Bug#845308: RFS [RC][Security]: imagemagick/8:6.8.9.9-5+deb8u6
Package: sponsorship-requests
X-Debbugs-CC: team@security.debian.org
Severity: important
Dear mentors,
I am looking for a sponsor for my package "imagemagick"
* Package name : imagemagick
Version : 8:6.8.9.9-5+deb8u6
Section : graphics
It builds those binary packages:
imagemagick - image manipulation programs -- binaries
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics
routines -- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick
- header files
libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick
- development files
libmagick++-dev - object-oriented C++ interface to ImageMagick
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library --
quantum depth Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library -
extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library -
development files (Q16)
libmagickcore-dev - low-level image manipulation library -- transition package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library - transition for
development files
perlmagick - Perl interface to ImageMagick -- transition package
To access further information about this package, please visit the
following URL:
https://mentors.debian.net/package/imagemagick
Alternatively, one can download the package with dget using this command:
dget -x https://mentors.debian.net/debian/pool/main/i/imagemagick/imagemagick_6.8.9.9-5+deb8u6.dsc
This fix all opened security bug against jessie except CVE-2016-8862
and CVE-2016-8678, where I am waiting more information from upstream,
and that are more succeptible of trouble (first fix has done a
regression). I prefer to release early instead of getting a patch
queue of more than 50 fixes like in the beginning of this year.
Release often, release early
Changes since the last upload:
imagemagick (8:6.8.9.9-5+deb8u6) jessie-security; urgency=medium
* Fix CVE-2016-7799: global buffer overflow. (Closes: #840437).
* Fix CVE-2016-7906: use after free. (Closes: #840435).
* Fix a TIFF file buffer overflow. (Closes: #845195).
* Check return of fputc during TIFF file writing.
(Closes: #845196).
* Prevent buffer overflow by checking image extend
for TIFF (Closes: #845198).
* Avoid a out of bound read in VIFF file handler.
(Closes: #845212 and LP: #1545183).
* Avoid a DOS by not allowing too deep nested exception.
(Closes: #845213).
* Better check for buffer overflow in TIFF files
handling. (Closes: #845202).
* Fix CVE-2016-8677: memory allocate failure in AcquireQuantumPixels
(Closes: #845206).
* Prevent fault in MSL interpreter. (Closes: #845242).
* Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray
(Closes: #845242)
* Fix null pointer dereference in TIFF file handling.
(Closes: #845243).
* Added check for invalid number of frames in mat file
(Closes: #845244).
* Fix an out of bound read in mat file due to insuffisant allocation.
(Closes: #845246).
-- Bastien Roucariès <roucaries.bastien+debian@gmail.com> Mon, 21
Nov 2016 22:04:16 +0100
Regards,
bastien roucaries
Reply to: