imagemagick: CVE-2017-14989

Debian Bug report logs - #878562
imagemagick: CVE-2017-14989

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: imagemagick: CVE-2017-14989

Date: Sat, 14 Oct 2017 18:49:39 +0200

Source: imagemagick
Version: 8:6.8.9.9-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/781

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14989[0]:
| A use-after-free in RenderFreetype in MagickCore/annotate.c in
| ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a
| crafted font file, because the FT_Done_Glyph function (from FreeType 2)
| is called at an incorrect place in the ImageMagick code.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14989
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14989
[1] https://github.com/ImageMagick/ImageMagick/issues/781

Regards,
Salvatore

Message #14 received at 878562-close@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@debian.org>

To: 878562-close@bugs.debian.org

Subject: Bug#878562: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3

Date: Sat, 18 Nov 2017 21:03:47 +0000

Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878562@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
 libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 873099 873134 876097 876488 878507 878508 878527 878562 878578
Changes:
 imagemagick (8:6.9.7.4+dfsg-11+deb9u3) stretch-security; urgency=medium
 .
   * CVE-2017-12983 (Closes: #873134)
   * CVE-2017-13134 (Closes: #873099)
   * CVE-2017-13758 (Closes: #878508)
   * CVE-2017-13769 (Closes: #878507)
   * CVE-2017-14224 (Closes: #876097)
   * CVE-2017-14607 (Closes: #878527)
   * CVE-2017-14682 (Closes: #876488)
   * CVE-2017-14989 (Closes: #878562)
   * CVE-2017-15277 (Closes: #878578)
Checksums-Sha1:
 86f3d577faaaa08289149b64a159f9d0cda2ac1a 5165 imagemagick_6.9.7.4+dfsg-11+deb9u3.dsc
 57bb2fa01126dbd761f3db8c8434b20af9faff86 241124 imagemagick_6.9.7.4+dfsg-11+deb9u3.debian.tar.xz
 a56f17ecc707f5c00b5b22507649f885040bb0c1 184350 imagemagick-6-common_6.9.7.4+dfsg-11+deb9u3_all.deb
 ff41a9474a2de3cefda67711182e0a8b071259b3 7523852 imagemagick-6-doc_6.9.7.4+dfsg-11+deb9u3_all.deb
 2889f5509546060b9ba5c19168b4412b56b9cc41 92424 imagemagick-6.q16-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 4c888be14dcc4d40c7315dd8149ee4de441a36c6 562628 imagemagick-6.q16_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 6239453418f0093c64406bf8c4f7a8381d82bd7a 92436 imagemagick-6.q16hdri-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 ad2e98f278ae08e6cff29c19f26a52aea9e804a2 562854 imagemagick-6.q16hdri_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 d7089838bb295b418cc17c64c0f0106cfcde80ba 1410 imagemagick-common_6.9.7.4+dfsg-11+deb9u3_all.deb
 9d69f17cca38d7261764a4bc9eb4ed16d9735c74 1456 imagemagick-doc_6.9.7.4+dfsg-11+deb9u3_all.deb
 ba2801b257b024d7ac3fd9e246ec3aa4a11cd9a2 29273 imagemagick_6.9.7.4+dfsg-11+deb9u3_amd64.buildinfo
 41f7022bad019840f7239222fd3a9245cf6b4535 141180 imagemagick_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 3f8c181477a34516c648f2bc9568cf511da02505 53320 libimage-magick-perl_6.9.7.4+dfsg-11+deb9u3_all.deb
 3bf6360cdb8d85659769255c3d6110d981172f6d 189184 libimage-magick-q16-perl-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 dc4bcdca2f3c90d4d9aaaed619473fecdd7e4ec1 224524 libimage-magick-q16-perl_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 297e88680993d9c24f25b5aa17ad36fa9fd8d925 188150 libimage-magick-q16hdri-perl-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 d3734822b5de19c6bbd4faa468073c2305194e92 224192 libimage-magick-q16hdri-perl_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 eb6b4047b81ac18659f46244ff95d9afc12cfe25 47110 libmagick++-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 6273d7c37d4911da834856e7ef5bbb5be59206dc 985332 libmagick++-6.q16-7-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 4515f4060e220b66650310de29e9d0a94176dc6d 272590 libmagick++-6.q16-7_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 6ad497808c8144f0de2c0de116d038425da38d5d 246048 libmagick++-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 34cc8656735dc216b5876cb2f3ae71ca21dc83ff 984180 libmagick++-6.q16hdri-7-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 cb4336f3a99d805bdcf503a8b1e1cd030fe81e73 257290 libmagick++-6.q16hdri-7_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 cf7616f728285e5b403d5159788062f65c64f78a 246270 libmagick++-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 d4f35caa8b7bc2904957a7bf9cc341fd2abaa58a 1292 libmagick++-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 1b23f503262a22efa95e7415fa565623b4411ff4 148620 libmagickcore-6-arch-config_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 e3dfbf09899492deea76eebdb072094b1c0df47d 46978 libmagickcore-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 cfabc405cf8fbc0879ca5ef89d66468969996d7b 4449148 libmagickcore-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 2ba2cf277d78d66d960722b7f0335513207105eb 174316 libmagickcore-6.q16-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 ea5aaf121cb7c7777d2ed419882b0ff10931611c 190176 libmagickcore-6.q16-3-extra_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 a5393bcca09eff1a6255e3ee18f70131d23f2443 1741248 libmagickcore-6.q16-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 40a8486a33a2fd0256eb31a80cc8f8b2eb599a41 1093628 libmagickcore-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 4ae5df86fd97b1eea8cfb3133ece2935823424ae 4428696 libmagickcore-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 b3cfcba8bd602441a11ca90fb7dcaf12f3a1cc76 174052 libmagickcore-6.q16hdri-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 29d74fbc846c4e14b839c88b5e4b2cb5f3f8fe94 190146 libmagickcore-6.q16hdri-3-extra_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 6ea73810ca8bb535495580d9a5886b16bb9662e8 1748416 libmagickcore-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 bcc7926535f955334f53fcf4884212a7032de8be 1088508 libmagickcore-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 713cbf5e9eb46f90b3530e377fc3fc04a674d6b2 1258 libmagickcore-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 dee41e9878bd8fcbdf33333c6225c5ebd4f06913 10474 libmagickwand-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 89140b9c1b649ef5364db29ac2f31ffbdf6bd7dd 672622 libmagickwand-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 16c726169916efaf31d6853bdfdbd7a5445b7492 422362 libmagickwand-6.q16-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 012d93187b7619fdaa69a55443891e2e92b024bf 417824 libmagickwand-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 cd09e81c573ce8483cb10728c3da964be98a556f 669030 libmagickwand-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 faaeb0c22b52223bc8f2de298d6206e4dba4c6d1 421024 libmagickwand-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 3d91bee12ab1ac8d27e196fdb25ddbfd7577b850 416654 libmagickwand-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 71b20903c68f200f46e19254ea89153cfe56ad28 1250 libmagickwand-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 e8c2ce6ddb6208f8eb17e78e82412d602147bd56 1270 perlmagick_6.9.7.4+dfsg-11+deb9u3_all.deb
Checksums-Sha256:
 1869d0b2893a136ed446a82893a88df542b96a8c18650e5747c7aa6da73a18e1 5165 imagemagick_6.9.7.4+dfsg-11+deb9u3.dsc
 5df673f11a84765d304c4de7dfeba66da0f7ca86d27322772a3adb22cd402bec 241124 imagemagick_6.9.7.4+dfsg-11+deb9u3.debian.tar.xz
 b38fd2fda86ed0b7967014278da482533615a3a08fade9b09e3df48ebd6c17ee 184350 imagemagick-6-common_6.9.7.4+dfsg-11+deb9u3_all.deb
 6bcda7df86c65d99658beac9f3b6958b99f6b38a6faa7e1981041a3651ee8d05 7523852 imagemagick-6-doc_6.9.7.4+dfsg-11+deb9u3_all.deb
 93e4b54b67784ca4747c71f215f48dec3ef3dcd809c16d318709ea088e8d1f1d 92424 imagemagick-6.q16-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 419369555911ec76be476b6250cfaf7c60d6c04c8da46149a29cecf8a60f6f26 562628 imagemagick-6.q16_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 4202f28e93caa7119f7fabc6c78fde302de8e3c35a557098449985d482f51342 92436 imagemagick-6.q16hdri-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 97d3f2dfd1b9d20577a5c56bc617a64a1c8efd3b646a5d6db5e5316cca6ea732 562854 imagemagick-6.q16hdri_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 e0841de850e2b4611ef93b5b59a094be8aa6efef8dc832cd559d239df1cb3dae 1410 imagemagick-common_6.9.7.4+dfsg-11+deb9u3_all.deb
 58815877e33cd05190c1ce819f578fd6382d1e15931ccd0087450a5122e15f2a 1456 imagemagick-doc_6.9.7.4+dfsg-11+deb9u3_all.deb
 cedc2b7c1668846792e5f1541034f6bcf119b576f35e01327fd99b6811c30dbb 29273 imagemagick_6.9.7.4+dfsg-11+deb9u3_amd64.buildinfo
 7d9da7375698cdfba7278b9a92679b7a40f8bca41f435acfc7611f64e6e6816c 141180 imagemagick_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 d0299fde5a1e2d3593da3f8a9d3c8185ea5021f35390a21e7e683b983fad45d1 53320 libimage-magick-perl_6.9.7.4+dfsg-11+deb9u3_all.deb
 22aa904e72863a766f5c7faf8563131840e710eae712574e3b2176904e636d65 189184 libimage-magick-q16-perl-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 255219a5d144be14001b164b033c1d9bddf1d48446c253ecc4f6e91727b7dbaa 224524 libimage-magick-q16-perl_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 e80d5eeebc5f9e23fc4b00df9c6afaf23e468241ce2611d94f2a965d636bd8b2 188150 libimage-magick-q16hdri-perl-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 acdbafe3260a22befd07dcaf0208f34cc7d569826db7387907918f6e22e22e5b 224192 libimage-magick-q16hdri-perl_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 331ac09ce0f87f69f45174755064afeae1ab37aa079902bb3c24018f5e98883c 47110 libmagick++-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 31367fe31a575f481cc06598156f96b1f2fa5df1a0430f6f69ea85090b6c0d7a 985332 libmagick++-6.q16-7-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 9312cb6b277b24a8d8d2c646f1acab51e63aaca3626ad467ca797f68eefe3c62 272590 libmagick++-6.q16-7_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 6b4dbf3ca855b22ccbc3136b495c4d3154027c078f0d5a5a503c2551d9e5703b 246048 libmagick++-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 9328a1a0530acbbfc022abdea8988eae3bf678cabaab70be4c2035984a676258 984180 libmagick++-6.q16hdri-7-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 24adcba003196c7a6f2906e55e06f2b9b4af3a597b9983aaaa391c86a64e3335 257290 libmagick++-6.q16hdri-7_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 e83323f07ba8e88ff893f8b2910126b44a852ef8368bfb61969dca98b08608af 246270 libmagick++-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 12f64ee1498e6f4f1958219264d2d6db984b12de26a4dd1c39efd8b79d392630 1292 libmagick++-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 8c0a70a95d80e12136023dedca81acc3ed31d959a90233befb238a8aa15b8b4e 148620 libmagickcore-6-arch-config_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 0697968e7c5ee9b314a28d1cb834c628c0e2ef737cf07fce3a5526117eb4342a 46978 libmagickcore-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 e686a90e60c6173761adac37a99719c641ec8846487352aade8efc32987806d8 4449148 libmagickcore-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 97e536a1370f4d353d964b7be7bbd3bd17157cb5b0111b5d2373dd15ce523bca 174316 libmagickcore-6.q16-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 cb38cefd5251f64f7252c4817ed91372360cb93e827a9cd3157a203f74577482 190176 libmagickcore-6.q16-3-extra_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 a98ea8cbdda4a7c1b9b155f7d4ac5f7dd9a292901aa3b0dbcab1028c4ae35f47 1741248 libmagickcore-6.q16-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 5c5045ca4f9319f2cc4829a9816b0297e1a2a911742352a035c6707f15723d3c 1093628 libmagickcore-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 86899e73af1c57ace4e82a09d40a2f7c33d39712139bf74d3a3a1dad0ee104bb 4428696 libmagickcore-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 b019a0d85e6109928f5152f6036de8d9e3ac12be15c91b4c21982a63e7108a7b 174052 libmagickcore-6.q16hdri-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 c816d9815693d2961eb65f384e47596d0b5292012e43ed2ac6ff2185760e2099 190146 libmagickcore-6.q16hdri-3-extra_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 8ff7080c777c02bd3e9d8a085192ed048cd6f19ffd9f382c1c037e88daa4707c 1748416 libmagickcore-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 b2fc4303e3d4640010cacd3dac3f597e12f17421bdb58a4d641079cb9581d8c1 1088508 libmagickcore-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 b3eb92d5c3a9956a2c17cedd825ed38ba1e2ceef31af44816f7c3fb425046356 1258 libmagickcore-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 30b739c82c2695f6e83e11f984c78746ddcd515dafc36b1c5742a78d9b711d66 10474 libmagickwand-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 33731ac63a1d929ec47e294db39ca87440d514146813403ba9fb27c6703a6db5 672622 libmagickwand-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 613c52f216ade9eb9081889174a4e7405b8412af2e06677bed3bd6e6b0ec0389 422362 libmagickwand-6.q16-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 f8c729f8a25e183bbfdc6ce16d23dd0ad911b7f8742f76dff8a2f25e6d27c816 417824 libmagickwand-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 26318fbd169c45b39541ebdfc536c2464485f931b64c85dfc93bc67d0d877f0c 669030 libmagickwand-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 81b66d06fac7c11efe79f45562dbc162985c0f496a447f8df1c9e4dd26b03e2e 421024 libmagickwand-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 d8e11688c0ea2de1022a7070ff5d1fd86d721e2d05e458ae3c0a6438c05b8e7f 416654 libmagickwand-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 51ee8b70ea5d2dd5baf7c3dc3270f4d831e179710facfc2ddb2c2e6baef64164 1250 libmagickwand-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 284c286c9dcf32bd19eda8440afa19b7872a9c70e88db237fec9d62aca773c87 1270 perlmagick_6.9.7.4+dfsg-11+deb9u3_all.deb
Files:
 ec6b02ad99a63daee29a421c4b3e25d1 5165 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u3.dsc
 b85005fbccc084eacf7409ceeaad8dce 241124 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u3.debian.tar.xz
 b0e56d04d9fbb2a870498c41fa278f16 184350 graphics optional imagemagick-6-common_6.9.7.4+dfsg-11+deb9u3_all.deb
 bb7c5434e51d5696170c5819325b6707 7523852 doc optional imagemagick-6-doc_6.9.7.4+dfsg-11+deb9u3_all.deb
 6b51358dea0d0c098d1a5c252cff2ac1 92424 debug extra imagemagick-6.q16-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 d2abfb5a0a8db857ffe13a53a3d37f26 562628 graphics optional imagemagick-6.q16_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 8c3b77110a65f16952ef7c8226f5f408 92436 debug extra imagemagick-6.q16hdri-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 45c560b101b19f1464fa6e9e59b3bd5a 562854 graphics optional imagemagick-6.q16hdri_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 b7a11fc95c2348f211da9ab551d446d1 1410 oldlibs extra imagemagick-common_6.9.7.4+dfsg-11+deb9u3_all.deb
 42e49cd7f6c9fa20a0f705701e861da2 1456 oldlibs extra imagemagick-doc_6.9.7.4+dfsg-11+deb9u3_all.deb
 975b74a98eb683d6f5c4650b140c924c 29273 graphics optional imagemagick_6.9.7.4+dfsg-11+deb9u3_amd64.buildinfo
 55b54d576cf01cf5a8494207accd4da2 141180 oldlibs extra imagemagick_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 a4d2d68a74861b2cba47ee3a0121f0f3 53320 perl optional libimage-magick-perl_6.9.7.4+dfsg-11+deb9u3_all.deb
 47d43173ffcd8001536235427ff405ce 189184 debug extra libimage-magick-q16-perl-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 b01e43cde393f18df26e322ca73643d3 224524 perl optional libimage-magick-q16-perl_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 0c1f9974ea427b38b4b7ecf6aa00b04c 188150 debug extra libimage-magick-q16hdri-perl-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 2477a2815bfeb32687a6b77fbf43e8df 224192 perl optional libimage-magick-q16hdri-perl_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 3289fc56b4aaf991a82164bfb2686ced 47110 libdevel optional libmagick++-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 c1c93e9761a52130daab84e743f900f0 985332 debug extra libmagick++-6.q16-7-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 1b1e6f93dca7153e0b7541327255306f 272590 libs optional libmagick++-6.q16-7_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 c66c9da5e04a296a1d29c8415379b590 246048 libdevel optional libmagick++-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 9430aff974544a3d836f466f36244faf 984180 debug extra libmagick++-6.q16hdri-7-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 33f1edb1498a3e20d29e31e7932708c0 257290 libs optional libmagick++-6.q16hdri-7_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 091bd38448a0a06bd08fb92e9fd88651 246270 libdevel optional libmagick++-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 4fc9bde00200bdd30819dbdcc922cad6 1292 oldlibs extra libmagick++-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 9b2c918000343f108aa594ec90d8a2e0 148620 libdevel optional libmagickcore-6-arch-config_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 69776a0769468e1576a7429b3a81685b 46978 libdevel optional libmagickcore-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 3de112b1aca1fdc8cf3b43ef13d0e957 4449148 debug extra libmagickcore-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 e120640709883241fbc3c5c6202bec11 174316 debug extra libmagickcore-6.q16-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 9907d6c38a36e117a54ccd54608449af 190176 libs optional libmagickcore-6.q16-3-extra_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 0aabf85e5f1b7efc888fb61ce3e78bf1 1741248 libs optional libmagickcore-6.q16-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 1a892df1c2a1d6bc29a701f6dbec2080 1093628 libdevel optional libmagickcore-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 0889c96dd0ae67f2e966dc3752d2d3d9 4428696 debug extra libmagickcore-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 b7c1ba3512e9c4b1228f19ddef0ebbd8 174052 debug extra libmagickcore-6.q16hdri-3-extra-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 cbedc4faa0bbc0d258d84f0d64e99696 190146 libs optional libmagickcore-6.q16hdri-3-extra_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 f605b30e3af11425f9f89489e3f7a653 1748416 libs optional libmagickcore-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 3f66c123806b09e81e97432c5d3cc4ba 1088508 libdevel optional libmagickcore-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 4591b8d81ecb5a0779943c2fe7f9355b 1258 oldlibs extra libmagickcore-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 bb436f825b99110a6a9d7cb5df3174f7 10474 libdevel optional libmagickwand-6-headers_6.9.7.4+dfsg-11+deb9u3_all.deb
 55712f987e74bf557fbbdc242a670c8d 672622 debug extra libmagickwand-6.q16-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 d0d15bbf03debfc9f3433b65010e36b9 422362 libs optional libmagickwand-6.q16-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 65f760e25e9aeb7f4c001f884c529897 417824 libdevel optional libmagickwand-6.q16-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 1200c8f08440c5ba5bf30906e62022fb 669030 debug extra libmagickwand-6.q16hdri-3-dbgsym_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 0a44cacf08f67dba35baa3f1313f1d3c 421024 libs optional libmagickwand-6.q16hdri-3_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 1a9820bf4f32130850c50d82bd6f99d9 416654 libdevel optional libmagickwand-6.q16hdri-dev_6.9.7.4+dfsg-11+deb9u3_amd64.deb
 c47c346ffc1a0cd48f7fa1aed6c24e85 1250 oldlibs extra libmagickwand-dev_6.9.7.4+dfsg-11+deb9u3_all.deb
 327bf903fdcea56c4d25d3361a4e4888 1270 oldlibs extra perlmagick_6.9.7.4+dfsg-11+deb9u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloF3zcACgkQEMKTtsN8
Tjb5VBAAt42br2nHr5lK9BYFLk1UVqo5n0wchZNeKhy60KinXF/q72cJyAaS4WTm
dT3oaBjXDln3KPlMPe9SyWvF+Qy3a3XQ6F2FPSOB86qLAv79OuYgdzLAutrXyPmn
yS8buLVDTJNdwB8Bxk7cjkX1NMGO2YZ21kmicJLR8o0a1AZdlXfp58SyACox3c54
rrXlJDLNus583mVLlBRSH/zHdkxglI0Y6ylF1ZcBDOcrrpZKe5YlWjZTT6x6RRMv
NYG57ssGqO7dOyi+68mMsw/X3LP9Otvaf02miOOZSekDByXOobnL2E9zhN073En1
9RIKkJL8fsaYjpZs30wqu5Ua8jJoEwADe3t+9vozMlNsy9hlEYks9HJZH7Fq5JhC
DF2caI7SxtD3REcTL3rRY9g7HMiT2DeGPUb55R+wmvaCNhGkxgjjB6VnvKRcFQ1R
G5+Se2+DHrQAwyrk1V0/sWT0oMK37+ky6LXGPh4TUvwufs4ErUauZ3nkJp0eRYyA
8+HcUS2LI0ianqqvBhk6M4BIvcxXLS+e7qN4bIiYupBikyXzqkWfLhqwM5UkF5b5
dlbxgg5sPYuOLnuBTyFd+pbQg1eXwRSGLEvVfHdFZNTmcKZ86h4P+vWarpmVlwSD
5o/3ATbdl+haT8uExZgY/PtEhNQHfwPbbs5A32QLNZ0tEL/wBvE=
=TWTi
-----END PGP SIGNATURE-----

Message #19 received at 878562-close@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: 878562-close@bugs.debian.org

Subject: Bug#878562: fixed in imagemagick 8:6.8.9.9-5+deb8u11

Date: Sat, 18 Nov 2017 22:18:45 +0000

Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878562@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 876488 878507 878508 878527 878562 878578 881392
Changes:
 imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium
 .
   * Multiple security fixes
     CVE-2017-12983 (Closes: #873134)
     CVE-2017-13134 (Closes: #873099)
     CVE-2017-13769 (Closes: #878507)
     CVE-2017-14224 (Closes: #876097)
     CVE-2017-14607 (Closes: #878527)
     CVE-2017-14682 (Closes: #876488)
     CVE-2017-14989 (Closes: #878562)
     CVE-2017-15277 (Closes: #878578)
     CVE-2017-11352 (Closes: #868469)
     CVE-2017-11640 (Closes: #870067)
     CVE-2017-12431 (Closes: #869715)
     CVE-2017-12640 (Closes: #870106)
     CVE-2017-13139 (Closes: #870109)
     CVE-2017-13144 (Closes: #869728)
     CVE-2017-13758 (Closes: #878508)
     CVE-2017-16546 (Closes: #881392)
     CVE-2017-12877 (Closes: #872373)
Checksums-Sha1:
 b6b9f8ab9c1a83aa475491eb2c1bd0c3328d1b42 4228 imagemagick_6.8.9.9-5+deb8u11.dsc
 bc2b5fdd108515867075437a482ad99e0733d212 293332 imagemagick_6.8.9.9-5+deb8u11.debian.tar.xz
 a75273b95705b9b0e7459fa7d4711ab1facbb82c 153236 imagemagick-common_6.8.9.9-5+deb8u11_all.deb
 13f69c8b1d0f87c8be1a2a978143e1e09a209770 7656136 imagemagick-doc_6.8.9.9-5+deb8u11_all.deb
 8c7f7b23cf094bd8168dc20ef0c59b76fab5232d 171710 libmagickcore-6-headers_6.8.9.9-5+deb8u11_all.deb
 0967995516fce7f94051806b86650084a1468ed0 134632 libmagickwand-6-headers_6.8.9.9-5+deb8u11_all.deb
 6e60ab7cf28fdd2f8232152421c3d8c683ff867b 170480 libmagick++-6-headers_6.8.9.9-5+deb8u11_all.deb
 7a49c5cd66843f14f99ed7ac0f84e6b9f3c2b470 160064 imagemagick_6.8.9.9-5+deb8u11_amd64.deb
 dd4577b678d108502c74371426f0d192a6dfa80f 178684 libimage-magick-perl_6.8.9.9-5+deb8u11_all.deb
 7f4555b85f2a8ea4935861814562780a2859484c 133468 libmagickcore-6-arch-config_6.8.9.9-5+deb8u11_amd64.deb
 7c1144148dccff6f6d7ee4b15ca4dee91f1aacb6 513024 imagemagick-6.q16_6.8.9.9-5+deb8u11_amd64.deb
 2cc3b535e04182861beca3b6c4b76767268fa47e 1694962 libmagickcore-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 b35d68e86c765f0513f2b7d856607e1a838e0f1e 173934 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u11_amd64.deb
 30a0e4db2a34d305c5f7d7a4879ec12b0a48e053 1031176 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 c11126ee2d4b846aed3e6df8364e7e5701430042 406902 libmagickwand-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 3433860520107542b2116c3a0d8f26c3e09bfc40 394242 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 b8dd01be8e7aa52d28796d058707104e7265ca7c 257650 libmagick++-6.q16-5_6.8.9.9-5+deb8u11_amd64.deb
 fd18a992a46dedc440dce2bed5f75812f91827d1 225254 libmagick++-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 82a0c1d8da85533acdbf2b765557cf1dd71c1236 5011280 imagemagick-dbg_6.8.9.9-5+deb8u11_amd64.deb
 285e60515a2ba23e6c827aac6ab6419f97f424ae 224668 libimage-magick-q16-perl_6.8.9.9-5+deb8u11_amd64.deb
 52b93797f8aba2cc445228c76ce5687304d7ed7a 125800 perlmagick_6.8.9.9-5+deb8u11_all.deb
 95c687e5b0b8d8cd6aaf698483451a39657fdf82 125768 libmagickcore-dev_6.8.9.9-5+deb8u11_all.deb
 8a2a967732985e96d972a836c376c38cd18b2c84 125762 libmagickwand-dev_6.8.9.9-5+deb8u11_all.deb
 7dda94b2d620f43bc7c751614b52b545a8005e7c 125792 libmagick++-dev_6.8.9.9-5+deb8u11_all.deb
Checksums-Sha256:
 837016302c1eec0140dad8fe37a88acc2e3f48ee058ea467e15b6c8d692c90e0 4228 imagemagick_6.8.9.9-5+deb8u11.dsc
 efac665d5c7864cbd83ca913ccce82be03a858c4770a0020a1d0ac43e9f47ada 293332 imagemagick_6.8.9.9-5+deb8u11.debian.tar.xz
 ab415a0eadfd07760229283547fd927f825fc8f72fb142520a3b146824d2d7ad 153236 imagemagick-common_6.8.9.9-5+deb8u11_all.deb
 9a9eec48be2798fae87ebc09f15e5a94407505ee7d204b0f2c9af391b8ff22cb 7656136 imagemagick-doc_6.8.9.9-5+deb8u11_all.deb
 38830227a3204969daca9edee8539261d9f746a63d4a2a937639f0035d4a72ff 171710 libmagickcore-6-headers_6.8.9.9-5+deb8u11_all.deb
 860c35349ec468a67863eff600e1c4c49c6dfb418e113d654e4f8be5f8cd4af0 134632 libmagickwand-6-headers_6.8.9.9-5+deb8u11_all.deb
 d4a03d38e76c4cc53b53ed1fb7b7b34c464d0391091590cb65db18541798029f 170480 libmagick++-6-headers_6.8.9.9-5+deb8u11_all.deb
 5b6491f56846b485643876a14c719f54cd6f131426b1a59edd7d4d485f779648 160064 imagemagick_6.8.9.9-5+deb8u11_amd64.deb
 eecc21222fd5ac35187663f594215517a5ee6aca05a3bbac5c2165f108eb0e37 178684 libimage-magick-perl_6.8.9.9-5+deb8u11_all.deb
 416b6edf1baddf04a51b85074297104cf80675ab7a7ac9d076de86e5b5d52a9d 133468 libmagickcore-6-arch-config_6.8.9.9-5+deb8u11_amd64.deb
 a22805bc8900d8a0f4e269f8e3f91f07b7e0e0fca806854249ef1bc275e1197f 513024 imagemagick-6.q16_6.8.9.9-5+deb8u11_amd64.deb
 7fbfb34a69c770b187a004d0629f29152ab3181a6074dfd2bec035ee9b6438af 1694962 libmagickcore-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 9e6991127186e3857a490e9dd438d4f75a03df0792554382b24d991869750615 173934 libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u11_amd64.deb
 aea276d56a0ec6dadb2d0eff92fd953cf946ff101f4c3fa566c67f5e5f0ac74f 1031176 libmagickcore-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 a8c2cbeb63f4ba583110fb5f6a46a565975f60b59dd5042121bc861bd87af198 406902 libmagickwand-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 4b31f077edbecc8e6eaab6f27cc9b418220438c5b5a58a84964dfceaf1e403dd 394242 libmagickwand-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 bd1641953b50041cfc8d68c9b03c3f58462df325e7698e91a88e8a9c15ec6cdc 257650 libmagick++-6.q16-5_6.8.9.9-5+deb8u11_amd64.deb
 6152e15fb2e4ac78875dc45c9e44d449a053db4600ca39359c287c7208374269 225254 libmagick++-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 7ba04acdb3c8475e55375a734a2625992dc37f39cf9998f53310bfbebee6eb1c 5011280 imagemagick-dbg_6.8.9.9-5+deb8u11_amd64.deb
 bec4a9241aab8843bf42a202ab919065a4ae1e0d8e2f5db7362852ee634a9a76 224668 libimage-magick-q16-perl_6.8.9.9-5+deb8u11_amd64.deb
 39de5099c58ba648508ee4027a25e0f48e1857b421112e38502b85c6fc1e47b2 125800 perlmagick_6.8.9.9-5+deb8u11_all.deb
 24a22b51fb6b9c85e21b4d195c27a8444d22c277574b8467c4b4b7de2109b010 125768 libmagickcore-dev_6.8.9.9-5+deb8u11_all.deb
 4f0bc709f8379d4b8219bf3c9046203de9de69492ca7512a006604a3479c7475 125762 libmagickwand-dev_6.8.9.9-5+deb8u11_all.deb
 2ac444502c303e0e90a60fe0b39ef1e2d37a7d52e50c61178947aa1120f80976 125792 libmagick++-dev_6.8.9.9-5+deb8u11_all.deb
Files:
 7e4e8c90a54efdaeaa055c882fbded8d 4228 graphics optional imagemagick_6.8.9.9-5+deb8u11.dsc
 c856080867381ff91eac9d8c197c3a73 293332 graphics optional imagemagick_6.8.9.9-5+deb8u11.debian.tar.xz
 e7d8d3bf3799a7a70d09505f82d6e095 153236 graphics optional imagemagick-common_6.8.9.9-5+deb8u11_all.deb
 abbfa08d85487fca5bafa753c6c5ce89 7656136 doc optional imagemagick-doc_6.8.9.9-5+deb8u11_all.deb
 5c5fa3d24a6f0d03a32bd1e220bbe745 171710 libdevel optional libmagickcore-6-headers_6.8.9.9-5+deb8u11_all.deb
 29eb8a8fe6951a2a7c2aefdfe0056f9b 134632 libdevel optional libmagickwand-6-headers_6.8.9.9-5+deb8u11_all.deb
 6fa8374fd0de8426423eb5598bc764e1 170480 libdevel optional libmagick++-6-headers_6.8.9.9-5+deb8u11_all.deb
 6ea3ac3ff3441c9494fe78e81d2ca8a1 160064 graphics optional imagemagick_6.8.9.9-5+deb8u11_amd64.deb
 10ff88cf0bd355fad87408b54fe4c217 178684 perl optional libimage-magick-perl_6.8.9.9-5+deb8u11_all.deb
 d70847dcf1c9c7498b1b9c587879e21a 133468 libdevel optional libmagickcore-6-arch-config_6.8.9.9-5+deb8u11_amd64.deb
 1b5249cdfbf8fb43908d81916f4b7130 513024 graphics optional imagemagick-6.q16_6.8.9.9-5+deb8u11_amd64.deb
 c6fe4c1ac42fa2ade3d3f0d2495caa76 1694962 libs optional libmagickcore-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 b5a5906af7d10cba35b21a6b2d1ae66f 173934 libs optional libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u11_amd64.deb
 a141ed4a3cc39eeb445fdf62115f198e 1031176 libdevel optional libmagickcore-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 f36721cf4ea695afc8ddc44959514ddc 406902 libs optional libmagickwand-6.q16-2_6.8.9.9-5+deb8u11_amd64.deb
 02fa56f8110125654128024efb94f244 394242 libdevel optional libmagickwand-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 4b08add720fe70c4d6876e5e5e4de51b 257650 libs optional libmagick++-6.q16-5_6.8.9.9-5+deb8u11_amd64.deb
 0629a4a5c817fca7f5a496b9ac2bc832 225254 libdevel optional libmagick++-6.q16-dev_6.8.9.9-5+deb8u11_amd64.deb
 1864b8f7fc1e19aa10cf680d20f9bfb6 5011280 debug extra imagemagick-dbg_6.8.9.9-5+deb8u11_amd64.deb
 34bdd6735cb8a39c19096a9ce8dc97d1 224668 perl optional libimage-magick-q16-perl_6.8.9.9-5+deb8u11_amd64.deb
 c10ae51274d8d54b7f9d186568d3b51e 125800 oldlibs extra perlmagick_6.8.9.9-5+deb8u11_all.deb
 5a4f8cd97d439743d5b5778b41984f5d 125768 oldlibs extra libmagickcore-dev_6.8.9.9-5+deb8u11_all.deb
 fdeee70b8072091ca09326098cdbd9aa 125762 oldlibs extra libmagickwand-dev_6.8.9.9-5+deb8u11_all.deb
 56134a840deda18a66cc96892ec63270 125792 oldlibs extra libmagick++-dev_6.8.9.9-5+deb8u11_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloOGKwACgkQEMKTtsN8
TjbgixAAuc8WHvLwJgQj/3YBuzYD5uzNHlAUdmUgbtQbYgkibMcYnfD2pQc6XHEH
ZyhGs2ZGSt1o5zF8i9Gu7hnCzuUUGatuKGiHuROo9vr1JVwlXs2u77/qhLDED9dC
bi/dX8lsbh4OJL3e8Td9udff7MHIi4mwVb6cTUYr8U1CQEgSML47mbXQEFln+UGS
FQqzB7mWbTWSjHWNWtO/Oxra/9MSYdFv4o3xY6N+yTwewmVld5m+H+ivTwf9tIsU
9eDzPoMhvybhDZrhbI7PGr1fWhI1lanWVwAJwPRUyMvdrhrPBmoMxWf4W5wt6R4o
wz9E4BopvElur0gSxg3+NI3j5QPrwMo+toACUl9D5IFPA0cgNlouxfLVxxVVxOiG
IDTxZPxusTYlyGjkkmddS8jp1Ou+rREFIG2rLeGS6Uw+qqhIR4PJgTw/JDA6aAjf
eRjZX3C0axor0OKDFqkCXAwde28hzf8mcuKtgApGIe3D26OrZuDu8AKrN6q0eziL
KoPC0JBau7z6OKR1nj0zKFUbwbQRSJBmuSlXv9VbLiKK8kEJ2JoxSMK8Lv3DRCze
Bt/NlUaOWciBLR9Ijya/DyfBoE0GfzHC/KzaSd14nbMp64tmlDIyxm4H3xnSTajU
ELCLngjTkFKMyUmGH9Ybj9F8Y7caryIYpmpIBBTFJg7UVvG0Bws=
=og5h
-----END PGP SIGNATURE-----

Message #26 received at 878562-close@bugs.debian.org (full text, mbox, reply):

From: Bastien Roucariès <rouca@debian.org>

To: 878562-close@bugs.debian.org

Subject: Bug#878562: fixed in imagemagick 8:6.9.9.34+dfsg-1

Date: Fri, 09 Feb 2018 22:35:40 +0000

Source: imagemagick
Source-Version: 8:6.9.9.34+dfsg-1

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878562@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <rouca@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 08 Feb 2018 13:38:05 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-5 libmagickcore-6.q16-5-extra libmagickcore-6.q16-dev libmagickwand-6.q16-5 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-5 libmagickcore-6.q16hdri-5-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-5 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.9.34+dfsg-1
Distribution: experimental
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-5 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-5-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-6.q16hdri-5 - low-level image manipulation library -- quantum depth Q16HDRI
 libmagickcore-6.q16hdri-5-extra - low-level image manipulation library - extra codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-5 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-5 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 856601 872373 872609 873059 873099 873100 873131 873134 873871 875338 875339 875341 875352 875502 875503 875504 875506 876097 876099 876105 876487 876488 877354 877355 878506 878507 878508 878524 878527 878541 878545 878546 878547 878548 878554 878555 878562 878578 878579 878679 881392 884444 885125 885339 885340 885941 885942 886281 886584 886588
Changes:
 imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high
 .
   * New upstream version
   * Packaging fix:
     + Fix privacy breach.
     + Bump compat level to 11.
     + Bump policy no changes
     + Fix lintian warnings
     + Fix "unnecessary libgraphviz-dev dependency (and graphviz
       suggests?)", thanks to Matthias Klose (Closes: #884444).
     + Remove Vincent Fourmond <fourmond@debian.org> as uploader, thanks
       to him. (Closes: #878679).
     + Aknowledge NMU (Closes: #856601)
   * Fix a few security issues
     + Fix CVE-2017-1000445: NULL pointer dereference in
       the MagickCore component and might lead to denial of service.
       (Closes: #886281)
     + Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
       the function ReadDDSInfo in coders/dds.c, which allows attackers
       to cause a denial of service.
     + Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
       has an integer signedness error leading to excessive memory
       consumption via a crafted DCM file.
       (Closes: #873059)
     + Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
       the function ReadPDBImage in coders/pdb.c, which allows attackers
       to cause a denial of service
       (Closes: #872609)
     + Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
       allows remote attackers to cause a denial of service
       (memory consumption) via a crafted file.
       (Closes: #875338)
     + Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
       in ImageMagick allows remote attackers to cause a
       denial of service (memory consumption) via a crafted VIFF file.
       (Closes: #875339)
     + Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
       allows remote attackers to cause a denial of service
       (memory consumption) via a crafted BMP
       (Closes: #875341)
     + Fix CVE-2017-12875: The WritePixelCachePixels function
       allows remote attackers to cause a denial of service
       (CPU consumption) via a crafted file.
       (Closes: #873871)
     + Fix CVE-2017-12877: Use-after-free vulnerability in
       the DestroyImage function in image.c in ImageMagick allows
       remote attackers to cause a denial of service via a crafted file.
       (Closes: #872373)
     + Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
       function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
       attackers to cause a denial of service (application crash)
       or possibly have unspecified other impact via a crafted file.
       (Closes: #873134)
     + Fix CVE-2017-13061: A length-validation vulnerability was found
       in the function ReadPSDLayersInternal in coders/psd.c,
       which allows attackers to cause a denial of service
       (ReadPSDImage memory exhaustion) via a crafted file
       (Closes: #873131)
     + Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
       offset validation, which allows attackers to cause a denial of service
       (load_tile memory exhaustion) via a crafted file.
       (Closes: #873100)
     + Fix CVE-2017-13134: a heap-based buffer over-read was found in the
       function SFWScan in coders/sfw.c, which allows attackers
       to cause a denial of service via a crafted file.
       (Closes: #873099)
     + Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
       function in MagickCore/draw.c.
       (Closes: #878508)
     + Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
       function in MagickCore/identify.c in ImageMagick allows an attacker
       to perform denial of service by sending a crafted image file.
       (Closes: #875352)
     + Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
       coders/thumbnail.c allows an attacker to cause a denial of service
       (buffer over-read) by sending a crafted JPEG file.
       (Closes: #878507)
     + Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
       ReadCUTImage function in coders/cut.c that could allow an attacker
       to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
       function within the MagickCore/cache.c file) by submitting
       a malformed image file.
       (Closes: #878506)
     + Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
       due to lack of an EOF (End of File) check cause high CPU consumption.
       When a crafted PSD file, which claims a large "extent" field
       in the header but does not contain sufficient backing data,
       is provided, the loop over "length" would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875506)
     + Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
       an integer overflow might occur for the addition operation
       "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
       value than expected. As a result, an infinite loop would occur
       for a crafted TXT file that claims a very large "max_value" value.
       (Closes: #875504)
     + Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
       a lack of an EOF (End of File) check might cause huge CPU consumption.
       When a crafted PSD file, which claims a large "length" field
       in the header but does not contain sufficient backing data,
       is provided, the loop over "length" would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875503)
     + Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
       a lack of an EOF (End of File) check might cause huge CPU consumption.
       When a crafted XBM file, which claims large rows and columns fields
       in the header but does not contain sufficient backing data,
       is provided, the loop over the rows would consume huge CPU resources,
       since there is no EOF check inside the loop.
       (Closes: #875502)
     + Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
       in coders/pcx.c allows remote attackers to cause a denial
       of service or code execution via a crafted file.
       (Closes: #876097)
     + Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
       ReadMPCImage in coders/mpc.c, leading to division by zero
       in GetPixelCacheTileSize in MagickCore/cache.c,
       allowing remote attackers to cause a denial of service
       via a crafted file.
       (Closes: #876099)
     + Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
       in coders/wpg.c, causing CPU exhaustion via a crafted
       wpg image file.
       (Closes: #876105)
     + Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
       mishandles the pixel cache nexus, which allows remote attackers
       to cause a denial of service (NULL pointer dereference
       in the function GetVirtualPixels in MagickCore/cache.c)
       via a crafted file.
       (Closes: #878546)
     + Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
       mishandles certain NULL arrays, which allows attackers to perform
       Denial of Service (NULL pointer dereference and application crash in
       AcquireQuantumMemory within MagickCore/memory.c) by providing a
       crafted Image File as input.
       (Closes: #878545)
     + Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
       in coders/tiff.c.
       (Closes: #878541)
     + Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
       has been reported in coders/tiff.c. An attacker could possibly
       exploit this flaw to disclose potentially sensitive memory
       or cause an application crash.
       (Closes: #878527)
     + Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
       in the function PostscriptDelegateMessage in coders/ps.c.
       (Closes: #877354)
     + Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
       in the function sixel_output_create in coders/sixel.c.
       (Closes: #877355)
     + Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
       in the function sixel_decode in coders/sixel.c.
       (Closes: #878524)
     + Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
       allows remote attackers to cause a denial of service
       (heap-based buffer overflow and application crash)
       or possibly have unspecified other impact via a
       crafted SVG document, a different vulnerability
       than CVE-2017-10928.
       (Closes: #876488)
     + Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
       function in magick/resample-private.h in ImageMagick
       mishandles failed memory allocation, which allows
       remote attackers to cause a denial of service
       (NULL Pointer Dereference in DistortImage in
       MagickCore/distort.c, and application crash)
       via unspecified vectors.
       (Closes: #878547)
     + Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
       allows remote attackers to cause a denial of service
       (infinite loop) via a crafted font file.
       (Closes: #878548)
     + Fix CVE-2017-14989: A use-after-free in RenderFreetype
       in MagickCore/annotate.c allows attackers to crash the application
       via a crafted font file, because the FT_Done_Glyph function
       (from FreeType 2) is called at an incorrect place in the ImageMagick code.
       (Closes: #878562)
     + Fix CVE-2017-15015: NULL pointer dereference vulnerability in
       PDFDelegateMessage in coders/pdf.c.
       (Closes: #878555)
     + Fix CVE-2017-15017: NULL pointer dereference vulnerability
       in ReadOneMNGImage in coders/png.c.
       (Closes: #878554)
     + Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
       the palette uninitialized when processing a GIF file that has
       neither a global nor local palette. If the affected product is
       used as a library loaded into a process that operates on
       interesting data, this data sometimes can be leaked
       via the uninitialized palette.
       (Closes: #878578)
     + Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
       allows remote attackers to cause a denial of service
       (application crash) or possibly have unspecified other impact
       via a crafted file, related to "Conditional jump or move
       depends on uninitialised value(s).
       (Closes: #878579).
     + Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
       does not properly validate the colormap index in a WPG palette,
       which allows remote attackers to cause a denial of service
       (use of uninitialized data or invalid memory allocation)
       or possibly have unspecified other impact via a malformed WPG file.
       (Closes: #881392)
     + Fix CVE-2017-17499: use-after-free in Magick::Image::read
       in Magick++/lib/Image.cpp.
       (Closes: #885339)
     + Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
       heap-based buffer over-read via a crafted file, related to
       ReadOneMNGImage.
       (Closes: #885340)
     + Fix CVE-2017-17681: an infinite loop vulnerability was found
       in the function ReadPSDChannelZip in coders/psd.c, which
       allows attackers to cause a denial of service (CPU exhaustion)
       via a crafted psd image file.
       (Closes: #885941)
     + Fix CVE-2017-17682: large loop vulnerability was found in the
       function ExtractPostscript in coders/wpg.c, which allows attackers
       to cause a denial of service (CPU exhaustion) via a crafted wpg
       image file that triggers a ReadWPGImage call.
       (Closes: #885942)
     + Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
       in coders/png.c, related to length calculation and caused by an
       off-by-one error.
       (Closes: #885125)
     + Fix CVE-2017-17914: a vulnerability was found in the function
       ReadOnePNGImage in coders/png.c, which allows attackers to cause
       a denial of service (ReadOneMNGImage large loop) via a crafted mng
       image file.
       (Closes: #886584)
     + Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
       in the ReadSIXELImage function, related to the sixel_decode function.
       (Closes: #886588)
   * Fix a few unimportant security bugs:
     + Fix CVE-2017-12644 memory leak vulnerability
       in ReadDCMImage in coders\dcm.c
     + Fix CVE-2017-13058 memory leak in WritePCXImage
     + Fix CVE-2017-13059 memory leak in WriteJNGImage
     + Fix CVE-2017-13060 memory leak in ReadMATImage
     + Fix CVE-2017-13062 memory leak vulnerability
       found in the function formatIPTC in coders/meta.c,
       which allows attackers to cause a denial of service
       (WriteMETAImage memory consumption) via a crafted file.
     + Fix CVE-2017-13131 a memory leak vulnerability
       found in the function ReadMIFFImage in coders/miff.c,
       which allows attackers to cause a denial of service
       (memory consumption in NewLinkedList in MagickCore/linked-list.c)
       via a crafted file.
     + Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
       where memory allocation is excessive,
       because it depends only on a length field in a header.
     + Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
       because memory is not freed in certain error cases.
     + Fix CVE-2017-14139: memory leak vulnerability
       in WriteMSLImage in coders/msl.c.
     + Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
     + Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
     + Fix CVE-2017-14326: memory leak vulnerability in the function
       ReadMATImage in coders/mat.c, which allows attackers
       to cause a denial of service via a crafted file.
     + Fix CVE-2017-14342: memory exhaustion vulnerability in
       ReadWPGImage in coders/wpg.c via a crafted wpg image file.
     + Fix CVE-2017-14343: memory leak vulnerability in
       ReadXCFImage in coders/xcf.c via a crafted xcf image file.
     + Fix CVE-2017-14531: memory exhaustion issue in
       ReadSUNImage in coders/sun.c.
     + Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
     + Fix CVE-2017-14684: mory leak vulnerability was found in the
       function ReadVIPSImage in coders/vips.c, which allows
       attackers to cause a denial of service (memory consumption
       in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
       (Closes: #876487)
     + Fix CVE-2017-15016: a NULL pointer dereference vulnerability
       in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
       under Debian).
     + Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
       coders/ycbcr.c.
     + Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
     + Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
     + Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
     + Fix CVE-2017-17680: a memory leak vulnerability was found in
       the function ReadXPMImage in coders/xpm.c, which allows
       attackers to cause a denial of service via a crafted xpm image file.
     + Fix CVE-2017-17881: a memory leak vulnerability was found in
       the function ReadMATImage in coders/mat.c, which allows
       attackers to cause a denial of service via a crafted MAT image file.
     + Fix CVE-2017-17882: a memory leak vulnerability was found in the
       function ReadXPMImage in coders/xpm.c, which allows attackers
       to cause a denial of service via a crafted XPM image file.
     + Fix CVE-2017-17883: a memory leak vulnerability was found in the
       function ReadPGXImage in coders/pgx.c, which allows attackers
       to cause a denial of service via a crafted PGX image file.
     + Fix CVE-2017-17884: a memory leak vulnerability was found in the
       function WriteOnePNGImage in coders/png.c,
       which allows attackers to cause a denial of service via
       a crafted PNG image file.
     + Fix CVE-2017-17885: a memory leak vulnerability was found
       in the function ReadPICTImage in coders/pict.c, which
       allows attackers to cause a denial of service via a crafted
       PICT image file.
     + Fix CVE-2017-17886: a memory leak vulnerability was found
       in the function ReadPSDChannelZip in coders/psd.c,
       which allows attackers to cause a denial of service
       via a crafted psd image file.
     + Fix CVE-2017-17887: a memory leak vulnerability
       was found in the function GetImagePixelCache in magick/cache.c,
       which allows attackers to cause a denial of service via a crafted
       MNG image file that is processed by ReadOneMNGImage.
     + Fix CVE-2017-17934: a memory leaks in coders/msl.c,
       related to MSLPopImage and ProcessMSLScript,
       and associated with mishandling of MSLPushImage calls.
     + Fix CVE-2017-18008: a ùemory Leak in ReadPWPImage in coders/pwp.c.
     + Fix CVE-2017-18022: memory leaks in MontageImageCommand
       in MagickWand/montage.c.
     + Fix CVE-2017-18027: a memory leak vulnerability was found
       in the function ReadMATImage in coders/mat.c,
       which allow remote attackers to cause a denial
       of service via a crafted file.
     + Fix CVE-2017-18028: a memory exhaustion vulnerability
       was found in the function ReadTIFFImage in coders/tiff.c,
       which allow remote attackers to cause a denial
       of service via a crafted file.
     + Fix CVE-2017-18029: a memory leak vulnerability was found
       in the function ReadMATImage in coders/mat.c,
       which allow remote attackers to cause a denial of
       service via a crafted file.
     + Fix CVE-2017-6502: a specially crafted webp file
       could lead to a file-descriptor leak in libmagickcore
       (thus, a DoS)
     + Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
       in coders/pattern.c.
     + Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
     + Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
       in coders/dcm.c.
     + Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
       function in coders/json.c, as demonstrated by the
       ReadPSDLayersInternal function in coders/psd.c.
   * Backport fix:
     + Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
       in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
       variable can be overwritten by a new pointer.
       The previous pointer is lost, which leads to a memory leak.
       This allows remote attackers to cause a denial of service.
       (from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)
Checksums-Sha1:
 019151a2eed984c20284cd3430d0cea81fa618e6 5122 imagemagick_6.9.9.34+dfsg-1.dsc
 bac50ed3a85fa095472370d57f9c76c88a0e445a 9047920 imagemagick_6.9.9.34+dfsg.orig.tar.xz
 205d49483312479b02ca7ca9da28ef44714f446f 218000 imagemagick_6.9.9.34+dfsg-1.debian.tar.xz
 e759d647494139eeb4f0f130264085c4b7a538bc 29140 imagemagick_6.9.9.34+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 201b79b2f8337c30216f6c918d0040b4d5c0d460bba36162f324ac78d55e9b5e 5122 imagemagick_6.9.9.34+dfsg-1.dsc
 ef0554a2e27cc8d039da5f7c6178bc889a896f3892d7d3ee48fc83cad579b590 9047920 imagemagick_6.9.9.34+dfsg.orig.tar.xz
 e63ce64ca2364c4bdb1cce8c10d1dffe92598615cb7d937fa0b057446bbc614a 218000 imagemagick_6.9.9.34+dfsg-1.debian.tar.xz
 fe9909a20a00867089a25b70631f32ba26a7c5441e0f07b2fcb2ffae905fe545 29140 imagemagick_6.9.9.34+dfsg-1_amd64.buildinfo
Files:
 4ab0613bdfae5e8b1aa46d3854d636ea 5122 graphics optional imagemagick_6.9.9.34+dfsg-1.dsc
 2fb2d6622e1ab0ca0182a00089ad1dff 9047920 graphics optional imagemagick_6.9.9.34+dfsg.orig.tar.xz
 33ca0bae16ca48676b3853fcaad6de9f 218000 graphics optional imagemagick_6.9.9.34+dfsg-1.debian.tar.xz
 a7012245af4ed8de530066d85bee46ca 29140 graphics optional imagemagick_6.9.9.34+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlp+HVAACgkQADoaLapB
CF9IBg//YV9mQaUY5n7rLLfMqV+eyM0gDIbHQzQ5YAS8rc8cRAExPV4tKBk7TT9S
yJkuKKkxSgYIPzdnQH5kkxmf1ddv0XYSWdLgUQxnSFkp2FdaVEbXwSqoVT8sMSVj
XAEY93sStNXVaXoeY0IjRY+9jw6rsKXmWcd5x4sg77UZ5SJms4D4EFAplIzRWCV+
kk0uV6EEWlOZzOeBTENoDGhvm6wXUZ39vPXk0+j6kJFKjAt143hPj/Oltmn8UkrL
YIvEEr1hjMExoo1AWl80YiVGoBg08jgU+TGGbeDsXnxdwBZc2rVUHbHFKXhOP+x2
j6v8Xc5+RhgUODXs2aThmB/MnXoirxAG/yXoHCDRkLGg/7d8AEGzm9XCmlbIvtss
HCM4cHaIsPnigh7TsA4kJzfFscaXVtYyilUnSiYVzby16RdXE8ydZwUedIQOezSU
3fovU9zhXQgD/btBKf4Lc5Mup4mZ08jSHC79IjiB6ja2Fqe0uoVBf2ZW4XLpUCrd
7rwTtorHuBwyfbEmDFl0DJKvAtW4KnJHonkGnKSrX7zLFh49hv1I/afzolbhsOG4
5o4pFY6MynuwNpakHgWukKF96EBsR4Wztx6XZm+CPpfKSMfzGZ7ODidEoW/YFnP1
g15vtUlNjl+Yt+JOHFQ13VhyyYELNMPWZGK2xKGHdYZc5to6gh0=
=+P95
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.