imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5) jammy-security; urgency=medium
* SECURITY UPDATE: DoS while processing crafted SVG files
- debian/patches/CVE-2023-1289-prepatch.patch: recursion detection
framework.
- debian/patches/CVE-2023-1289.patch: erecursion detection
- d/p/0077-CVE-2023-1289-recursion-detection-fail.patch: recursion detection
fail
- d/p/0078-improved-fix-for-possible-DoS-for-certain-SVG-constr.patch:
improved fix for possible DoS for certain SVG constructs
- debian/patches/0079-permit-compositing-MPRI-images.patch: permit
compositing MPRI images.
- d/p/0080-VID-images-not-permitted-when-compositing.patch: VID images not
permitted when compositing.
- d/p/0081-do-not-composite-SVG-to-avoid-possible-recursion.patch: do not
composite SVG to avoid possible recursion.
- CVE-2023-1289
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2023-34151*.patch: properly cast double to size_t
- debian/patches/CVE-2023-34151-prepatch.patch: improved range checking.
- debian/patches/CVE-2023-34151-prepatch-2.patch: add additional checks for
casting double to size_t
- debian/patches/CVE-2023-34151.patch: properly cast double to size_t.
- d/p/0069-CVE-2023-34151-properly-cast-double-to-size_t.patch: properly
cast double to size_t
- debian/patches/0070-CVE-2023-34151.patch: magick produces incorrect
result possibly due to overflow.
- debian/patches/0072-CVE-2023-34151.patch: improved range checking
- debian/patches/0073-check-for-value-0-ceil-not-required.patch: check for
value < 0, ceil() not required
- d/p/0074-fix-undefined-behaviors-when-casting-double-to-size_.patch: fix
undefined behaviors when casting double to size_t
- d/p/0075-use-a-different-path-for-positive-and-negative-value.patch: use
a different path for positive and negative values
- d/p/0076-use-instead-to-work-around-precision-limitations-of-.patch: use
>= instead to work around precision limitations of a double.
- CVE-2023-34151
* Other security fixes:
- debian/patches/0063-Added-check-for-invalid-size.patch: Added check for
invalid size.
- debian/patches/0064-improve-BMP-error-checking.patch: improve BMP
error checking.
- d/p/0071-incorrect-bounds-checking-for-draw-affine-https-gith.patch:
incorrect bounds checking for draw affine
- debian/patches/0082-recursion-detection-framework.patch: recursion
detection framework.
- debian/patches/0083-Fixed-memory-leak.patch: Fixed memory leak.
-- Paulo Flabiano Smorigo <pfsmorigo@canonical.com> Fri, 19 Jul 2024 17:37:45 -0300
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY REGRESSION: Revert additional mitigation.
- debian/patches/CVE-2022-44267_44268-3.patch: Remove bad mitigation via
a policy file.
-- Paulo Flabiano Smorigo <pfsmorigo@canonical.com> Thu, 30 Mar 2023 12:45:39 -0300
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Additional fix from previous release
- debian/patches/CVE-2022-44267_44268-1.patch: Renamed from
debian/patches/CVE-2022-44267.patch.
- debian/patches/CVE-2022-44267_44268-2.patch: Renamed from
debian/patches/CVE-2022-44268.patch.
- debian/patches/CVE-2022-44267_44268-3.patch: Additional mitigation.
- CVE-2022-44267
- CVE-2022-44268
-- Paulo Flabiano Smorigo <pfsmorigo@canonical.com> Wed, 15 Mar 2023 12:31:28 -0300
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2022-44267.patch: possible DoS @ stdin (OCE-
2022-70); possible arbitrary file leak (OCE-2022-72) (LP: #2004580)
- CVE-2022-44267
* SECURITY UPDATE: Information Disclosure
- debian/patches/CVE-2022-44268.patch: move -set profile handler to CLI
- CVE-2022-44268
-- Paulo Flabiano Smorigo <pfsmorigo@canonical.com> Fri, 24 Feb 2023 11:40:25 -0300
imagemagick (8:6.9.11.60+dfsg-1.3build2) jammy; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <doko@ubuntu.com> Sun, 06 Feb 2022 13:53:27 +0100
imagemagick (8:6.9.11.60+dfsg-1.3build1) jammy; urgency=medium
* No-change rebuild against latest libwebp
-- Jeremy Bicha <jeremy.bicha@canonical.com> Tue, 01 Feb 2022 21:57:31 -0500
imagemagick (8:6.9.11.60+dfsg-1.3) unstable; urgency=medium
* Non-maintainer upload.
* autopkgtest: Drop PDF related tests which will fail after disabling
ghostscript handled formats by default (Closes: #987247)
-- Salvatore Bonaccorso <carnil@debian.org> Tue, 20 Apr 2021 16:37:59 +0200
imagemagick (8:6.9.11.60+dfsg-1.2) unstable; urgency=medium
* Non-maintainer upload.
* Disable ghostscript handled formats based on -SAFER insecurity
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 19 Apr 2021 20:16:51 +0200
imagemagick (8:6.9.11.60+dfsg-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Import upstream patch to fix font size (Closes: #980202).
-- Jochen Sprickerhof <jspricke@debian.org> Tue, 13 Apr 2021 20:58:45 +0200
imagemagick (8:6.9.11.60+dfsg-1) unstable; urgency=high
* New upstream version
- Bug fix: "gscan2pdf tests fail", thanks to Sergio Durigan Junior
(Closes: #980202).
-- Bastien Roucariès <rouca@debian.org> Mon, 01 Feb 2021 16:22:02 +0000
# For older changelog entries, run 'apt-get changelog libmagickcore-6.q16-6'
Generated by dwww version 1.14 on Wed Jan 22 13:49:59 CET 2025.