lp:ubuntu/gutsy-security/imagemagick
- Get this branch:
- bzr branch lp:ubuntu/gutsy-security/imagemagick
Branch merges
Branch information
Recent revisions
- 9. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
out-of-bounds heap write in the XCF coder
- coders/xcf.c: add a couple of extra image sanity checks (patch taken
from Red Hat - ImageMagick-6.2.8.0- 4.el5_1. 1.src.rpm)
- CVE-2008-1096 - 8. By Kees Cook
-
* Merge with Debian unstable for CVE fixes. Remaining changes:
- Magick++/lib/Geometry. cpp: build fix for g++-4.3.
- debian/control: Ubuntu maintainer address. - 6. By Daniel Kobras <email address hidden>
-
* New maintainers.
* debian/compat: Splice debhelper version out of debian/rules into
separate file (but don't bump version).
* debian/control: Adjust jasper dependencies to current package names.
Closes: #419274, #420353
* Documentation minors improvements:
- Manpages says SEE ALSO, not SEE-ALSO. Closes: #333616
- Escaped specials chars in manpages. Closes: #381831
- External reference in convert(1). Closes: #398183
- "isplay", "perferred", "similiar" and "morify.html" typos fixed.
Closes: #386964, #351498, #395830
- ImageMagick(1) indentation. Closes: #335111
- "convert -help" duplicated line fixes. Closes: #339548
- Typo in description of --resize command fixed. Closes: #364826
* Magick++/lib/Image. cpp: Include cstdlib header to fix build failure
with gcc 4.3. Patch thanks to Martin Michlmayr. Closes: #417237
* coders/dcm.c: Fix integer overflow in DCM coder. (CVE-2007-1797)
Closes: #418057
* coders/icon.c: Fix segfault in ICON coder.
* coders/pcx.c: Fix heap overflow in PCX coder.
* coders/pict.c: Fix multiple segfaults in PICT coder.
* coders/png.c: Fix segfault in PNG coder.
* coders/pnm.c: Fix segfault in PNM coder.
* coders/sgi.c: Fix segfault in SGI coder.
* coders/sun.c: Fix segfault during conversion in SUN coder.
* coders/viff.c: Prevent heap corruption in VIFF coder.
* coders/xwd.c: Fix segfault during conversion in XWD coder.
* coders/xwd.c: Fix multiple integer overflows in XWD coder.
(CVE-2007-1667, CVE-2007-1797)
* The above fixes collectively address the following bug report:
Closes: #412945
* config/delegates. xml.in: Lose obsolete option -3 to dcraw delegate
to unbreak support for raw digital images. Closes: #404477 - 5. By Daniel Kobras <email address hidden>
-
* Non-maintainer upload.
* coders/palm.c: Fix regression introduced in patch for CVE-2006-5456.
Avoid bogus second read in macro call. Patch thanks to Vladimir
Nadvornik. (CVE-2007-0770) Closes: #410435 - 4. By Daniel Kobras <email address hidden>
-
* Non-maintainer upload.
* magick/display.c: In DisplayImageCommand(), expand command line before
allocating ressources based on argc. Patch and analysis thanks to
Eero Häkkinen. Closes: #345595
* magick/{animate. c,blob. c,display. c,image. c,log.c, montage. c,string. c,
string_.h}: Implement new utility function FormatMagickStringNumeric( )
to securely expand a user-supplied format string with a single numeric
argument. Adjust code to use this function where appropriate.
(CVE-2006-0082) Closes: #345876
* coders/pdf.c,coders/ ps.c,magick/ delegate. c,magick/ delegate. h,
magick/methods.h: Do not call external delegates with user-supplied
filename, but with securely named symlinks only to prevent shell command
injection (CVE-2005-4601). Closes: #345238
* debian/rules: Make sure to include trailing spaces in multi-line
commands to keep recent make happy. Cures problems with ghostscript
font path. Fix thanks to Jeff Lessem. Closes: #347486
* debian/imagemagick. mime: Rather than autodetect the type of an image,
derive it from the mime type. As a side effect, this change allows to
use arbitrary filenames with the 'see' command, even if they have
special meaning to imagemagick internally. Also clean up some typos
and superfluous entries once we're at it. Closes: #344997 - 2. By Colin Watson
-
Disable DPS support, as the supporting libraries have apparently been
removed from xorg.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/imagemagick