-
imagemagick (7:6.2.4.5.dfsg1-0.14ubuntu0.2) feisty-security; urgency=low
* SECURITY UPDATE: multiple heap overflow vulnerabilities could lead
to remote code execution.
* Thanks to Jonathan Smith and Daniel Kobras for backported patches:
- magick/memory.c,magick/memory_.h,magick/methods.h: Add new allocator
wrapper AcquireQuantumMemory() to prevent potential integer overflows.
Backport from upstream version 6.3.5.9.
- magick/image.c: Backport new implementation of SetImageExtent() from
upstream version 6.3.5.9.
- coders/dcm.c,coders/xcf.c: Fix integer overflow in DCM and XCF coders.
(CVE-2007-4985) Backport of upstream patch from version 6.3.5.9.
- coders/dcm.c,coders/dib.c,coders/xbm.c,coders/xcf.c,coders/xwd.c:
Fix multiple integer overflows in DCM, DIB, XBM, XCF, and XWD coders.
(CVE-2007-4986 and CVE-2007-4988) Based on upstream patch from
version 6.3.5.9.
- magick/blob.c: Fix fencepost error in ReadBlobString()
(CVE-2007-4987) Backport of upstream patch from version 6.3.5.9.
- coders/dib.c: Ensure positive value for image rows and columns.
Based on upstream patch from version 6.3.5.9.
-- Kees Cook <email address hidden> Tue, 02 Oct 2007 14:19:08 -0700
-
imagemagick (7:6.2.4.5.dfsg1-0.14ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via multiple integer overflows.
* coders/dcm.c: fixes from Debian (CVE-2007-1797)
* coders/xwd.c: fixes from Debian (CVE-2007-1667, CVE-2007-1797)
* coders/{icon,pcx,pict,png,pnm,sig,sun,viff,xwd}.c: crashes fixed.
-- Kees Cook <email address hidden> Mon, 09 Jul 2007 04:06:32 -0700
-
imagemagick (7:6.2.4.5.dfsg1-0.14) unstable; urgency=high
* Non-maintainer upload.
* coders/palm.c: Fix regression introduced in patch for CVE-2006-5456.
Avoid bogus second read in macro call. Patch thanks to Vladimir
Nadvornik. (CVE-2007-0770) Closes: #410435
-- Kees Cook <email address hidden> Fri, 16 Feb 2007 09:52:27 +0000
-
imagemagick (7:6.2.4.5.dfsg1-0.13) unstable; urgency=high
* Non-maintainer upload.
* coders/png.c: Fix amd64 build failure with recent libpng versions.
Closes: #401047
* debian/control: Tighten libpng12-dev build-dependency to exclude versions
that are known to fail to link even with the above fix in place.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 14 Dec 2006 12:01:14 +0000
-
imagemagick (7:6.2.4.5.dfsg1-0.12) unstable; urgency=high
* Non-maintainer upload.
* debian/control: Add build dependency on libxt-dev and pkg-config to
make dependency list deterministic.
* debian/control: libmagick9-dev depends on libxt-dev.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 06 Dec 2006 13:00:55 +0000
-
imagemagick (7:6.2.4.5.dfsg1-0.11) unstable; urgency=high
* Non-maintainer upload.
* coders/dcm.c, coders/palm.c: Fix buffer overflows in DCM and Palm coders.
Patches thanks to M Joonas Pihlaja. Closes: #393025
* coders/sgi.c: Put back missing initialisation of loop variable that
was erroneously removed in fix for CVE-2006-4144. Spotted by
Martin Pitt. Closes: #383314
* coders/sgi.c: Fix off-by-one error in boundary check causing slightly
garbled image output. Also introduced in fix for for CVE-2006-4144.
* coders/xpm.c: Do not gratuitously limit the allowed number of
bytes per pixel. Patch thanks to Jens Seidel. Closes: #358148
* magick/display.c: Fix NULL pointer dereference in display's
"Visual Directory". Patch thanks to Frédéric Bothamy. Closes: #360400
* utilities/ImageMagick.1.in: Replace UTF-8 encoded characters with
latin1 equivalents to placate lintian.
* debian/control: perlmagick provides libimage-magick-perl to comply
with Perl policy. Closes: #317083
* debian/control: Add gs-gpl build dependency, used in testsuite.
* debian/control: Tries hard to comply with version 3.7.2 of Debian
policy.
* debian/rules: Eliminate -l entries that slipped into --ldflags output.
They're already present in --libs anyway. Closes: #340401
* debian/rules: Run the testsuite, but don't treat failures as fatal
errors for now.
* debian/rules: At configure time, change X11 search paths to X11R7
locations.
* debian/rules: Remove duplicate of license file from imagemagick
package.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 07 Nov 2006 02:00:36 +0000
-
imagemagick (7:6.2.4.5.dfsg1-0.10build1) feisty; urgency=low
* Rebuild for ldbl128 change on powerpc and sparc.
-- Matthias Klose <email address hidden> Thu, 2 Nov 2006 10:12:46 +0000
-
imagemagick (7:6.2.4.5.dfsg1-0.10) unstable; urgency=high
* Non-Maintainer Upload
* Fix buffer overflow in SGI parser [CVE-2006-4144] (closes: #383314)
Thanks to Daniel Kobras
* Fix double free in ICC profile in PerlMagick (closes: #349264)
* Fix incomaptibility with graphviz >= 2.8 and build-depend on an
appropriate version (closes: #360362)
* Fix XCF and Sun Raster File buffer overflows [CVE-2006-3743/-3744]
(closes: #385062)
-- Colin Watson <email address hidden> Thu, 21 Sep 2006 10:09:42 +0100