UbuntuUpdates.org

Package "perlmagick"

Name: perlmagick

Description:

Perl interface to the ImageMagick graphics routines

Latest version: 8:6.7.7.10-6ubuntu3.13
Release: trusty (14.04)
Level: updates
Repository: main
Head package: imagemagick
Homepage: http://www.imagemagick.org/

Links


Download "perlmagick"


Other versions of "perlmagick" in Trusty

Repository Area Version
base main 8:6.7.7.10-6ubuntu3
security main 8:6.7.7.10-6ubuntu3.13

Changelog

Version: 8:6.7.7.10-6ubuntu3.7 2017-05-30 14:06:42 UTC

  imagemagick (8:6.7.7.10-6ubuntu3.7) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      8:6.8.9.9-5+deb8u9 release. Once again, thanks to Bastien Roucariès
      for the excellent work this update is based on!
    - CVE-2017-7606, CVE-2017-7619, CVE-2017-7941, CVE-2017-7943,
      CVE-2017-8343, CVE-2017-8344, CVE-2017-8345, CVE-2017-8346,
      CVE-2017-8347, CVE-2017-8348, CVE-2017-8349, CVE-2017-8350,
      CVE-2017-8351, CVE-2017-8352, CVE-2017-8353, CVE-2017-8354,
      CVE-2017-8355, CVE-2017-8356, CVE-2017-8357, CVE-2017-8765,
      CVE-2017-8830, CVE-2017-9098, CVE-2017-9141, CVE-2017-9142,
      CVE-2017-9143, CVE-2017-9144

 -- Marc Deslauriers <email address hidden> Fri, 26 May 2017 07:55:05 -0400

Source diff to previous version
CVE-2017-7606 coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might al
CVE-2017-7619 In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateH
CVE-2017-7941 The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2017-7943 The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2017-8343 In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8344 In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8345 In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8346 In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8347 In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8348 In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8349 In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8350 In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8351 In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8352 In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8353 In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8354 In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8355 In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8356 In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8357 In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8765 The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a craf
CVE-2017-8830 In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9098 ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive infor
CVE-2017-9141 In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c becau
CVE-2017-9142 In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing check
CVE-2017-9143 In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file
CVE-2017-9144 In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.

Version: 8:6.7.7.10-6ubuntu3.6 2017-03-14 19:06:48 UTC

  imagemagick (8:6.7.7.10-6ubuntu3.6) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      8:6.8.9.9-5+deb8u8 release. Once again, thanks to Bastien Roucariès
      for the excellent work this update is based on!
    - CVE-2017-6498, CVE-2017-6500

 -- Marc Deslauriers <email address hidden> Tue, 14 Mar 2017 09:23:56 -0400

Source diff to previous version
CVE-2017-6498 An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
CVE-2017-6500 An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.

Version: 8:6.7.7.10-6ubuntu3.5 2017-03-08 15:07:00 UTC

  imagemagick (8:6.7.7.10-6ubuntu3.5) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      8:6.8.9.9-5+deb8u7 release. Once again, thanks to Bastien Roucariès
      for the excellent work this update is based on!
    - CVE-2016-8707, CVE-2016-10062, CVE-2016-10144, CVE-2016-10145,
      CVE-2016-10146, CVE-2017-5506, CVE-2017-5507, CVE-2017-5508,
      CVE-2017-5510, CVE-2017-5511

 -- Marc Deslauriers <email address hidden> Thu, 02 Mar 2017 15:10:05 -0500

Source diff to previous version
CVE-2016-8707 An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can le
CVE-2016-1006 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to
CVE-2016-1014 Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11
CVE-2017-5506 double free in profile
CVE-2017-5507 memory leak in MPC file handling
CVE-2017-5508 Crash - PushQuantumPixel - Heap-Buffer-Overflow (TIFF)
CVE-2017-5510 memory corruption heap overflow, psb file related, another one
CVE-2017-5511 memory corruption heap overflow, psb file related

Version: 8:6.7.7.10-6ubuntu3.4 2017-02-22 22:07:05 UTC

  imagemagick (8:6.7.7.10-6ubuntu3.4) trusty-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:04:25 -0500

Source diff to previous version
1646485 security update regression in 'convert' tool when creating an image containing a text label
1589580 Security improvements to TEXT coder broke it

Version: 8:6.7.7.10-6ubuntu3.3 2016-11-30 19:07:03 UTC

  imagemagick (8:6.7.7.10-6ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: backport security fixes from Debian's
      8:6.8.9.9-5+deb8u6 release. Once again, thanks to Bastien Roucariès
      for the excellent work this update is based on!
    - CVE-2016-7799, CVE-2016-8677, CVE-2016-8862, CVE-2016-9556

 -- Marc Deslauriers <email address hidden> Tue, 29 Nov 2016 09:48:17 -0500

CVE-2016-7799 mogrify global buffer overflow
CVE-2016-8677 memory allocate failure in AcquireQuantumPixels
CVE-2016-8862 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)
CVE-2016-9556 Heap buffer overflow in heap-buffer-overflow in IsPixelGray



About   -   Send Feedback to @ubuntu_updates