lp:ubuntu/wily-proposed/imagemagick
- Get this branch:
- bzr branch lp:ubuntu/wily-proposed/imagemagick
Branch merges
Branch information
Recent revisions
- 52. By Sebastien Bacher
-
Renamed library for gcc5 transition libmagick++-6.q16-5 ->
libmagick++-6.q16- 5v5 - 51. By Bastien Roucariès <email address hidden>
-
* Fix incorrect fix for xpm security problem.
This patch fixed the buffer overflow but
xpm coder output garbage, thanks to Adam Sjøgren
(Closes: #773980).
* Workarround "Imagemagick FTBFS on mips on mips-aql-* not on ball".
Do not execute testsuite if FPU is not present. Security team
want this bug fixed in order to ease it work, thanks
to Ivo De Decker (Closes: #770009). - 50. By Bastien Roucariès <email address hidden>
-
* Fix a few security bugs (Closes: #773834):
- Avoid a DOS in vision.c due to an infinite loop.
- Avoid a SEGV due to a corrupted pnm file.
- Do not leak fd due to corrupted file.
- Fix a double free in pdb coder.
- Fix a SEGV due to corrupted dpc and xwd images.
- Fix a SEGV in dpx file handler.
- Fix a SEGV in malformed xwd file handler.
- Avoid a NULL pointer dereference in ps file handling.
- Fix a crash with corrupted viff file.
- Fix a NULL pointer dereference in wpg file handling.
- Do not continue on corrupted wpg file.
- Avoid an out of bound access in viff image.
- Avoid a heap buffer overflow in pdb file handling.
- Avoid an out of bound acess on malformed sun file.
- Avoid heap overflow in palm, pnm and xpm files.
- Fix heap overflow in quantum, palm and psd file.
- Fix handling of corrupted of psd, sun and xpm file.
- Fix corrupted (too many colors) psd file.
- Fix an out of bound acess in sun file.
- Fix handling of corrupted sun and wpg file.
- Fix heap overflow in pcx file, psd, pict and wpf files
and DOS in xpm files.
- Add additional PNM sanity checks.
- Avoid a crash to out of memory in magick/cache.c
- Fix a theorical out of bound access in magick/colormap- private. h
- Fix an out of bound access in palm file.
- Fixed throwing of exceptions in psd handling and fix a memory leak.
- Fixed boundary checks in DecodePSDPixels.
- Fix another out of bound problem in rle file.
- Fix crash due to corrupted dib file.
- Added checks to prevent overflow in rle file.
- Impose a limit of 10 million columns or rows in an input PNG
- Don't try to handle a "previous" image in the JNG decoder.
- Avoid a memory leak in quantum management.
- Avoid a crash in png coder.
- Thread limit should be at least 1 in order to be efficient.
- In psd file handling fixed parsing resource block and
avoid a crash.
- In cache fix usage of object after it has been destroyed.
- Avoid a memory leak in rle file handling.
- During identification of image do not fill memory - 49. By Bastien Roucariès <email address hidden>
-
Fix a security bug (DOS). Some special crafted JPEG
files could create a dos due to missing check in
embeded EXIF properties (EXIF directory offsets
must be greater than 0). Fix CVE-2014-8716
(Closes: #768494). - 47. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Make ufraw-batch (universe) a suggestion instead of a recommendation.
- Depend on fftw3-dev as it's in main, not fftw-dev.
- Make libmagickcore-dev depend on liblcms2-dev rather than liblcms-dev.
- Build using dh-autoreconf.
- Fix link of test cases.
* Dropped changes:
- Build-depend on libtiff5-dev instead of libtiff-dev (libtiff5-dev is
the only libtiff-dev provider nowadays).
- Configure with --disable-silent- rules (launchpad-buildd exports V=1
for all builds now, which is equivalent). - 46. By Marc Deslauriers
-
* Resynchronise with Debian. Remaining changes:
- Make ufraw-batch (universe) a suggestion instead of a recommendation.
- Don't set MAKEFLAGS in debian/rules; just pass it to the build.
- Build-depend on libtiff5-dev instead of libtiff-dev.
- Depend on fftw3-dev as it's in main, not fftw-dev.
- Make libmagickcore-dev depend on liblcms2-dev rather than liblcms-dev.
- Build using dh-autoreconf.
- Configure with --disable-silent- rules
- Fix link of test cases. - 45. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via psd
images processing rle decoding buffer overflow
- debian/patches/ CVE-2014- 1958.patch: check lengths in coders/psd.c.
- CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
crafted restart markers
- debian/patches/ CVE-2014- 2030.patch: don't overflow layer_name in
coders/psd.c.
- CVE-2014-2030
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/wily/imagemagick