-
imagemagick (8:6.9.7.4+dfsg-3ubuntu1.2) zesty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
8:6.9.7.4+dfsg-12 release. Once again, thanks to Bastien Roucariès
for the excellent work this update is based on!
- CVE-2017-9261, CVE-2017-9262, CVE-2017-9405, CVE-2017-9407,
CVE-2017-9409, CVE-2017-9439, CVE-2017-9440, CVE-2017-9501,
CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188,
CVE-2017-11352, CVE-2017-11360, CVE-2017-11447, CVE-2017-11448,
CVE-2017-11449, CVE-2017-11450, CVE-2017-11478
-- Marc Deslauriers <email address hidden> Fri, 21 Jul 2017 08:30:46 -0400
-
imagemagick (8:6.9.7.4+dfsg-3ubuntu1.1) zesty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
8:6.9.7.4+dfsg-8 and 8:6.8.9.9-5+deb8u9 releases. Once again, thanks
to Bastien Roucariès for the excellent work this update is based on!
- CVE-2017-7606, CVE-2017-7619, CVE-2017-7941, CVE-2017-7942,
CVE-2017-7943, CVE-2017-8343, CVE-2017-8344, CVE-2017-8345,
CVE-2017-8346, CVE-2017-8347, CVE-2017-8348, CVE-2017-8349,
CVE-2017-8350, CVE-2017-8351, CVE-2017-8352, CVE-2017-8353,
CVE-2017-8354, CVE-2017-8355, CVE-2017-8356, CVE-2017-8357,
CVE-2017-8765, CVE-2017-8830, CVE-2017-9098, CVE-2017-9141,
CVE-2017-9142, CVE-2017-9143, CVE-2017-9144
-- Marc Deslauriers <email address hidden> Fri, 26 May 2017 11:02:11 -0400
-
imagemagick (8:6.9.7.4+dfsg-3ubuntu1) zesty; urgency=low
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP: #711061).
+ Regenerate d/control file with `debian/rules update_pkg`
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
-- Gianfranco Costamagna <email address hidden> Fri, 07 Apr 2017 23:25:27 +0200
-
imagemagick (8:6.9.7.4+dfsg-2ubuntu3) zesty; urgency=medium
* d/control: demote libmagickcore-6.q16hdri-3-extra Recommends on
libjxr-tools to Suggests, as it is in universe.
-- Nishanth Aravamudan <email address hidden> Thu, 30 Mar 2017 15:55:12 -0700
-
imagemagick (8:6.9.7.4+dfsg-2ubuntu2) zesty; urgency=medium
* d/control: demote libmagickcore-6.q16-3-extra Recommends on
libjxr-tools to Suggests, as it is in universe.
-- Nishanth Aravamudan <email address hidden> Thu, 30 Mar 2017 10:53:06 -0700
-
imagemagick (8:6.9.7.0+dfsg-2ubuntu1) zesty; urgency=medium
* Merge with Debian unstable (LP: #). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP #711061).
+ Regenerate d/control file with `debian/rules update_pkg`
* Drop:
- Properly clean-up quantum control file fragments from `debian/rules
update_pkg`
[ Fixed in Debian 8:6.9.7.0+dfsg-2 ]
- debian/patches/0020-Revert-GradientImage-change.patch: Revert patch
per https://github.com/ImageMagick/ImageMagick/issues/316. Thanks
to Cristy <email address hidden>. Closes LP #1645406.
[ Fixed upstream ]
-- Nishanth Aravamudan <email address hidden> Wed, 11 Jan 2017 17:10:01 -0800
-
imagemagick (8:6.9.6.6+dfsg-1ubuntu3) zesty; urgency=medium
* debian/patches/0020-Revert-GradientImage-change.patch: Revert patch
per https://github.com/ImageMagick/ImageMagick/issues/316. Thanks
to Cristy <email address hidden>. Closes LP: #1645406.
-- Nishanth Aravamudan <email address hidden> Tue, 06 Dec 2016 17:26:36 +0100
-
imagemagick (8:6.9.6.6+dfsg-1ubuntu2) zesty; urgency=medium
* Properly drop dependency on libopenjp2-7-dev by updating
d/control.d/*.in files.
- Regenerate d/control file with `debian/rules update_pkg`
* Properly clean-up quantum control file fragments from `debian/rules
update_pkg`
-- Nishanth Aravamudan <email address hidden> Tue, 29 Nov 2016 08:43:07 -0800
-
imagemagick (8:6.9.6.6+dfsg-1ubuntu1) zesty; urgency=medium
* Merge with Debian unstable (LP: #1645406). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP #711061).
-- Nishanth Aravamudan <email address hidden> Mon, 28 Nov 2016 12:32:40 -0800
-
imagemagick (8:6.9.6.2+dfsg-2ubuntu1) zesty; urgency=medium
* Merge with Debian unstable (LP: #1645406). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP #711061).
[ Previously undocumented ]
* Drop:
- Add backports of d6054824, 95c8394e and 68c6a7d to
0070-Fix-PixelColor-off-by-one-on-i386.patch (LP #1549942)
which were missed in "PixelColor off by one on i386
(closes #811308)
https://github.com/ImageMagick/ImageMagick/issues/54".
+ Add backport of 54b752c3 to fix color behavior (LP #1549942).
+ Fix backport of d6054824 to include dropped parentheses
(LP #1549942).
+ Drop of backported fixes to d/p/0070-Fix-PixelColor-off-by-one-on-i386.patch
[ Previously undocumented ]
[ Fixed upstream ]
- debian/rules: Use LCQUANTUMDEPTH when generating display-im6.desktop too.
Fixes broken icon in .desktop file. (LP #1558409)
[ Fixed in Debian ]
- SECURITY UPDATE: popen() shell vulnerability
+ d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
+ CVE-2016-5118
[ Fixed upstream, thanks to Marc Deslauriers
<email address hidden> for verification. ]
- SECURITY UPDATE: ImageTragick remote code execution
+ d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
+ d/p/0077-Remove-PLT-Gnuplot-decoder.patch
+ d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
+ d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
+ d/p/0080-Prevent-indirect-reads-with-label-at.patch
+ d/p/0081-Less-secure-coders-require-explicit-reference.patch
+ debian/rules: build with --with-rsvg.
+ CVE-2016-3714
+ CVE-2016-3716
+ CVE-2016-3718
[ Fixed upstream, thanks to Marc Deslauriers
<email address hidden> for verification. ]
- debian/README.Debian: explain use of --with-rsvg option.
[ Previously undocumented, dropped ]
- SECURITY UPDATE: multiple security issues
+ debian/patches/*: synchronize large quantity of security fixes with
Debian's 8:6.8.9.9-5+deb8u5 release. Thanks to Bastien Roucariès for
the excellent work this update is based on!
+ CVE-2014-9907, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959,
CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010,
CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690,
CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491,
CVE-2016-6823, CVE-2016-7101, CVE-2016-7513, CVE-2016-7514,
CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518,
CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522,
CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526,
CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530,
CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534,
CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538,
CVE-2016-7539, CVE-2016-7540
[ Fixed upstream, thanks to Marc Deslauriers
<email address hidden> for verification. ]
- Add backport of a54fe0e8 to fix segmentation faults during
php-imagick tests (LP #1549942).
+ Delete d/p/0076-Fix-segmentation-fault-with-php-imagick.patch
[ previously undocumented ]
[ Fixed upstream ]
-- Nishanth Aravamudan <email address hidden> Wed, 23 Nov 2016 13:18:57 -0800
-
imagemagick (8:6.8.9.9-7ubuntu10) zesty; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize large quantity of security fixes with
Debian's 8:6.8.9.9-5+deb8u5 release. Thanks to Bastien Roucariès for
the excellent work this update is based on!
- CVE-2014-9907, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959,
CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010,
CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690,
CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491,
CVE-2016-6823, CVE-2016-7101, CVE-2016-7513, CVE-2016-7514,
CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518,
CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522,
CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526,
CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530,
CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534,
CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538,
CVE-2016-7539, CVE-2016-7540
-- Marc Deslauriers <email address hidden> Mon, 21 Nov 2016 10:00:46 -0500
-
imagemagick (8:6.8.9.9-7ubuntu9) zesty; urgency=medium
* No-change rebuild for perl 5.24 transition
-- Iain Lane <email address hidden> Mon, 24 Oct 2016 10:09:23 +0100
-
imagemagick (8:6.8.9.9-7ubuntu8) yakkety; urgency=medium
* Drop useless dependency on jasper. Closes # 818203. (LP: #1612822)
-- Jeremy Bicha <email address hidden> Fri, 12 Aug 2016 17:18:29 -0400
