MagickFalse))
+ SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat);
diff --git a/debian/patches/CVE-2016-10145.patch b/debian/patches/CVE-2016-10145.patch
new file mode 100644
index 000000000..2abd02bd8
--- /dev/null
+++ b/debian/patches/CVE-2016-10145.patch
@@ -0,0 +1,27 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Fri, 27 Jan 2017 17:02:40 +0100
+Subject: CVE-2016-10145
+
+Upstream-Commit: d23beebe7b1179fb75db1e85fbca3100e49593d9
+Closes: #851483
+---
+ coders/wpg.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/coders/wpg.c b/coders/wpg.c
+index 851155c..de54cf5 100644
+--- a/coders/wpg.c
++++ b/coders/wpg.c
+@@ -769,9 +769,9 @@ static Image *ExtractPostscript(Image *image,const ImageInfo *image_info,
+ /* printf("Detected:%s \n",magic_info->name); */
+ if(exception->severity != UndefinedException) goto FINISH_UNL;
+ if(magic_info->name == (char *) NULL) goto FINISH_UNL;
+-
+- (void) strncpy(clone_info->magick,magic_info->name,MaxTextExtent);
+-
++
++ (void) strncpy(clone_info->magick,magic_info->name,MaxTextExtent-1);
++
+ /* Read nested image */
+ /*FormatString(clone_info->filename,"%s:%s",magic_info->name,postscript_file);*/
+ FormatLocaleString(clone_info->filename,MaxTextExtent,"%s",postscript_file);
diff --git a/debian/patches/CVE-2016-10146.patch b/debian/patches/CVE-2016-10146.patch
new file mode 100644
index 000000000..d50e6dd2e
--- /dev/null
+++ b/debian/patches/CVE-2016-10146.patch
@@ -0,0 +1,23 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Fri, 27 Jan 2017 17:02:40 +0100
+Subject: CVE-2016-10146
+
+Upstream-Commit: aeff00de228bc5a158c2a975ab47845d8a1db456
+Closes: #851380
+---
+ coders/caption.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/caption.c b/coders/caption.c
+index cff62c8..4cc9fdb 100644
+--- a/coders/caption.c
++++ b/coders/caption.c
+@@ -255,7 +255,7 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info,
+ (void) FormatLocaleString(geometry,MaxTextExtent,"%+g%+g",
+ image->columns-(metrics.bounds.x2+draw_info->stroke_width/2.0),
+ metrics.ascent+draw_info->stroke_width/2.0);
+- draw_info->geometry=AcquireString(geometry);
++ (void) CloneString(&draw_info->geometry,geometry);
+ }
+ status=AnnotateImage(image,draw_info);
+ draw_info=DestroyDrawInfo(draw_info);
diff --git a/debian/patches/CVE-2016-4563.patch b/debian/patches/CVE-2016-4563.patch
index 8aed31cf2..101f97c57 100644
--- a/debian/patches/CVE-2016-4563.patch
+++ b/debian/patches/CVE-2016-4563.patch
@@ -1,6 +1,16 @@
+From: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
+Date: Fri, 27 Jan 2017 14:25:39 +0100
+Subject: CVE-2016-4563
+
+---
+ magick/draw.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/magick/draw.c b/magick/draw.c
+index 6c92824..6ca4c1f 100644
--- a/magick/draw.c
+++ b/magick/draw.c
-@@ -5979,13 +5979,25 @@
+@@ -5979,13 +5979,25 @@ static PrimitiveInfo *TraceStrokePolygon(const DrawInfo *draw_info,
}
if (q >= (ssize_t) (max_strokes-6*BezierQuantum-360))
{
diff --git a/debian/patches/CVE-2017-5506.patch b/debian/patches/CVE-2017-5506.patch
new file mode 100644
index 000000000..a70c5b1f2
--- /dev/null
+++ b/debian/patches/CVE-2017-5506.patch
@@ -0,0 +1,31 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Fri, 27 Jan 2017 17:02:40 +0100
+Subject: CVE-2017-5506
+
+Reference: https://github.com/ImageMagick/ImageMagick/issues/354
+Upstream-Commit: 6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
+Closes: #851383
+---
+ magick/profile.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/magick/profile.c b/magick/profile.c
+index 153750e..87b3452 100644
+--- a/magick/profile.c
++++ b/magick/profile.c
+@@ -1599,11 +1599,11 @@ MagickExport MagickBooleanType SyncImageProfiles(Image *image)
+ /*
+ The directory entry contains an offset.
+ */
+- offset=(ssize_t) ((int) ReadProfileLong(endian,q+8));
+- if ((ssize_t) (offset+number_bytes) < offset)
+- continue; /* prevent overflow */
+- if ((size_t) (offset+number_bytes) > length)
++ offset=(ssize_t) ReadProfileLong(endian,q+8);
++ if ((offset < 0) || ((size_t) (offset+number_bytes) > length))
+ continue;
++ if (~length < number_bytes)
++ continue; /* prevent overflow */
+ p=(unsigned char *) (exif+offset);
+ }
+ switch (tag_value)
diff --git a/debian/patches/CVE-2017-5507.patch b/debian/patches/CVE-2017-5507.patch
new file mode 100644
index 000000000..dd93ef530
--- /dev/null
+++ b/debian/patches/CVE-2017-5507.patch
@@ -0,0 +1,43 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Fri, 27 Jan 2017 17:02:40 +0100
+Subject: CVE-2017-5507
+
+We can drop the full second hunk of the upstream fix since the resouce
+framework is not there and SetImageExtent (besides the pixel cache
+handling that we want to skip) only verifies that rows and cols are != 0
+which is done in ReadMPCImage already.
+
+Upstream-commit: 4493d9ca1124564da17f9b628ef9d0f1a6be9738
+Closes: #851382
+---
+ coders/mpc.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/coders/mpc.c b/coders/mpc.c
+index 6c3207c..443542e 100644
+--- a/coders/mpc.c
++++ b/coders/mpc.c
+@@ -825,7 +825,9 @@ static Image *ReadMPCImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ /*
+ Create image colormap.
+ */
+- if (AcquireImageColormap(image,image->colors) == MagickFalse)
++ image->colormap=(PixelPacket *) AcquireQuantumMemory(image->colors+1,
++ sizeof(*image->colormap));
++ if (image->colormap == (PixelPacket *) NULL)
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+ if (image->colors != 0)
+ {
+@@ -914,12 +916,6 @@ static Image *ReadMPCImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0))
+ if (image->scene >= (image_info->scene+image_info->number_scenes-1))
+ break;
+- status=SetImageExtent(image,image->columns,image->rows);
+- if (status == MagickFalse)
+- {
+- InheritException(exception,&image->exception);
+- return(DestroyImageList(image));
+- }
+ /*
+ Attach persistent pixel cache.
+ */
diff --git a/debian/patches/CVE-2017-5508.patch b/debian/patches/CVE-2017-5508.patch
new file mode 100644
index 000000000..ee1660619
--- /dev/null
+++ b/debian/patches/CVE-2017-5508.patch
@@ -0,0 +1,26 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Fri, 27 Jan 2017 17:02:40 +0100
+Subject: CVE-2017-5508
+
+Upstream-Commit: 379e21cd32483df6e128147af3bc4ce1f82eb9c4
+Closes: #851381
+---
+ coders/tiff.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index ca6d774..8a831ae 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1254,8 +1254,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+ method=ReadTileMethod;
+ quantum_info->endian=LSBEndian;
+ quantum_type=RGBQuantum;
+- tiff_pixels=(unsigned char *) AcquireMagickMemory(TIFFScanlineSize(tiff)+
+- sizeof(uint32));
++ tiff_pixels=(unsigned char *) AcquireMagickMemory(MagickMax(
++ TIFFScanlineSize(tiff),(size_t) (image->columns*samples_per_pixel*
++ pow(2.0,ceil(log(bits_per_sample)/log(2.0))))));
+ if (tiff_pixels == (unsigned char *) NULL)
+ {
+ TIFFClose(tiff);
diff --git a/debian/patches/CVE-2017-5510.patch b/debian/patches/CVE-2017-5510.patch
new file mode 100644
index 000000000..aac0597ed
--- /dev/null
+++ b/debian/patches/CVE-2017-5510.patch
@@ -0,0 +1,23 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Fri, 27 Jan 2017 17:02:40 +0100
+Subject: CVE-2017-5510
+
+Upstream commit: e87af64b1ff1635a32d9b6162f1b0e260fb54ed9
+Closes: #851376
+---
+ coders/psd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/psd.c b/coders/psd.c
+index 2001aa8..98725bb 100644
+--- a/coders/psd.c
++++ b/coders/psd.c
+@@ -1790,7 +1790,7 @@ static void WriteOneChannel(const PSDInfo *psd_info,const ImageInfo *image_info,
+ ? MagickTrue : MagickFalse;
+ packet_size=next_image->depth > 8UL ? 2UL : 1UL;
+ (void) packet_size;
+- quantum_info=AcquireQuantumInfo(image_info,image);
++ quantum_info=AcquireQuantumInfo(image_info,next_image);
+ pixels=GetQuantumPixels(quantum_info);
+ for (y=0; y < (ssize_t) next_image->rows; y++)
+ {
diff --git a/debian/patches/CVE-2017-5511.patch b/debian/patches/CVE-2017-5511.patch
new file mode 100644
index 000000000..68ec77cda
--- /dev/null
+++ b/debian/patches/CVE-2017-5511.patch
@@ -0,0 +1,22 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Fri, 27 Jan 2017 17:02:40 +0100
+Subject: CVE-2017-5511
+
+Upstream-Commit: 7d65a814ac76bd04760072c33e452371692ee790
+Closes: #851374
+---
+ coders/psd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/coders/psd.c b/coders/psd.c
+index 98725bb..4b7d23c 100644
+--- a/coders/psd.c
++++ b/coders/psd.c
+@@ -1182,6 +1182,7 @@ static Image *ReadPSDImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ Layer name.
+ */
+ length=(size_t) ReadBlobByte(image);
++ length=(size_t) (unsigned char) ReadBlobByte(image);
+ for (j=0; j < (ssize_t) length; j++)
+ layer_info[i].name[j]=(unsigned char) ReadBlobByte(image);
+ layer_info[i].name[j]='\0';
diff --git a/debian/patches/series b/debian/patches/series
index 3f101a98d..36eea6b42 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
-# debian/source/git-patches exported from git by quilt-patches-deb-export-hook
0001-Fix-CVE-2012-3437-ImageMagick-Magick_png_malloc-size.patch
0002-Fix-security-bug-685903-libmagick-5-Fails-an-asserti.patch
0003-Fix-security-bug-685903-libmagick-5-Fails-an-asserti.patch
@@ -104,7 +103,6 @@ CVE-2016-4563.patch
0123-Bug-833730-Prevent-buffer-overflow-in-draw.c.patch
0124-Bug-833735-Fix-loading-arbitrary-module-from-user-side.patch
0125-CVE-2016-7799.patch
-0127-CVE-2016-8677.patch
0128-CVE-2016-8707.patch
0129-CVE-2016-8862.patch
0130-CVE-2016-9556.patch
@@ -120,3 +118,12 @@ CVE-2016-4563.patch
0139-Bug-845244-Added-check-for-invalid-number-of-frames-in-mat-file.patch
0140-Bug-845246-Partial-fix-for-out-of-bound-access-of-mat-file.patch
0141-Bug-845196-Check-return-of-write-function-bis.patch
+0162-CVE-2016-8677-Memory-allocate-failure-in-AcquireQuantumPixels.patch
+CVE-2016-10144.patch
+CVE-2016-10145.patch
+CVE-2016-10146.patch
+CVE-2017-5506.patch
+CVE-2017-5507.patch
+CVE-2017-5508.patch
+CVE-2017-5510.patch
+CVE-2017-5511.patch
Reply to: