lp:ubuntu/lucid-security/imagemagick
- Get this branch:
- bzr branch lp:ubuntu/lucid-security/imagemagick
Branch merges
Branch information
Recent revisions
- 24. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service via large resource consumption
- debian/patches/ CVE-2012- 3437.patch: always use correct size argument
with libpng memory allocation
- CVE-2012-3437 - 23. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
malformed ResolutionUnit or IOP tags.
- debian/patches/ CVE-2012- 0247.patch: properly calculate
lengths and sizes in magick/{profile, property} .c.
- CVE-2012-0247
- CVE-2012-0248
- CVE-2012-1185
- CVE-2012-1186
* SECURITY UPDATE: denial of service and possible code execution via
EXIF tags.
- debian/patches/ CVE-2012- 0259.patch: don't copy invalid memory in
coders/tiff.c, properly initialize buffers in magick/property.c.
- CVE-2012-0259
- CVE-2012-1798
* SECURITY UPDATE: denial of service and possible code execution via
JPEG EXIF integer overflow.
- debian/patches/ CVE-2012- 1610.patch: check number of bytes in
magick/{profile, property} .c.
- CVE-2012-1610 - 22. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via config files in the
current directory.
- debian/patches/ CVE-2010- 4167.patch: don't read config files from
the current directory for the "installed" version.
- CVE-2010-4167 - 21. By Luke Yelavich
-
* Merge from debian testing. Remaining changes:
- Don't build-dep on librsvg, it brings in excessive dependencies
- Don't build-dep on liblqr-1-0-dev, it is in universe - 20. By Luke Yelavich
-
* Merge from debian testing, remaining changes:
- Don't build-dep on librsvg, it brings in excessive dependencies
- Don't build-dep on liblqr-1-0-dev, it is in universe - 18. By Harald Sitter
-
Make imagemagick suggest the -doc package, rather than recommend. Since
we install recommends by default -doc will end up in a Kubuntu installation. - 17. By Muharem Hrnjadovic
-
* Merge from debian unstable, remaining changes:
- (Build-)depend on libltdl7-dev instead of libltdl3-dev (the armel buildds
currently have both available).
- Don't build-dep on librsvg, it brings in excessive dependencies - 16. By Jamie Strandboge
-
* SECURITY UPDATE: integer overflow via crafted TIFF image
- debian/patches/ CVE-2009- 1882.patch: adjust xwindow.c, display.c and
animate.c to verify width and length
- CVE-2009-1882
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/imagemagick