[Pkg-gmagick-im-team] Bug#833003: Bug#833003: CVE-2016-5688 WPG file issue
Bastien ROUCARIES
roucaries.bastien at gmail.com
Sat Jul 30 19:46:36 UTC 2016
This is three patch instead of one
commit 5be8c8595e23af7cd1b39a4135d2f9d7344f4520
Author: Cristy <urban-warrior at imagemagick.org>
Date: Wed May 18 08:11:53 2016 -0400
Fix allocation of memory for CVE-2016-5688
(cherry picked from commit f7c2e897c0f990d663026055a2b40e1be7e16ede)
This is a partial fix for CVE-2016-5688
This also fix test suite
origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/f7c2e897c0f990d663026055a2b40e1be7e16ede
bug-debian: https://bugs.debian.org/833003
bug: https://github.com/ImageMagick/ImageMagick/issues/202
commit 03b492b4878fd755f010e162bda6d192ee6b81c6
Author: Cristy <urban-warrior at imagemagick.org>
Date: Mon May 16 16:05:02 2016 -0400
Set pixel cache to undefined if any resource limit is exceeded
This is a partial fix for CVE-2016-5688
origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
bug-debian: https://bugs.debian.org/833003
commit d4bda075fbd8aa87a6bf0503eb71ec39dface22a
Author: Cristy <urban-warrior at imagemagick.org>
Date: Mon May 16 14:00:14 2016 -0400
Ensure image extent does not exceed maximum for wpg file
This is a partial fix of CVE-2016-5688
bug-debian: https://bugs.debian.org/833003
origin: upstream,
https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
On Sat, Jul 30, 2016 at 8:22 PM, Bastien ROUCARIES
<roucaries.bastien at gmail.com> wrote:
> Package: src:imagemagick
> Version: 8:6.7.7.10-5
> Severity: grave
> Tags: patch security
> X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
>
> Several bugs in the WPG parser could lead to a heap overflow and
> random invalid memory writes. These bugs only seem to appear when a
> memory limit is set.
>
> _______________________________________________
> Pkg-gmagick-im-team mailing list
> Pkg-gmagick-im-team at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gmagick-im-team
More information about the Pkg-gmagick-im-team
mailing list