-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Feb 2024 15:31:24 +0000
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc imagemagick-common imagemagick-doc libimage-magick-perl libmagick++-6-headers libmagick++-dev libmagickcore-6-headers libmagickcore-dev libmagickwand-6-headers libmagickwand-dev perlmagick
Architecture: all
Version: 8:6.9.11.60+dfsg-1.3+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 1013282 1036999
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.3+deb11u3) bullseye-security; urgency=medium
 .
   * Fix CVE-2021-3610 heap buffer overflow vulnerability in TIFF coder
   * Fix an heap buffer overflow in TIFF coder
   * Fix uninitialised value passing in TIFFGetField
   * Fix stack overflow in TIFF coder
   * Early exit in case of malformed TIFF file
   * Fix buffer overrun in TIFF coder
   * Fix unitialised value in TIFF coder
   * Fix CVE-2022-1115: Heap based overflow in
     TIFF coder (Closes: #1013282)
   * Fix uninitialised value in TIFF coders
   * Use salsa-ci
   * Fix CVE-2023-1289: A specially created SVG file loaded itself and
     causes a segmentation fault. This flaw allows a remote attacker
     to pass a specially crafted SVG file that leads to a segmentation
     fault, generating many trash files in "/tmp," resulting in
     a denial of service. When ImageMagick crashes,
     it generates a lot of trash files. These trash files
     can be large if the SVG file contains many render actions.
     In a denial of service attack, if a remote attacker uploads an SVG file
     of size t, ImageMagick generates files of size 103*t.
     If an attacker uploads a 100M SVG, the server will generate about 10G.
   * Fix CVE-2023-1906: A heap-based buffer overflow issue was
     discovered in ImageMagick's ImportMultiSpectralQuantum() function
     in MagickCore/quantum-import.c. An attacker could pass specially
     crafted file to convert, triggering an out-of-bounds read error,
     allowing an application to crash, resulting in a denial of service.
   * Fix CVE-2023-34151: Imagemagick was vulnerable due to
     an undefined behaviors of casting double to size_t in svg, mvg
     and other coders. (Closes: #1036999)
   * Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
     was found in coders/tiff.c in ImageMagick. This issue
     may allow a local attacker to trick the user into opening
     a specially crafted file, resulting in an application crash
     and denial of service.
   * Fix CVE-2023-5341: A heap use-after-free flaw was found in
     coders/bmp.c
Checksums-Sha1:
 d0eb9d166b61223e8c0643a24f3400f7fb236c5f 211748 imagemagick-6-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 eeaf3de09d8a80de5c0cb149c428adcbab5d34e8 7870284 imagemagick-6-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 fde8983a6c4929a97b40e22f8381333fdbe973b8 1516 imagemagick-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 6a55aeea5cb7be17823d897b575579f6bc79f5df 1620 imagemagick-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 11be1f2e9a522e887b25e242a326e0ce9133322d 18357 imagemagick_6.9.11.60+dfsg-1.3+deb11u3_all-buildd.buildinfo
 3056d4268a77897953af97bbc6ac3bf49e9d5133 53312 libimage-magick-perl_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 af3607b2fc5261277725a4b6d4e898445c654d4f 47544 libmagick++-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 e84d2f3808d56376b314e0ed4b084f06a3044623 1368 libmagick++-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 687bf56f3b23cd31c3b1b1371944ad615d81a643 50916 libmagickcore-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 10ecd55162eb8277e1943e27fde6c58b6f22487f 1344 libmagickcore-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 3c9aff62c8dad0f68ee8e5f77cf6d2a41d22f002 10508 libmagickwand-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 c0ae5c5cc8f238218bbb215f4138d8e4585776a5 1328 libmagickwand-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 5d44a1f54bdf07d1336252554aa86b88d7650c90 1368 perlmagick_6.9.11.60+dfsg-1.3+deb11u3_all.deb
Checksums-Sha256:
 a0b5fab00c3eb671f38917936c44962fa60cae5ac253e1e7a989042bfb48236d 211748 imagemagick-6-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 b77a1c6cd91ea293a191a79047c748d24a3544b3ad814e8987f33b3cb1382139 7870284 imagemagick-6-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 a8d04c30c5154f979a002402be42692e902762936f688d69450963732b5dc202 1516 imagemagick-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 7168792bc54d96aae45ffa58beb426b0a54ba2eb2d8b20961c9ab791e2848f1d 1620 imagemagick-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 7f1b94ee87396bd1a69df57d20d7cac64a6fa30e6711ab3acc9cc81682a2676d 18357 imagemagick_6.9.11.60+dfsg-1.3+deb11u3_all-buildd.buildinfo
 a9449b5d06d5e50ce29b04a4a4fa397168ede22535ba12759bca5500051820af 53312 libimage-magick-perl_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 c5d39189e3d1478d9fb5bdcbd49dca4f40621143706517f98cd7e831388492ee 47544 libmagick++-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 7e0d1a488f3def83d8abf659f2edb67f83307e1645518cdc99feee8152701a28 1368 libmagick++-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 19fa3428a5391f27b130dc2ce5cb3a703ea9dadbba01821cbae10f618888aa4c 50916 libmagickcore-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 0b85405d2879202f83b8c4f618a746dce7df66a7cd8aec5690b84cc0c11669c1 1344 libmagickcore-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 0d9db4d5b16e19291b2c237f7a80b27dc1c6f37b79e475c5581220a08aa59437 10508 libmagickwand-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 1f23f920b2ad0bc2ace9c0df4f87543690069421c5e2285da5c569addda1d9fe 1328 libmagickwand-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 c7aa1745a95cb06e5a6b841a34fcc321666ceee7fc5eeca0ba31657a1b6380d7 1368 perlmagick_6.9.11.60+dfsg-1.3+deb11u3_all.deb
Files:
 0ead6fff28ce4be4a7cd88a652695c1e 211748 graphics optional imagemagick-6-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 db962b668c72bc08754e048a3aeeb542 7870284 doc optional imagemagick-6-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 feba98ac8e8b8e57548ba029db50d425 1516 oldlibs optional imagemagick-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 7a8d62c0841da3de8222763f9c5d0afc 1620 oldlibs optional imagemagick-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 71edef788596e6e7e85e4046839e328b 18357 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u3_all-buildd.buildinfo
 3e83799e3f0b5eea3d7713f8da531b13 53312 perl optional libimage-magick-perl_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 d3569c1e13709c2e4755cb3af119e22d 47544 libdevel optional libmagick++-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 a89dd8e392aa3b976939fe2db0f67fee 1368 oldlibs optional libmagick++-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 a5cd6ae6674a725104f5e3923fdc674e 50916 libdevel optional libmagickcore-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 32ee9641faec35505ff733efac1814d4 1344 oldlibs optional libmagickcore-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 df3de8154e51c1c37f2ac56a3630b199 10508 libdevel optional libmagickwand-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 177a802c9a51556677487b263fd58362 1328 oldlibs optional libmagickwand-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb
 be298808d86b1677009dabbe1f4f74ed 1368 oldlibs optional perlmagick_6.9.11.60+dfsg-1.3+deb11u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtzb3SVunlrB0F8t8ExOkVqF4GXMFAmXSRMsACgkQExOkVqF4
GXO9YA/+N2QiD1zc+G5VcnGYPcwP4TVOE2sZUYOl3w2Dm6JeC2tP26V8OOJvj8ld
R8dlZjKencHxKBSom3UaLK9bx6H60HNMD/9Mxmq5n9S+S+YwQoe8yDOb1JyC437D
QCtb6fLHGuilawp9Hf+en3MfwTDXK2QGxkYtfZqGRRgOKelWIBDCVVwBzSAz7+wc
t0g6gog4zV6XRrW23Tg9WTT93Bo4A4dC2WKsDWvtOjJFRFR0Skeznf4a3iLo6ARQ
Rbnb9WHC+0YrC2t6DoW88f5fv0C+DyO2GmeJlVcaXTfTCifOIFDlMaD9P8RrYLYF
JZaFvafb+MRTWI0Wg9V3LXkHoM0XX2yRR6GYg9nL/P1J2e/dnfRrVqDWCLymJOQx
daIPZsOFlB9EL2Hcyif6wjqE/0pRaVsmYzHZgq7zLieS8rcD8liSwZO6qXYRdNw5
hzerJOUzO5HrZg7lNXokgB0YCm2Nv2ykZxmh8KYd1Xy24Sef40E6eGiTVulJ4Xh/
wO4wyxBrK7shFMyH6Ib0Vs+DMBPAz9dtR8CUdVCYA5+R8UzSZVK278a5ne1CTDsy
pOTZfHAwqoZ/MnYkP3XuXxeb/O9RG2ME9LxRIcxyKOuYf22M1BNiKJUX1IorZTuy
MpjZ2weP2IJms5Q27r3wASs4n7SZkAf81KR7TWe1lmzOp9Ajmw4=
=RMGv
-----END PGP SIGNATURE-----