Ubuntu
imagemagick package

lp:ubuntu/gutsy-security/imagemagick

  1. Gutsy (7.10)
  2. gutsy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/gutsy-security/imagemagick
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

9. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  out-of-bounds heap write in the XCF coder
  - coders/xcf.c: add a couple of extra image sanity checks (patch taken
    from Red Hat - ImageMagick-6.2.8.0-4.el5_1.1.src.rpm)
  - CVE-2008-1096

8. By Kees Cook

* Merge with Debian unstable for CVE fixes. Remaining changes:
  - Magick++/lib/Geometry.cpp: build fix for g++-4.3.
  - debian/control: Ubuntu maintainer address.

7. By Matthias Klose

* Fix build failure with g++-4.3.
* Set Ubuntu maintainer address.

6. By Daniel Kobras <email address hidden>

* New maintainers.
* debian/compat: Splice debhelper version out of debian/rules into
  separate file (but don't bump version).
* debian/control: Adjust jasper dependencies to current package names.
  Closes: #419274, #420353
* Documentation minors improvements:
  - Manpages says SEE ALSO, not SEE-ALSO. Closes: #333616
  - Escaped specials chars in manpages. Closes: #381831
  - External reference in convert(1). Closes: #398183
  - "isplay", "perferred", "similiar" and "morify.html" typos fixed.
    Closes: #386964, #351498, #395830
  - ImageMagick(1) indentation. Closes: #335111
  - "convert -help" duplicated line fixes. Closes: #339548
  - Typo in description of --resize command fixed. Closes: #364826
* Magick++/lib/Image.cpp: Include cstdlib header to fix build failure
  with gcc 4.3. Patch thanks to Martin Michlmayr. Closes: #417237
* coders/dcm.c: Fix integer overflow in DCM coder. (CVE-2007-1797)
  Closes: #418057
* coders/icon.c: Fix segfault in ICON coder.
* coders/pcx.c: Fix heap overflow in PCX coder.
* coders/pict.c: Fix multiple segfaults in PICT coder.
* coders/png.c: Fix segfault in PNG coder.
* coders/pnm.c: Fix segfault in PNM coder.
* coders/sgi.c: Fix segfault in SGI coder.
* coders/sun.c: Fix segfault during conversion in SUN coder.
* coders/viff.c: Prevent heap corruption in VIFF coder.
* coders/xwd.c: Fix segfault during conversion in XWD coder.
* coders/xwd.c: Fix multiple integer overflows in XWD coder.
  (CVE-2007-1667, CVE-2007-1797)
* The above fixes collectively address the following bug report:
  Closes: #412945
* config/delegates.xml.in: Lose obsolete option -3 to dcraw delegate
  to unbreak support for raw digital images. Closes: #404477

5. By Daniel Kobras <email address hidden>

* Non-maintainer upload.
* coders/palm.c: Fix regression introduced in patch for CVE-2006-5456.
  Avoid bogus second read in macro call. Patch thanks to Vladimir
  Nadvornik. (CVE-2007-0770) Closes: #410435

4. By Daniel Kobras <email address hidden>

* Non-maintainer upload.
* magick/display.c: In DisplayImageCommand(), expand command line before
  allocating ressources based on argc. Patch and analysis thanks to
  Eero Häkkinen. Closes: #345595
* magick/{animate.c,blob.c,display.c,image.c,log.c,montage.c,string.c,
  string_.h}: Implement new utility function FormatMagickStringNumeric()
  to securely expand a user-supplied format string with a single numeric
  argument. Adjust code to use this function where appropriate.
  (CVE-2006-0082) Closes: #345876
* coders/pdf.c,coders/ps.c,magick/delegate.c,magick/delegate.h,
  magick/methods.h: Do not call external delegates with user-supplied
  filename, but with securely named symlinks only to prevent shell command
  injection (CVE-2005-4601). Closes: #345238
* debian/rules: Make sure to include trailing spaces in multi-line
  commands to keep recent make happy. Cures problems with ghostscript
  font path. Fix thanks to Jeff Lessem. Closes: #347486
* debian/imagemagick.mime: Rather than autodetect the type of an image,
  derive it from the mime type. As a side effect, this change allows to
  use arbitrary filenames with the 'see' command, even if they have
  special meaning to imagemagick internally. Also clean up some typos
  and superfluous entries once we're at it. Closes: #344997

3. By Matthias Klose

Synchronise with unstable.

2. By Colin Watson

Disable DPS support, as the supporting libraries have apparently been
removed from xorg.

1. By Colin Watson

Import upstream version 6.2.3.4

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/imagemagick
This branch contains Public information 
Everyone can see this information.

Subscribers