[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#845308: RFS [RC][Security]: imagemagick/8:6.8.9.9-5+deb8u6



Package: sponsorship-requests
X-Debbugs-CC: team@security.debian.org
Severity: important
  Dear mentors,

  I am looking for a sponsor for my package "imagemagick"

 * Package name    : imagemagick
   Version         : 8:6.8.9.9-5+deb8u6
   Section         : graphics

  It builds those binary packages:

    imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics
routines -- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick
- header files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick
- development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library --
quantum depth Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library -
extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library -
development files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for
development files
 perlmagick - Perl interface to ImageMagick -- transition package

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/imagemagick


  Alternatively, one can download the package with dget using this command:

    dget -x https://mentors.debian.net/debian/pool/main/i/imagemagick/imagemagick_6.8.9.9-5+deb8u6.dsc

This fix all opened security bug against jessie except CVE-2016-8862
and CVE-2016-8678, where I am waiting more information from upstream,
and that are more succeptible of trouble (first fix has done a
regression). I prefer to release early instead of getting a patch
queue of more than 50 fixes like in the beginning of this year.
Release often, release early

  Changes since the last upload:

 imagemagick (8:6.8.9.9-5+deb8u6) jessie-security; urgency=medium

  * Fix CVE-2016-7799: global buffer overflow.  (Closes: #840437).
  * Fix CVE-2016-7906: use after free.  (Closes: #840435).
  * Fix a TIFF file buffer overflow. (Closes: #845195).
  * Check return of fputc during TIFF file writing.
    (Closes: #845196).
  * Prevent buffer overflow by checking image extend
    for TIFF (Closes: #845198).
  * Avoid a out of bound read in VIFF file handler.
    (Closes: #845212 and LP: #1545183).
  * Avoid a DOS by not allowing too deep nested exception.
    (Closes: #845213).
  * Better check for buffer overflow in TIFF files
    handling.  (Closes: #845202).
  * Fix CVE-2016-8677: memory allocate failure in AcquireQuantumPixels
    (Closes: #845206).
  * Prevent fault in MSL interpreter. (Closes: #845242).
  * Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray
    (Closes: #845242)
  * Fix null pointer dereference in TIFF file handling.
    (Closes: #845243).
  * Added check for invalid number of frames in mat file
    (Closes: #845244).
  * Fix an out of bound read in mat file due to insuffisant allocation.
    (Closes: #845246).

 -- Bastien Roucariès <roucaries.bastien+debian@gmail.com>  Mon, 21
Nov 2016 22:04:16 +0100



  Regards,
   bastien roucaries


Reply to: