imagemagick 8:6.9.11.60+dfsg-1.5 source package in Ubuntu

Changelog

imagemagick (8:6.9.11.60+dfsg-1.5) unstable; urgency=high

  * Non-maintainer upload

  [ Nishit Majithia ]
  * SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
    remote attacker to cause a denial of service via a crafted image file
    - debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
      to fix division by zeros in coders/jp2.c
    - debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
      to fix division by zeros in magick/resize.c
    - debian/patches/CVE-2021-20244.patch: Avoid division by zero in
      magick/fx.c
    - debian/patches/CVE-2021-20245.patch: Avoid division by zero in
      oders/webp.c
    - debian/patches/CVE-2021-20246.patch: Avoid division by zero in
      magick/resample.c
    - debian/patches/CVE-2021-20309.patch: Avoid division by zero in
      magick/fx.c
    - CVE-2021-20241
    - CVE-2021-20243
    - CVE-2021-20244
    - CVE-2021-20245
    - CVE-2021-20246
    - CVE-2021-20309
  * SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
    imagemagick allow a remote attacker to cause a denial of service or
    possible leak of cryptographic information via a crafted image file
    - debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
      coders/thumbnail.c, division by zero in magick/colorspace.c and
      a potential cipher leak in magick/memory.c
    - CVE-2021-20312
    - CVE-2021-20313
  * SECURITY UPDATE: memory leaks when executing convert command
    - debian/patches/CVE-2021-3574.patch: fix memory leaks
    - CVE-2021-3574
  * SECURITY UPDATE: Security Issue when Configuring the ImageMagick
    Security Policy
    - debian/patches/CVE-2021-39212.patch: Added missing policy checks in
      RegisterStaticModules
    - CVE-2021-39212 (Closes: #996588)
  * SECURITY UPDATE: DoS while processing crafted SVG files
    - debian/patches/CVE-2021-4219.patch: fix denial of service
    - CVE-2021-4219
  * SECURITY UPDATE: use-after-free in magick
    - debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
      dcm.c
    - CVE-2022-1114
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-28463.patch: fix buffer overflow
    - CVE-2022-28463 (Closes: #1013282)
  * SECURITY UPDATE: out-of-range value
    - debian/patches/CVE-2022-32545.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned char in
      coders/psd.c.
    - debian/patches/CVE-2022-32546.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned long in
      coders/pcl.c.
    - CVE-2022-32545
    - CVE-2022-32546
  * SECURITY UPDATE: load of misaligned address
    - debian/patches/CVE-2022-32547.patch: addresses the potential for the
      loading of misaligned addresses in magick/property.c.
    - CVE-2022-32547 (Closes: #1016442)

 -- Jeremy Bicha <email address hidden>  Sat, 04 Feb 2023 21:50:44 -0500

Upload details

Uploaded by:
ImageMagick Packaging Team
Uploaded to:
Sid
Original maintainer:
ImageMagick Packaging Team
Architectures:
any all
Section:
graphics
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
imagemagick_6.9.11.60+dfsg-1.5.dsc 5.0 KiB 21e3a4ede229ca2ebfc68cbad9ace30238d95a105e8f7ecc47d3dbfc703b408f
imagemagick_6.9.11.60+dfsg.orig.tar.xz 9.0 MiB 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4
imagemagick_6.9.11.60+dfsg-1.5.debian.tar.xz 247.4 KiB 77c786e41d5922e9a13cd468342bf0896f4c7a3ba1c5873a456c0243c699ec83

No changes file available.

Binary packages built by this source

imagemagick: image manipulation programs -- binaries

 ImageMagick is a software suite to create, edit, and compose bitmap images.
 It can read, convert and write images in a variety of formats (over 100)
 including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,
 SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,
 shear and transform images, adjust image colors, apply various special
 effects, or draw text, lines, polygons, ellipses and Bézier curves.
 All manipulations can be achieved through shell commands as well as through
 an X11 graphical interface (display).
 .
 This package include links to channel depth specific binaries and manual
 pages.
 .
 This is a dummy package. You can safely purge or remove it.

imagemagick-6-common: image manipulation programs -- infrastructure

 imagemagick-common contains the filesystem infrastructure required for
 further installation of imagemagick in any configuration; it does not provide
 a full installation of binaries, libraries, and utilities
 required to run imagemagick.
 .
 This package is independent of channel depth.

imagemagick-6-doc: document files of ImageMagick

 This package contains the document files shipped with ImageMagick, a software
 suite to create, edit, and compose bitmap images.
 .
 Documentations includes html manuals, examples files, and doxygen generated API
 documentation.

imagemagick-6.q16: image manipulation programs -- quantum depth Q16

 ImageMagick is a software suite to create, edit, and compose bitmap images.
 It can read, convert and write images in a variety of formats (over 100)
 including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,
 SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,
 shear and transform images, adjust image colors, apply various special
 effects, or draw text, lines, polygons, ellipses and Bézier curves.
 All manipulations can be achieved through shell commands as well as through
 an X11 graphical interface (display).
 .
 For working with the SVG, WMF, OpenEXR, DjVu and Graphviz formats,
 you need to install the libmagickcore-6.q16-6-extra package.
 .
 This version of imagemagick is compiled for a channel
 depth of 16 bits (Q16).

imagemagick-6.q16-dbgsym: debug symbols for imagemagick-6.q16
imagemagick-6.q16hdri: image manipulation programs -- quantum depth Q16HDRI

 ImageMagick is a software suite to create, edit, and compose bitmap images.
 It can read, convert and write images in a variety of formats (over 100)
 including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,
 SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,
 shear and transform images, adjust image colors, apply various special
 effects, or draw text, lines, polygons, ellipses and Bézier curves.
 All manipulations can be achieved through shell commands as well as through
 an X11 graphical interface (display).
 .
 For working with the SVG, WMF, OpenEXR, DjVu and Graphviz formats,
 you need to install the libmagickcore-6.q16hdri-6-extra package.
 .
 This version of imagemagick is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

imagemagick-6.q16hdri-dbgsym: debug symbols for imagemagick-6.q16hdri
imagemagick-common: image manipulation programs -- infrastructure dummy package

 imagemagick-common contained the filesystem infrastructure required for
 further installation of imagemagick in any configuration.
 .
 This is a transitional package to help migrate systems to the new
 imagemagick-6-common package.
 .
 This is a dummy package. You can safely purge or remove it.

imagemagick-doc: document files of ImageMagick -- dummy package

 This package contained the document files shipped with ImageMagick, a software
 suite to create, edit, and compose bitmap images.
 .
 This is a transitional package to help migrate systems to the new
 imagemagick-6-doc package.
 .
 This is a dummy package. You can safely purge or remove it.

libimage-magick-perl: Perl interface to the ImageMagick graphics routines

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.
 .
 This is the compatibility (wrapper) perlmagick package that
 use the default channel depth.
 .
 This package provides the perl Image::Magick class.

libimage-magick-q16-perl: Perl interface to the ImageMagick graphics routines -- Q16 version

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.
 .
 This version of libimage-magick is compiled for a channel
 depth of 16 bits (Q16).
 .
 This package provides the perl Image::Magick::Q16 class.

libimage-magick-q16-perl-dbgsym: debug symbols for libimage-magick-q16-perl
libimage-magick-q16hdri-perl: Perl interface to the ImageMagick graphics routines -- Q16HDRI version

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.
 .
 This version of libimage-magick is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).
 .
 This package provides the perl Image::Magick::Q16HDRI class.

libimage-magick-q16hdri-perl-dbgsym: debug symbols for libimage-magick-q16hdri-perl
libmagick++-6-headers: object-oriented C++ interface to ImageMagick - header files

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package includes header files needed to compile
 programs using Magick++.
 .
 This package is independent of channel depth.

libmagick++-6.q16-8: C++ interface to ImageMagick -- quantum depth Q16

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package contains the C++ libraries needed to run executables that make
 use of libMagick++.
 .
 This version of libmagick++ is compiled for a channel
 depth of 16 bits (Q16).

libmagick++-6.q16-8-dbgsym: debug symbols for libmagick++-6.q16-8
libmagick++-6.q16-dev: C++ interface to ImageMagick - development files (Q16)

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package includes header files and static libraries needed to compile
 programs using Magick++.
 .
 This version of libmagick++-dev is compiled for a channel
 depth of 16 bits (Q16).

libmagick++-6.q16hdri-8: C++ interface to ImageMagick -- quantum depth Q16HDRI

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package contains the C++ libraries needed to run executables that make
 use of libMagick++.
 .
 This version of libmagick++ is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagick++-6.q16hdri-8-dbgsym: debug symbols for libmagick++-6.q16hdri-8
libmagick++-6.q16hdri-dev: C++ interface to ImageMagick - development files (Q16HDRI)

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package includes header files and static libraries needed to compile
 programs using Magick++.
 .
 This version of libmagick++-dev is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagick++-dev: object-oriented C++ interface to ImageMagick -- dummy package

 The Magick++ library was a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This is a transitional package to help migrate systems to the new
 ABI of libmagick++-6 development files for default channel depth.
 .
 This is a dummy package. You can safely purge or remove it.

libmagickcore-6-arch-config: low-level image manipulation library - architecture header files

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package includes the architecture dependent part of the
 headers files used by MagickCore.
 .
 This package is independent of channel depth.

libmagickcore-6-headers: low-level image manipulation library - header files

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package includes the architecture independent header files
 needed to compile programs using MagickCore.
 .
 This package is independent of channel depth.

libmagickcore-6.q16-6: low-level image manipulation library -- quantum depth Q16

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickCore.
 .
 This version of libmagickcore is compiled for a channel
 depth of 16 bits (Q16).

libmagickcore-6.q16-6-dbgsym: debug symbols for libmagickcore-6.q16-6
libmagickcore-6.q16-6-extra: low-level image manipulation library - extra codecs (Q16)

 This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to
 MagickCore.
 .
 This version of libmagickcore-extra is compiled for a channel
 depth of 16 bits (Q16).

libmagickcore-6.q16-6-extra-dbgsym: debug symbols for libmagickcore-6.q16-6-extra
libmagickcore-6.q16-dev: low-level image manipulation library - development files (Q16)

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package includes header static libraries needed to compile
 programs using MagickCore.
 .
 This version of libmagickcore-dev is compiled for a channel
 depth of 16 bits (Q16).

libmagickcore-6.q16hdri-6: low-level image manipulation library -- quantum depth Q16HDRI

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickCore.
 .
 This version of libmagickcore is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickcore-6.q16hdri-6-dbgsym: debug symbols for libmagickcore-6.q16hdri-6
libmagickcore-6.q16hdri-6-extra: low-level image manipulation library - extra codecs (Q16HDRI)

 This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to
 MagickCore.
 .
 This version of libmagickcore-extra is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickcore-6.q16hdri-6-extra-dbgsym: debug symbols for libmagickcore-6.q16hdri-6-extra
libmagickcore-6.q16hdri-dev: low-level image manipulation library - development files (Q16HDRI)

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package includes header static libraries needed to compile
 programs using MagickCore.
 .
 This version of libmagickcore-dev is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickcore-dev: low-level image manipulation library -- dummy package

 This package included header files and static libraries needed to compile
 programs using MagickCore.
 .
 This is a transitional package to help migrate systems to the new
 ABI of libmagickcore-6 development files for default channel depth.
 .
 This is a dummy package. You can safely purge or remove it.

libmagickwand-6-headers: image manipulation library - headers files

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package includes header files needed to compile
 programs using MagickWand.
 .
 This package is independent of channel depth.

libmagickwand-6.q16-6: image manipulation library -- quantum depth Q16

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickWand.
 .
 This version of libmagickwand is compiled for a channel
 depth of 16 bits (Q16).

libmagickwand-6.q16-6-dbgsym: debug symbols for libmagickwand-6.q16-6
libmagickwand-6.q16-dev: image manipulation library - development files (Q16)

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package the static libraries needed to compile
 programs using MagickWand.
 .
 This version of libmagickwand-dev is compiled for a channel
 depth of 16 bits (Q16).

libmagickwand-6.q16hdri-6: image manipulation library -- quantum depth Q16HDRI

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickWand.
 .
 This version of libmagickwand is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickwand-6.q16hdri-6-dbgsym: debug symbols for libmagickwand-6.q16hdri-6
libmagickwand-6.q16hdri-dev: image manipulation library - development files (Q16HDRI)

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package the static libraries needed to compile
 programs using MagickWand.
 .
 This version of libmagickwand-dev is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickwand-dev: image manipulation library -- dummy package

 This package included the static libraries needed to compile
 programs using MagickWand.
 .
 This is a transitional package to help migrate systems to the new
 ABI of libmagickwand-6 development files for default channel depth.
 .
 This is a dummy package. You can safely purge or remove it.

perlmagick: Perl interface to ImageMagick -- dummy package

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.
 .
 This is a transitional package to help migrate systems to the new
 libimage-magick-perl perl library.
 .
 This is a dummy package. You can safely purge or remove it.