imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.9 source package in Ubuntu

Changelog

imagemagick (8:6.9.10.23+dfsg-2.1ubuntu11.9) focal-security; urgency=medium

  * SECURITY UPDATE: command injection vulnerability
    - debian/patches/CVE-2020-29599-*.patch: Fix command injection issue in
      -authenticate option
    - CVE-2020-29599
  * SECURITY UPDATE: integer overflow in ExportIndexQuantum()
    - debian/patches/CVE-2021-20224.patch: outside the range of representable
      values of type 'unsigned char'
    - CVE-2021-20224
  * SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
    remote attacker to cause a denial of service via a crafted image file
    - debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
      to fix division by zeros in coders/jp2.c
    - debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
      to fix division by zeros in magick/resize.c
    - debian/patches/CVE-2021-20244.patch: Avoid division by zero in
      magick/fx.c
    - debian/patches/CVE-2021-20246.patch: Avoid division by zero in
      magick/resample.c
    - debian/patches/CVE-2021-20309.patch: Avoid division by zero in
      magick/fx.c
    - CVE-2021-20241
    - CVE-2021-20243
    - CVE-2021-20244
    - CVE-2021-20246
    - CVE-2021-20309
  * SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
    imagemagick allow a remote attacker to cause a denial of service or
    possible leak of cryptographic information via a crafted image file
    - debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
      coders/thumbnail.c, division by zero in magick/colorspace.c and
      a potential cipher leak in magick/memory.c
    - CVE-2021-20312
    - CVE-2021-20313
  * SECURITY UPDATE: Security Issue when Configuring the ImageMagick
    Security Policy
    - debian/patches/CVE-2021-39212.patch: Added missing policy checks in
      RegisterStaticModules
    - CVE-2021-39212
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-28463.patch: fix buffer overflow
    - CVE-2022-28463
  * SECURITY UPDATE: out-of-range value
    - debian/patches/CVE-2022-32545.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned char in
      coders/psd.c.
    - debian/patches/CVE-2022-32546.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned long in
      coders/pcl.c.
    - CVE-2022-32545
    - CVE-2022-32546
  * SECURITY UPDATE: load of misaligned address
    - debian/patches/CVE-2022-32547.patch: addresses the potential for the
      loading of misaligned addresses in magick/property.c.
    - CVE-2022-32547
  * SECURITY UPDATE: DoS due to SVG parser
    - debian/patches/CVE-2023-1289*.patch: erecursion detection
    - CVE-2023-1289
  * SECURITY UPDATE: integer overflow vulnerability
    - debian/patches/CVE-2023-34151*.patch: properly cast double to size_t
    - CVE-2023-34151

 -- Nishit Majithia <email address hidden>  Mon, 26 Jun 2023 11:23:07 +0530

Upload details

Uploaded by:
Nishit Majithia
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
graphics
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe graphics
Focal security universe graphics

Downloads

File Size SHA-256 Checksum
imagemagick_6.9.10.23+dfsg.orig.tar.xz 8.7 MiB 44249112b624f2cc315573fa96685e547da27ebb321432259290c407023c531e
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.9.debian.tar.xz 256.9 KiB 49c1406235a82e54ec2ba9d41a2f40f38b6281dcd7e6332aa295181c63a44c2d
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.9.dsc 5.0 KiB 559b6dbd04a337ca41f6ba90840cbdfda53fd6c0c72e9bf89a68a81acd96d24b

View changes file

Binary packages built by this source

imagemagick: image manipulation programs -- binaries

 ImageMagick is a software suite to create, edit, and compose bitmap images.
 It can read, convert and write images in a variety of formats (over 100)
 including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,
 SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,
 shear and transform images, adjust image colors, apply various special
 effects, or draw text, lines, polygons, ellipses and Bézier curves.
 All manipulations can be achieved through shell commands as well as through
 an X11 graphical interface (display).
 .
 This package include links to channel depth specific binaries and manual
 pages.
 .
 This is a dummy package. You can safely purge or remove it.

imagemagick-6-common: image manipulation programs -- infrastructure

 imagemagick-common contains the filesystem infrastructure required for
 further installation of imagemagick in any configuration; it does not provide
 a full installation of binaries, libraries, and utilities
 required to run imagemagick.
 .
 This package is independent of channel depth.

imagemagick-6-doc: document files of ImageMagick

 This package contains the document files shipped with ImageMagick, a software
 suite to create, edit, and compose bitmap images.
 .
 Documentations includes html manuals, examples files, and doxygen generated API
 documentation.

imagemagick-6.q16: image manipulation programs -- quantum depth Q16

 ImageMagick is a software suite to create, edit, and compose bitmap images.
 It can read, convert and write images in a variety of formats (over 100)
 including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,
 SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,
 shear and transform images, adjust image colors, apply various special
 effects, or draw text, lines, polygons, ellipses and Bézier curves.
 All manipulations can be achieved through shell commands as well as through
 an X11 graphical interface (display).
 .
 For working with the SVG, WMF, OpenEXR, DjVu and Graphviz formats,
 you need to install the libmagickcore-6.q16-6-extra package.
 .
 This version of imagemagick is compiled for a channel
 depth of 16 bits (Q16).

imagemagick-6.q16-dbgsym: debug symbols for imagemagick-6.q16
imagemagick-6.q16hdri: image manipulation programs -- quantum depth Q16HDRI

 ImageMagick is a software suite to create, edit, and compose bitmap images.
 It can read, convert and write images in a variety of formats (over 100)
 including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,
 SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,
 shear and transform images, adjust image colors, apply various special
 effects, or draw text, lines, polygons, ellipses and Bézier curves.
 All manipulations can be achieved through shell commands as well as through
 an X11 graphical interface (display).
 .
 For working with the SVG, WMF, OpenEXR, DjVu and Graphviz formats,
 you need to install the libmagickcore-6.q16hdri-6-extra package.
 .
 This version of imagemagick is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

imagemagick-6.q16hdri-dbgsym: debug symbols for imagemagick-6.q16hdri
imagemagick-common: image manipulation programs -- infrastructure dummy package

 imagemagick-common contained the filesystem infrastructure required for
 further installation of imagemagick in any configuration.
 .
 This is a transitional package to help migrate systems to the new
 imagemagick-6-common package.
 .
 This is a dummy package. You can safely purge or remove it.

imagemagick-doc: document files of ImageMagick -- dummy package

 This package contained the document files shipped with ImageMagick, a software
 suite to create, edit, and compose bitmap images.
 .
 This is a transitional package to help migrate systems to the new
 imagemagick-6-doc package.
 .
 This is a dummy package. You can safely purge or remove it.

libimage-magick-perl: Perl interface to the ImageMagick graphics routines

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.
 .
 This is the compatibility (wrapper) perlmagick package that
 use the default channel depth.
 .
 This package provides the perl Image::Magick class.

libimage-magick-q16-perl: Perl interface to the ImageMagick graphics routines -- Q16 version

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.
 .
 This version of libimage-magick is compiled for a channel
 depth of 16 bits (Q16).
 .
 This package provides the perl Image::Magick::Q16 class.

libimage-magick-q16-perl-dbgsym: debug symbols for libimage-magick-q16-perl
libimage-magick-q16hdri-perl: Perl interface to the ImageMagick graphics routines -- Q16HDRI version

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.
 .
 This version of libimage-magick is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).
 .
 This package provides the perl Image::Magick::Q16HDRI class.

libimage-magick-q16hdri-perl-dbgsym: debug symbols for libimage-magick-q16hdri-perl
libmagick++-6-headers: object-oriented C++ interface to ImageMagick - header files

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package includes header files needed to compile
 programs using Magick++.
 .
 This package is independent of channel depth.

libmagick++-6.q16-8: C++ interface to ImageMagick -- quantum depth Q16

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package contains the C++ libraries needed to run executables that make
 use of libMagick++.
 .
 This version of libmagick++ is compiled for a channel
 depth of 16 bits (Q16).

libmagick++-6.q16-8-dbgsym: debug symbols for libmagick++-6.q16-8
libmagick++-6.q16-dev: C++ interface to ImageMagick - development files (Q16)

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package includes header files and static libraries needed to compile
 programs using Magick++.
 .
 This version of libmagick++-dev is compiled for a channel
 depth of 16 bits (Q16).

libmagick++-6.q16hdri-8: C++ interface to ImageMagick -- quantum depth Q16HDRI

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package contains the C++ libraries needed to run executables that make
 use of libMagick++.
 .
 This version of libmagick++ is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagick++-6.q16hdri-8-dbgsym: debug symbols for libmagick++-6.q16hdri-8
libmagick++-6.q16hdri-dev: C++ interface to ImageMagick - development files (Q16HDRI)

 The Magick++ library is a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This package includes header files and static libraries needed to compile
 programs using Magick++.
 .
 This version of libmagick++-dev is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagick++-dev: object-oriented C++ interface to ImageMagick -- dummy package

 The Magick++ library was a set of C++ wrapper classes that provides access
 to the ImageMagick package functionality from within a C++ application.
 .
 This is a transitional package to help migrate systems to the new
 ABI of libmagick++-6 development files for default channel depth.
 .
 This is a dummy package. You can safely purge or remove it.

libmagickcore-6-arch-config: low-level image manipulation library - architecture header files

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package includes the architecture dependent part of the
 headers files used by MagickCore.
 .
 This package is independent of channel depth.

libmagickcore-6-headers: low-level image manipulation library - header files

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package includes the architecture independent header files
 needed to compile programs using MagickCore.
 .
 This package is independent of channel depth.

libmagickcore-6.q16-6: low-level image manipulation library -- quantum depth Q16

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickCore.
 .
 This version of libmagickcore is compiled for a channel
 depth of 16 bits (Q16).

libmagickcore-6.q16-6-dbgsym: debug symbols for libmagickcore-6.q16-6
libmagickcore-6.q16-6-extra: low-level image manipulation library - extra codecs (Q16)

 This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to
 MagickCore.
 .
 This version of libmagickcore-extra is compiled for a channel
 depth of 16 bits (Q16).

libmagickcore-6.q16-6-extra-dbgsym: debug symbols for libmagickcore-6.q16-6-extra
libmagickcore-6.q16-dev: low-level image manipulation library - development files (Q16)

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package includes header static libraries needed to compile
 programs using MagickCore.
 .
 This version of libmagickcore-dev is compiled for a channel
 depth of 16 bits (Q16).

libmagickcore-6.q16hdri-6: low-level image manipulation library -- quantum depth Q16HDRI

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickCore.
 .
 This version of libmagickcore is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickcore-6.q16hdri-6-dbgsym: debug symbols for libmagickcore-6.q16hdri-6
libmagickcore-6.q16hdri-6-extra: low-level image manipulation library - extra codecs (Q16HDRI)

 This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to
 MagickCore.
 .
 This version of libmagickcore-extra is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickcore-6.q16hdri-6-extra-dbgsym: debug symbols for libmagickcore-6.q16hdri-6-extra
libmagickcore-6.q16hdri-dev: low-level image manipulation library - development files (Q16HDRI)

 The MagickCore API is a low-level interface between the C programming language
 and the ImageMagick image processing libraries and is recommended for
 wizard-level programmers only. Unlike the MagickWand C API which uses only a
 few opaque types and accessors, with MagickCore you almost exclusively access
 the structure members directly.
 .
 This package includes header static libraries needed to compile
 programs using MagickCore.
 .
 This version of libmagickcore-dev is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickcore-dev: low-level image manipulation library -- dummy package

 This package included header files and static libraries needed to compile
 programs using MagickCore.
 .
 This is a transitional package to help migrate systems to the new
 ABI of libmagickcore-6 development files for default channel depth.
 .
 This is a dummy package. You can safely purge or remove it.

libmagickwand-6-headers: image manipulation library - headers files

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package includes header files needed to compile
 programs using MagickWand.
 .
 This package is independent of channel depth.

libmagickwand-6.q16-6: image manipulation library -- quantum depth Q16

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickWand.
 .
 This version of libmagickwand is compiled for a channel
 depth of 16 bits (Q16).

libmagickwand-6.q16-6-dbgsym: debug symbols for libmagickwand-6.q16-6
libmagickwand-6.q16-dev: image manipulation library - development files (Q16)

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package the static libraries needed to compile
 programs using MagickWand.
 .
 This version of libmagickwand-dev is compiled for a channel
 depth of 16 bits (Q16).

libmagickwand-6.q16hdri-6: image manipulation library -- quantum depth Q16HDRI

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package contains the C libraries needed to run executables that make
 use of MagickWand.
 .
 This version of libmagickwand is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickwand-6.q16hdri-6-dbgsym: debug symbols for libmagickwand-6.q16hdri-6
libmagickwand-6.q16hdri-dev: image manipulation library - development files (Q16HDRI)

 The MagickWand API is the recommended interface between the C programming
 language and the ImageMagick image processing libraries. Unlike the
 MagickCore C API, MagickWand uses only a few opaque types. Accessors are
 available to set or get important wand properties.
 .
 This package the static libraries needed to compile
 programs using MagickWand.
 .
 This version of libmagickwand-dev is compiled for a channel
 depth of 16 bits with high dynamic range (Q16HDRI).

libmagickwand-dev: image manipulation library -- dummy package

 This package included the static libraries needed to compile
 programs using MagickWand.
 .
 This is a transitional package to help migrate systems to the new
 ABI of libmagickwand-6 development files for default channel depth.
 .
 This is a dummy package. You can safely purge or remove it.

perlmagick: Perl interface to ImageMagick -- dummy package

 PerlMagick is an objected-oriented Perl interface to ImageMagick.
 Use the module to read, manipulate, or write an image or image sequence from
 within a Perl script. This makes it very suitable for Web CGI scripts.
 .
 This is a transitional package to help migrate systems to the new
 libimage-magick-perl perl library.
 .
 This is a dummy package. You can safely purge or remove it.