ImageMagick-7.0.1-10

[Douglas R. Reno]

Major security fixes.

Security Issues:

CVE-2015-8894 (tgs processing issue: Double free in coders/tga.c)
CVE-2015-8895
CVE-2015-8896 (integer truncation issue)
CVE-2016-5239 (ImageMagick, GraphicsMagick: Gnuplot delegate vulnerability allowing command injection).
CVE-2015-8897 (Out of bounds error in SpliceImage.)
CVE-2015-8898 (Prevent null pointer access in magick/constitute.c)
CVE-2014-9804 (Avoid a DoS in vision.c due to an infinite loop.)
CVE-2014-9805 (Avoid a SEGV due to a corrupted pnm file.)
CVE-2014-9806 (Do not leak fd due to corrupted file.)
CVE-2014-9807 (Fix a double free in pdb coder.)
CVE-2014-9808 (Fix a SEGV due to corrupted dpc images.)
CVE-2014-9809 (Fix a SEGV due to a corrupted xwd image.)
CVE-2014-9810 (Fix a SEGV in dpx file handler.)
CVE-2014-9811 (Fix a SEGV in malformed xwd file handler.)
CVE-2014-9812 (Avoid a NULL pointer dereference in ps file handling.)
CVE-2014-9813 (Fix a crash with corrupted viff file.)
CVE-2014-9814 (Fix a NULL pointer dererference in wpg file handling.)
CVE-2014-9815 (Do not continue on corrupted wpg file.)
CVE-2014-9816 (Avoid an out-of-bounds access in viff image.)
CVE-2014-9817 (Avoid a heap buffer overflow in pdb file handling.)
CVE-2014-9818 (Avoid an out of bounds access on malformed sun file.)
CVE-2014-9819 (Avoid heap overflow in palm files.)
CVE-2014-9820 (Avoid heap overflow in pnm files.)
CVE-2014-9821 (Avoid heap overflow in xpm files.)
CVE-2014-9822 (Fix heap overflow in quantum files.)
CVE-2014-9823 (Fix heap overflow in palm files.)
CVE-2014-9824 (Fix heap overflow in psd files.)
CVE-2014-9825 (Fix handling of corrupted psd file.)
CVE-2014-9826 (Fix handling of corrupted sun file.)
CVE-2014-9827 (Fix handling of corrupted xpm file.)
CVE-2014-9828 (Fix handling of corrupted (too many colors) psd file.)
CVE-2014-9829 (FIx out-of-bounds access in sun file.)
CVE-2014-9830 (Fix handling of corrupted sun file.)
CVE-2014-9831 (Fix handling of corrupted wpg file.)
CVE-2014-9832 (Fix heap overflow in pcx file.)
CVE-2014-9833 (Fix heap overflow in psd file.)
CVE-2014-9834 (Fix heap overflow in pict file.)
CVE-2014-9835 (Fix heap overflow in wpf file.)
CVE-2014-9836 (Fix heap overflow in xpm file.)
CVE-2014-9837 (Add additional PNM sanity checks.)
CVE-2014-9838 (Avoid a crash to out of memory in magick/cache.c)
CVE-2014-9839 (Fix a theoretical out-of-bounds access in magick/colormap-private.h)
CVE-2014-9840 (Fix an out-of-bounds access in palm file.)
CVE-2014-9841 (Fixed throwing of exceptions in psd handling.)
CVE-2014-9842 (Memory leak.)
CVE-2014-9843 (Fixed boundary checks in DecodePSDPixels.)
CVE-2014-9844 (Fixed another out-of-bound problem in rle file.)
CVE-2014-9845 (Fix crash due to corrupted dib file.)
CVE-2014-9846 (Added checks to prevent overflow in rle file.)
CVE-2014-9847 (Don't try to handle a "previous" image in the JNG decoder.)
CVE-2014-9848 (Avoid a memory leak in quantum management.)
CVE-2014-9849 (Avoid a crash in png coder.)
CVE-2014-9850
CVE-2014-9851 (In psd file handling fixed parsing resource block and avoid a crash.)
CVE-2014-9852 (In cache fix usage of object after it has been destroyed.)
CVE-2014-9853 (Avoid a memory leak in rle file handling.)
CVE-2014-9854 

[bdubbs@…]

See ticket #7859.

[Douglas R. Reno]

I am down one development system. There is no way I can juggle this and GNOME simultaneously or within a reasonable time. This is critical, needs to be fixed ASAP. Giving back to book.

[bdubbs@…]

Now ImageMagick-7.0.1-10

[bdubbs@…]

Fixed at revision 17476.