imagemagick (8:6.9.12.98+dfsg1-5.2build2) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 31 Mar 2024 01:25:01 +0000
imagemagick (8:6.9.12.98+dfsg1-5.2build1) noble; urgency=high
* No change rebuild against libpng16-16t64, libglib2.0-0t64.
-- Julian Andres Klode <juliank@ubuntu.com> Fri, 22 Mar 2024 17:33:21 +0100
imagemagick (8:6.9.12.98+dfsg1-5.2) unstable; urgency=medium
* Non-maintainer upload.
* Fixup runtime dependencies due to 64-bit time_t transition
(Closes: #1066935)
-- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 15 Mar 2024 16:04:36 +0100
imagemagick (8:6.9.12.98+dfsg1-5.1) unstable; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition. Closes: #1064140
-- Steve Langasek <vorlon@debian.org> Fri, 01 Mar 2024 01:31:19 +0000
imagemagick (8:6.9.12.98+dfsg1-5) unstable; urgency=medium
* Bug fix: "please update Suggests: imagemagick-doc; to
imagemagick-6-doc", thanks to Vincent Lefevre
(Closes: #1059314).
* Bug fix: "missing Breaks+Replaces against the dropped imagemagick-doc
package, in order to force its removal", thanks to Vincent Lefevre
(Closes: #1059193).
-- Bastien Roucariès <rouca@debian.org> Wed, 27 Dec 2023 10:29:58 +0000
imagemagick (8:6.9.12.98+dfsg1-4) unstable; urgency=medium
* Replace ufraw-batch suggest by libraw-bin
(Closes: #1038637)
* Update changelog entry for CVE fixed.
* Move from gsfonts to fonts-urw-base35. Thanks to Vincent Lefevre
(Closes: #1020358, #1020355, #1020363, #1020370)
* Recommends fonts-tuffy (Closes: #1054580)
* Fix a typo in debian patch (Closes: #1054506)
-- Bastien Roucariès <rouca@debian.org> Mon, 30 Oct 2023 09:26:06 +0000
imagemagick (8:6.9.12.98+dfsg1-3) unstable; urgency=medium
* Bug fix: "imagemagick no longer sets
"PACKAGE_RELEASE_DATE", thanks to Håvard F. Aasen (Closes:
#1054462).
* Bug fix: "reproducible builds: Embeds different paths on usrmerge
system", thanks to Vagrant Cascadian (Closes: #983303).
-- Bastien Roucariès <rouca@debian.org> Wed, 25 Oct 2023 23:30:18 +0000
imagemagick (8:6.9.12.98+dfsg1-2) unstable; urgency=medium
* Upload to unstable
-- Bastien Roucariès <rouca@debian.org> Sun, 22 Oct 2023 15:35:30 +0000
imagemagick (8:6.9.12.98+dfsg1-1) experimental; urgency=medium
* New upstream version
* Drop package imagemagick-doc and imagemagick-common
* Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
was found in coders/tiff.c. This issue may allow a local attacker
to trick the user into opening a specially crafted file,
resulting in an application crash and denial of service.
* CVE-2023-3745: A heap-based buffer overflow issue
was found in ImageMagick's PushCharPixel() function
in quantum-private.h. This issue may allow a local
attacker to trick the user into opening a specially crafted file,
triggering an out-of-bounds read error and allowing an application
to crash, resulting in a denial of service.
* Import patch for upstream that avoid a FTBFS due to
SOURCE_DATE_EPOCH set
* Use a debian policy. Install other policies as user
convenience.
* Recompile means no depends on old libwmf
(Closes: #1005229)
-- Bastien Roucariès <rouca@debian.org> Sat, 21 Oct 2023 14:40:53 +0000
imagemagick (8:6.9.12.90+dfsg1-1) UNRELEASED; urgency=medium
[ Luciano Bello ]
* removing Luciano as uploader, as he is retiring
[ Pino Toscano ]
* Drop the XPM icon for display-im, as the Debian menu file that needed it
was removed in 8:6.9.2.10+dfsg-1.
* Tweak the sizes for which we generate PNG versions of the display-im
application icon:
- drop 8x8, and 42x42: they are not specified in hicolor, and thus cannot
be reliably used; also they are very niche sizes, and they can be
downscaled if needed
- add 512x512
[ Bastien Roucariès ]
* New upstream version
* Aknowledge NMU
* Fix CVE-2021-3610: A heap-based buffer overflow vulnerability
was found in ImageMagick in ReadTIFFImage() in coders/tiff.c.
This issue is due to an incorrect setting of the pixel array size,
which can lead to a crash and segmentation fault.
(Closes: #1037090).
* Fix CVE-2022-1115: A heap-buffer-overflow flaw was found in
ImageMagick’s PushShortPixel() function of quantum-private.h file.
This vulnerability is triggered when an attacker passes a specially
crafted TIFF image file to ImageMagick for conversion, potentially
leading to a denial of service.
(Closes: #1013282)
* Fix CVE-2022-3213: A heap buffer overflow issue was found in ImageMagick.
When an application processes a malformed TIFF file, it could lead to
undefined behavior or a crash causing a denial of service.
(Closes: #1021141).
* Fix CVE-2023-1289: A vulnerability was discovered in ImageMagick where
a specially created SVG file loads itself and causes a
segmentation fault.
This flaw allows a remote attacker to pass a specially crafted
SVG file that leads to a segmentation fault, generating many
trash files in "/tmp", resulting in a denial of service.
When ImageMagick crashes, it generates
a lot of trash files. These trash files can be large if the SVG file
contains many render actions.
(Closes: #1033254).
* Fix CVE-2023-1906: A heap-based buffer overflow issue was discovered
in ImageMagick's ImportMultiSpectralQuantum() function in
MagickCore/quantum-import.c. An attacker could pass specially
crafted file to convert, triggering an out-of-bounds read error,
allowing an application to crash, resulting in a denial of service.
(Closes: #1034373).
* Fix CVE-2023-2157: A heap-based buffer overflow vulnerability
was found in the ImageMagick package that can lead to the application
crashing. (Closes: #1036476).
* Fix CVE-2023-3195: A stack-based buffer overflow issue was found
in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick
the user into opening a specially crafted malicious tiff file,
causing an application to crash, resulting in a denial of service.
* Fix CVE-2023-34151: A vulnerability was found in ImageMagick.
This security flaw ouccers as an undefined behaviors of casting double
to size_t in svg, mvg and other coders.
(Closes: #1036999)
* Use libfreetype-dev instead of libfreetype6-dev
-- Bastien Roucariès <rouca@debian.org> Sat, 29 Jul 2023 14:52:58 +0000
imagemagick (8:6.9.12.20+dfsg1-1.2) experimental; urgency=medium
* Non-maintainer upload.
* Build with --with-fftw because fftw is disabled by default since 6.9.12.5
(Closes: #995290)
-- Johannes Schauer Marin Rodrigues <josch@debian.org> Tue, 05 Oct 2021 15:08:20 +0200
imagemagick (8:6.9.12.20+dfsg1-1.1) experimental; urgency=medium
* Non-maintainer upload.
* Fix FTBFS when doing arch:any-only builds by creating font symlinks for
configure-indep as well as configure-arch targets
-- Johannes Schauer Marin Rodrigues <josch@debian.org> Sat, 04 Sep 2021 19:37:54 +0200
imagemagick (8:6.9.12.20+dfsg1-1) experimental; urgency=medium
* debian/copyright: use spaces rather than tabs to start continuation lines.
* Set field Upstream-Contact in debian/copyright.
* Remove obsolete field Contact from debian/upstream/metadata (already present
in machine-readable debian/copyright).
* Avoid explicitly specifying -Wl,--as-needed linker flag.
* Fix field name case in debian/control (Built-using => Built-Using).
* Bump debhelper from old 11 to 13.
* Set debhelper-compat version in Build-Depends.
* Update standards version to 4.5.1, no changes needed.
* Acknowledge NMU. Thanks Salvatore Bonaccorso
* New upstream version
* SO Bump from upstream due to structure incompatibility
* Clean up maintainer scripts
* Use fonts from fonts-tuffy
* Fix mime type. Do not quote %s (Closes: #987691) and fix extra dot
(Closes: #986471)
* Drop old config script. Use pkgconfig please.
* Depends on libraw-dev (Closes: #990028).
* Fix invalid policy.xml (Closes: #991289, #990757).
* Relax a little bit policy.xml (Closes: #860763, #941724).
* Update Repository in debian/upstream/metadata (Closes: #991288)
* Fix reproducible builds: Embeds date dependent on timezone
(Closes: #983302)
-- Bastien Roucariès <rouca@debian.org> Fri, 27 Aug 2021 08:19:42 +0000
imagemagick (8:6.9.11.60+dfsg-1.6) unstable; urgency=high
* Non-maintainer upload
[ Moritz Mühlenhoff ]
* Fix CVE-2022-44267 / CVE-2022-44268 (Closes: #1030767) (LP: #2004580)
-- Jeremy Bicha <jbicha@ubuntu.com> Thu, 16 Feb 2023 16:06:07 -0500
imagemagick (8:6.9.11.60+dfsg-1.5) unstable; urgency=high
* Non-maintainer upload
[ Nishit Majithia ]
* SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
remote attacker to cause a denial of service via a crafted image file
- debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
to fix division by zeros in coders/jp2.c
- debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
to fix division by zeros in magick/resize.c
- debian/patches/CVE-2021-20244.patch: Avoid division by zero in
magick/fx.c
- debian/patches/CVE-2021-20245.patch: Avoid division by zero in
oders/webp.c
- debian/patches/CVE-2021-20246.patch: Avoid division by zero in
magick/resample.c
- debian/patches/CVE-2021-20309.patch: Avoid division by zero in
magick/fx.c
- CVE-2021-20241
- CVE-2021-20243
- CVE-2021-20244
- CVE-2021-20245
- CVE-2021-20246
- CVE-2021-20309
* SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
imagemagick allow a remote attacker to cause a denial of service or
possible leak of cryptographic information via a crafted image file
- debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
coders/thumbnail.c, division by zero in magick/colorspace.c and
a potential cipher leak in magick/memory.c
- CVE-2021-20312
- CVE-2021-20313
* SECURITY UPDATE: memory leaks when executing convert command
- debian/patches/CVE-2021-3574.patch: fix memory leaks
- CVE-2021-3574
* SECURITY UPDATE: Security Issue when Configuring the ImageMagick
Security Policy
- debian/patches/CVE-2021-39212.patch: Added missing policy checks in
RegisterStaticModules
- CVE-2021-39212 (Closes: #996588)
* SECURITY UPDATE: DoS while processing crafted SVG files
- debian/patches/CVE-2021-4219.patch: fix denial of service
- CVE-2021-4219
* SECURITY UPDATE: use-after-free in magick
- debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
dcm.c
- CVE-2022-1114
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-28463.patch: fix buffer overflow
- CVE-2022-28463 (Closes: #1013282)
* SECURITY UPDATE: out-of-range value
- debian/patches/CVE-2022-32545.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned char in
coders/psd.c.
- debian/patches/CVE-2022-32546.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned long in
coders/pcl.c.
- CVE-2022-32545
- CVE-2022-32546
* SECURITY UPDATE: load of misaligned address
- debian/patches/CVE-2022-32547.patch: addresses the potential for the
loading of misaligned addresses in magick/property.c.
- CVE-2022-32547 (Closes: #1016442)
-- Jeremy Bicha <jbicha@ubuntu.com> Sat, 04 Feb 2023 21:50:44 -0500
imagemagick (8:6.9.11.60+dfsg-1.4) unstable; urgency=medium
* Non-maintainer upload.
[ Vagrant Cascadian ]
* debian/rules: Pass MVDelegate and RMDelegate to configure. (Closes:
#983303)
-- Paul Gevers <elbrus@debian.org> Sat, 31 Dec 2022 22:36:57 +0100
imagemagick (8:6.9.11.60+dfsg-1.3) unstable; urgency=medium
* Non-maintainer upload.
* autopkgtest: Drop PDF related tests which will fail after disabling
ghostscript handled formats by default (Closes: #987247)
-- Salvatore Bonaccorso <carnil@debian.org> Tue, 20 Apr 2021 16:37:59 +0200
imagemagick (8:6.9.11.60+dfsg-1.2) unstable; urgency=medium
* Non-maintainer upload.
* Disable ghostscript handled formats based on -SAFER insecurity
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 19 Apr 2021 20:16:51 +0200
imagemagick (8:6.9.11.60+dfsg-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Import upstream patch to fix font size (Closes: #980202).
-- Jochen Sprickerhof <jspricke@debian.org> Tue, 13 Apr 2021 20:58:45 +0200
imagemagick (8:6.9.11.60+dfsg-1) unstable; urgency=high
* New upstream version
- Bug fix: "gscan2pdf tests fail", thanks to Sergio Durigan Junior
(Closes: #980202).
-- Bastien Roucariès <rouca@debian.org> Mon, 01 Feb 2021 16:22:02 +0000
imagemagick (8:6.9.11.58+dfsg-1) unstable; urgency=medium
* New upstream version:
- Fix error on i386 with php
* Bug fix (workarround): "Many doubled www/www; broken links on
index.html", thanks to 積丹尼 Dan Jacobson (Closes: #978138).
-- Bastien Roucariès <rouca@debian.org> Fri, 22 Jan 2021 21:59:16 +0000
imagemagick (8:6.9.11.57+dfsg-1) unstable; urgency=medium
* New upstream version:
- Bug fix: "CVE-2020-29599", imagemagick mishandles the
-authenticate option, which allows setting a password
for password-protected PDF files. The user-controlled
password was not properly escaped/sanitized and it
was therefore possible to inject additional shell commands
via coders/pdf.c. Thanks to Salvatore Bonaccorso
(Closes: #977205).
- Bug fix: "CVE-2020-27560: Division by Zero in function
OptimizeLayerFrames", thanks to Salvatore Bonaccorso
(Closes: #972797).
* Fix dh_doxygen FTBFS (Closes: #971216)
-- Bastien Roucariès <rouca@debian.org> Mon, 11 Jan 2021 22:14:26 +0000
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
* Acknowledge NMU
* New upstream version:
- Fix CVE-2019-11470: Cineon image parsing DOS (Closes: #927830).
- Fix CVE-2019-11472: XWD image parsing DOS (Closes: #927828).
- Fix CVE-2020-13902: Heap based overflow in TIFF image decoding.
(Closes: #928207).
- Fix CVE-2019-11598: Heap-based buffer over-read in PNM image
decoding (Closes: #928206).
- Fix CVE-2019-12974: NULL pointer dereference in pango coder.
(Closes: #931196).
- Fix CVE-2019-12977: use of uninitialized value" vulnerability
in the WriteJP2Image of jp2 coder (Closes: #931191).
- Fix CVE-2019-12978: use of uninitialized value" vulnerability
in the pango coder. (Closes: #931190).
- Fix CVE-2019-12979: use of uninitialized value" vulnerability
in MagickCore/image.c (Closes: #931189).
- Fix CVE-2019-13135: use of uninitialized value" vulnerability
in the cut coder (Closes: #932079).
- Fix CVE-2019-13295: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931457).
- Fix CVE-2019-13297: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931455).
- Fix CVE-2019-13300: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931454).
- Fix CVE-2019-13304: stack-based buffer overflow for
PNM image (Closes: #931453).
- Fix CVE-2019-13305: stack-based buffer overflow for
PNM image (Closes: #931452).
- Fix CVE-2019-13306: stack-based buffer overflow for
PNM image (Closes: #931449).
- Fix CVE-2019-13307: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931448).
- Fix CVE-2019-13308: heap-based buffer overflow in
MagickCore/fourier.c (Closes: #931447).
- Fix CVE-2019-13391: heap-based buffer over-read (Closes: #931633).
- Fix CVE-2019-13454: Division by Zero in MagickCore/layer.c
(Closes: #931740).
- Fix CVE-2019-14981: divide-by-zero in MeanShiftImage
(Closes: #955025).
- Fix CVE-2019-15139: DOS for XWD images (Closes: #941670).
- Fix CVE-2019-15140: DOS for mat images (Closes: #941671).
- Fix CVE-2019-19948: Heap-based buffer overflow in SGI coder
(Closes: #947308).
- Fix CVE-2019-19949: Heap buffer over-read in PNG coder
(Closes: #947309).
- Fix CVE-2020-10251: out-of-bounds read vulnerability for HEIC
coder (Closes: #953741).
- Fix CVE-2020-13902: heap-based buffer over-read for TIFF coder.
* Bug fix: "Updating the imagemagick Uploaders list", thanks to Tobias
Frost (Closes: #962110). Thanks Nelson A. de Oliveira
* Add link in api doc dir to assets javascript library
* Fix a typo in convert man page (Closes: #953279,#947983,#921594).
* Fix a pkgconfig error that pull q16 instead of q16hdri (Closes: #950282).
-- Bastien Roucariès <rouca@debian.org> Mon, 27 Jul 2020 03:13:36 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog imagemagick-6-common`.
Generated by dwww version 1.16 on Mon Dec 15 21:03:12 CET 2025.