--- /home/lamby/temp/cdt.20161128092228.QQMGOCJXT5.ags.imagemagick/imagemagick_6.7.7.10-5+deb7u7.dsc
+++ /home/lamby/temp/cdt.20161128092257.7qv87VufNP/imagemagick_6.7.7.10-5+deb7u8.dsc
├── Version
│ @@ -1 +1 @@
│ -8:6.7.7.10-5+deb7u7
│ +8:6.7.7.10-5+deb7u8
├── Files
│ @@ -1,3 +1,3 @@
│
│ fb64a68853b7dd279075c7f2e17a8302 10473522 imagemagick_6.7.7.10.orig.tar.bz2
│ - 2a18836df48036d346923906b0818949 147644 imagemagick_6.7.7.10-5+deb7u7.debian.tar.bz2
│ + a227def9fb308055daca34654f5de78d 184476 imagemagick_6.7.7.10-5+deb7u8.debian.tar.bz2
│ --- imagemagick_6.7.7.10-5+deb7u7.debian.tar.bz2
├── +++ imagemagick_6.7.7.10-5+deb7u8.debian.tar.bz2
│ │ --- imagemagick_6.7.7.10-5+deb7u7.debian.tar
│ ├── +++ imagemagick_6.7.7.10-5+deb7u8.debian.tar
│ │ ├── file list
│ │ │ @@ -1,8 +1,8 @@
│ │ │ -drwxr-xr-x 0 0 0 0 2016-06-13 22:05:53.000000 debian/
│ │ │ +drwxr-xr-x 0 0 0 0 2016-11-28 05:50:15.000000 debian/
│ │ │ -rw-r--r-- 0 0 0 5 2014-03-02 17:24:19.000000 debian/imagemagick-common.install
│ │ │ -rw-r--r-- 0 0 0 3021 2014-03-02 17:24:19.000000 debian/imagemagick.mime
│ │ │ -rw-r--r-- 0 0 0 462474 2014-03-02 17:24:19.000000 debian/display.im6.svg
│ │ │ -rw-r--r-- 0 0 0 1077 2014-03-02 17:24:19.000000 debian/NEWS
│ │ │ -rw-r--r-- 0 0 0 280 2014-03-02 17:24:19.000000 debian/libmagickcore5.install
│ │ │ -rw-r--r-- 0 0 0 459 2014-03-02 17:24:19.000000 debian/README.Debian
│ │ │ -rw-r--r-- 0 0 0 188 2014-03-02 17:24:19.000000 debian/imagemagick.menu
│ │ │ @@ -13,41 +13,122 @@
│ │ │ -rw-r--r-- 0 0 0 2 2014-03-02 17:24:19.000000 debian/compat
│ │ │ -rw-r--r-- 0 0 0 16 2014-03-02 17:24:19.000000 debian/perlmagick.examples
│ │ │ -rw-r--r-- 0 0 0 289 2014-03-02 17:24:19.000000 debian/libmagickwand-dev.install
│ │ │ -rw-r--r-- 0 0 0 321 2014-03-02 17:24:19.000000 debian/imagemagick.install
│ │ │ -rw-r--r-- 0 0 0 599 2014-03-02 17:24:19.000000 debian/imagemagick.postinst
│ │ │ -rw-r--r-- 0 0 0 452 2014-03-02 17:24:19.000000 debian/imagemagick-doc.doc-base
│ │ │ -rw-r--r-- 0 0 0 7586 2016-03-27 06:06:37.000000 debian/control
│ │ │ -drwxr-xr-x 0 0 0 0 2016-06-13 22:02:31.000000 debian/patches/
│ │ │ +drwxr-xr-x 0 0 0 0 2016-11-28 05:17:25.000000 debian/patches/
│ │ │ -rw-r--r-- 0 0 0 2232 2014-03-08 22:48:48.000000 debian/patches/0008-Fix-a-buffer-overflow.patch
│ │ │ --rw-r--r-- 0 0 0 1191 2016-03-08 02:51:48.000000 debian/patches/0071-Prevent-null-pointer-access-in-magick-constitute.c.patch
│ │ │ --rw-r--r-- 0 0 0 2071 2016-05-23 00:22:50.000000 debian/patches/0079-Indirect-filename-must-be-authorized-by-policy.patch
│ │ │ +-rw-r--r-- 0 0 0 1397 2016-11-05 23:33:49.000000 debian/patches/0115-Fix-handling-of-corrupted-psd-file.patch
│ │ │ +-rw-r--r-- 0 0 0 1375 2016-09-27 16:01:11.000000 debian/patches/0029-Fix-handling-of-corrupted-sun-and-wpg-file.patch
│ │ │ +-rw-r--r-- 0 0 0 3567 2016-09-27 16:00:23.000000 debian/patches/0010-Fix-handling-of-corrupted-dpc-and-xwd-image.patch
│ │ │ +-rw-r--r-- 0 0 0 686 2016-11-05 23:52:40.000000 debian/patches/0118-Fix-an-out-of-bound-access-for-corrupted-psd-file.patch
│ │ │ +-rw-r--r-- 0 0 0 1005 2016-11-28 05:17:05.000000 debian/patches/0071-Prevent-null-pointer-access-in-magick-constitute.c.patch
│ │ │ +-rw-r--r-- 0 0 0 511 2016-10-30 03:11:13.000000 debian/patches/0107-Fix-a-heap-buffer-overflow-in-psd-file-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 1624 2016-10-30 01:48:17.000000 debian/patches/0103-Fix-an-out-of-bounds-read-in-coders-psd.c.patch
│ │ │ +-rw-r--r-- 0 0 0 3298 2016-10-28 02:05:39.000000 debian/patches/0083-Prevent-buffer-overflow-in-PDB-MAP-and-CALS-coders.patch
│ │ │ +-rw-r--r-- 0 0 0 933 2016-09-27 16:01:11.000000 debian/patches/0045-Avoid-heap-overflow-in-rle-file.patch
│ │ │ +-rw-r--r-- 0 0 0 813 2016-11-04 03:48:48.000000 debian/patches/0112-Fix-an-out-of-bound-access-in-xcf-file-coder.patch
│ │ │ +-rw-r--r-- 0 0 0 826 2016-11-06 00:03:56.000000 debian/patches/0121-Fix-a-SIGABRT-for-corrupted-pdb-file.patch
│ │ │ +-rw-r--r-- 0 0 0 1014 2016-10-29 23:33:00.000000 debian/patches/0093-Fix-a-DOS-for-corrupted-DDS-file.patch
│ │ │ +-rw-r--r-- 0 0 0 1682 2016-09-27 16:01:11.000000 debian/patches/0014-Avoid-out-of-bound-access-in-xwd-file-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 6614 2016-09-27 16:01:11.000000 debian/patches/0017-Do-not-continue-on-corrupted-wpg-file.patch
│ │ │ +-rw-r--r-- 0 0 0 5407 2016-09-27 16:01:11.000000 debian/patches/0020-Avoid-an-out-of-bound-acess-on-malformed-sun-file.patch
│ │ │ +-rw-r--r-- 0 0 0 473 2016-10-28 02:40:25.000000 debian/patches/0085-Prevent-memory-use-after-free.patch
│ │ │ +-rw-r--r-- 0 0 0 1719 2016-09-27 16:01:11.000000 debian/patches/0011-Bail-out-early-in-case-of-malformed-dpx-file.patch
│ │ │ +-rw-r--r-- 0 0 0 3465 2016-09-27 16:01:11.000000 debian/patches/0043-Added-checks-to-prevent-overflow-in-rle-file.patch
│ │ │ +-rw-r--r-- 0 0 0 2114 2016-11-28 05:17:19.000000 debian/patches/0079-Indirect-filename-must-be-authorized-by-policy.patch
│ │ │ +-rw-r--r-- 0 0 0 15710 2016-10-30 02:55:44.000000 debian/patches/0099-Improve-checking-of-EXIF-profile-to-prevent-integer-overflow.patch
│ │ │ +-rw-r--r-- 0 0 0 1462 2016-09-27 16:01:11.000000 debian/patches/0013-Avoid-a-NULL-dereference-in-ps-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 1059 2016-10-30 01:12:48.000000 debian/patches/0102-Fix-SGI-file-buffer-overflow.patch
│ │ │ -rw-r--r-- 0 0 0 4027 2014-03-08 22:48:48.000000 debian/patches/0005-Memory-leak-after-setjmp-used-variable-need-to-be-vo.patch
│ │ │ +-rw-r--r-- 0 0 0 1112 2016-09-27 15:31:40.000000 debian/patches/0007-Quit-earlier-in-case-of-corrupted-pnm-image.patch
│ │ │ +-rw-r--r-- 0 0 0 1908 2016-10-30 00:25:45.000000 debian/patches/0098-Add-additional-checks-to-DCM-reader-to-prevent-data-driven-faults.patch
│ │ │ +-rw-r--r-- 0 0 0 9202 2016-09-27 16:01:11.000000 debian/patches/0021-Avoid-heap-overflow-in-palm-pnm-and-xpm-files.patch
│ │ │ -rw-r--r-- 0 0 0 9546 2014-03-08 22:48:47.000000 debian/patches/0002-Fix-security-bug-685903-libmagick-5-Fails-an-asserti.patch
│ │ │ -rw-r--r-- 0 0 0 941 2016-03-06 04:37:47.000000 debian/patches/fix-overflow-in-icon-parsing.patch
│ │ │ -rw-r--r-- 0 0 0 9885 2014-03-08 22:48:48.000000 debian/patches/0003-Fix-security-bug-685903-libmagick-5-Fails-an-asserti.patch
│ │ │ +-rw-r--r-- 0 0 0 2913 2016-09-27 16:01:11.000000 debian/patches/0035-Avoid-a-crash-in-coders-rle.c.patch
│ │ │ -rw-r--r-- 0 0 0 1500 2014-03-08 22:48:48.000000 debian/patches/0007-Magick-fix-a-memory-leak.patch
│ │ │ +-rw-r--r-- 0 0 0 1242 2016-11-06 03:49:30.000000 debian/patches/0122-Fix-potential-DOS-by-not-releasing-memory.patch
│ │ │ +-rw-r--r-- 0 0 0 2070 2016-10-29 01:32:24.000000 debian/patches/0087-In-psd-file-handling-fixed-parsing-resource-block-and-avoid-a-crash.patch
│ │ │ +-rw-r--r-- 0 0 0 2550 2016-09-27 16:01:11.000000 debian/patches/0024-Do-not-try-to-read-corrupted-sun-image.patch
│ │ │ -rw-r--r-- 0 0 0 2408 2016-05-23 00:22:53.000000 debian/patches/0081-Less-secure-coders-require-explicit-reference.patch
│ │ │ --rw-r--r-- 0 0 0 4209 2016-05-23 00:22:50.000000 debian/patches/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
│ │ │ +-rw-r--r-- 0 0 0 736 2016-09-27 16:01:11.000000 debian/patches/0023-Fix-compile-problem-due-to-previous-patch.patch
│ │ │ +-rw-r--r-- 0 0 0 4374 2016-09-27 16:01:11.000000 debian/patches/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
│ │ │ -rw-r--r-- 0 0 0 2059 2014-03-08 22:48:48.000000 debian/patches/0010-Added-boundary-checks-in-DecodePSDPixels.patch
│ │ │ +-rw-r--r-- 0 0 0 748 2016-10-30 02:52:46.000000 debian/patches/0106-Fix-a-heap-overflow-in-hdr-file-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 1251 2016-09-27 16:01:11.000000 debian/patches/0026-Fix-corrupted-too-many-colors-psd-file.patch
│ │ │ +-rw-r--r-- 0 0 0 654 2016-10-29 01:48:36.000000 debian/patches/0089-During-identification-of-image-do-not-fill-memory.patch
│ │ │ -rw-r--r-- 0 0 0 3042 2014-03-08 22:48:48.000000 debian/patches/0004-Fix-security-bug-685903-libmagick-5-Fails-an-asserti.patch
│ │ │ +-rw-r--r-- 0 0 0 6316 2016-09-27 16:01:11.000000 debian/patches/0016-Fix-a-null-pointer-dereference-in-wpg-file-handling.patch
│ │ │ -rw-r--r-- 0 0 0 1444 2016-05-23 00:22:50.000000 debian/patches/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
│ │ │ --rw-r--r-- 0 0 0 1273 2016-06-13 22:00:55.000000 debian/patches/series
│ │ │ +-rw-r--r-- 0 0 0 1748 2016-09-27 16:01:11.000000 debian/patches/0046-Don-t-try-to-handle-a-previous-image-in-the-JNG-deco.patch
│ │ │ +-rw-r--r-- 0 0 0 3014 2016-10-29 23:02:51.000000 debian/patches/0091-Fix-a-SEGV-and-a-buffer-overflow-in-sun-file-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 5681 2016-11-06 00:30:36.000000 debian/patches/series
│ │ │ +-rw-r--r-- 0 0 0 664 2016-11-06 00:30:38.000000 debian/patches/0124-Fix-loading-arbitrary-module-from-user-side.patch
│ │ │ +-rw-r--r-- 0 0 0 8026 2016-11-28 05:16:26.000000 debian/patches/0008-Added-missing-calls-to-RelinquishUniqueFileResource.patch
│ │ │ +-rw-r--r-- 0 0 0 651 2016-10-30 03:17:13.000000 debian/patches/0108-Fix-an-out-of-bound-access-for-malformed-psd-file.patch
│ │ │ +-rw-r--r-- 0 0 0 849 2016-10-30 00:14:19.000000 debian/patches/0096-Fix-out-of-bounds-memory-read-for-DDS-files.patch
│ │ │ +-rw-r--r-- 0 0 0 1026 2016-09-27 16:01:11.000000 debian/patches/0027-Fix-out-of-bound-access-in-sun-image-handling.patch
│ │ │ -rw-r--r-- 0 0 0 1218 2016-03-06 05:03:04.000000 debian/patches/fix-overflow-in-pict-parsing.patch
│ │ │ +-rw-r--r-- 0 0 0 1628 2016-09-27 16:01:11.000000 debian/patches/0032-Additional-PNM-sanity-checks.patch
│ │ │ -rw-r--r-- 0 0 0 6818 2016-05-23 00:22:50.000000 debian/patches/0077-Remove-PLT-Gnuplot-decoder.patch
│ │ │ +-rw-r--r-- 0 0 0 2369 2016-09-27 16:01:11.000000 debian/patches/0047-Avoid-a-memory-leak-in-quantum-management.patch
│ │ │ +-rw-r--r-- 0 0 0 1164 2016-10-30 02:26:11.000000 debian/patches/0104-Fix-rle-file-handling-for-corrupted-file.patch
│ │ │ +-rw-r--r-- 0 0 0 1017 2016-11-06 03:37:22.000000 debian/patches/0111-Fix-out-of-bound-access-for-viff-file-coder.patch
│ │ │ +-rw-r--r-- 0 0 0 6813 2016-09-27 15:57:26.000000 debian/patches/0009-Fix-a-double-free-in-pdb-coder.patch
│ │ │ +-rw-r--r-- 0 0 0 3066 2016-10-30 04:09:32.000000 debian/patches/0110-Fix-an-out-of-bound-access-in-wpg-file-coder.patch
│ │ │ +-rw-r--r-- 0 0 0 3502 2016-09-27 16:01:11.000000 debian/patches/0018-Avoid-a-out-of-bound-acess-in-viff-image.patch
│ │ │ +-rw-r--r-- 0 0 0 514 2016-11-05 23:57:36.000000 debian/patches/0119-Fix-a-SEGV-reported-in-corrupted-profile-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 2522 2016-09-27 16:01:11.000000 debian/patches/0022-Fix-heap-overflow-in-quantum.c-palm-image-handling-a.patch
│ │ │ +-rw-r--r-- 0 0 0 5702 2016-09-27 16:01:11.000000 debian/patches/0040-Fixed-boundary-checks-in-DecodePSDPixels.patch
│ │ │ +-rw-r--r-- 0 0 0 640 2016-10-30 00:03:43.000000 debian/patches/0095-Prevent-possible-buffer-overflow-when-reading-TIFF-images.patch
│ │ │ +-rw-r--r-- 0 0 0 4417 2016-10-30 03:35:16.000000 debian/patches/0109-Fix-a-meta-file-out-of-bounds-access.patch
│ │ │ +-rw-r--r-- 0 0 0 1088 2016-09-27 16:01:11.000000 debian/patches/0037-Avoid-an-out-of-bound-access-in-palm-file.patch
│ │ │ +-rw-r--r-- 0 0 0 3873 2016-09-27 16:01:11.000000 debian/patches/0030-Fix-heap-overflow-in-pcx-file-psd-pict-and-wpf-files.patch
│ │ │ +-rw-r--r-- 0 0 0 1465 2016-11-28 05:16:27.000000 debian/patches/0113-Fix-out-of-bound-in-quantum-handling.patch
│ │ │ -rw-r--r-- 0 0 0 759 2016-05-23 00:22:53.000000 debian/patches/0080-Prevent-indirect-reads-with-label-at.patch
│ │ │ --rw-r--r-- 0 0 0 480 2016-06-01 17:17:49.000000 debian/patches/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
│ │ │ +-rw-r--r-- 0 0 0 1117 2016-09-27 16:01:11.000000 debian/patches/0031-Fix-compile-error-in-previous-fix-of-sun-file.patch
│ │ │ +-rw-r--r-- 0 0 0 6009 2016-10-29 22:46:12.000000 debian/patches/0090-Fix-DOS-due-to-corrupted-DDS-files.patch
│ │ │ +-rw-r--r-- 0 0 0 1470 2016-10-28 02:37:12.000000 debian/patches/0084-Avoid-out-of-bound-for-malformed-jpeg-files.patch
│ │ │ +-rw-r--r-- 0 0 0 1544 2016-09-27 16:01:11.000000 debian/patches/0041-Fix-another-out-of-bound-problem-in-rle-file.patch
│ │ │ +-rw-r--r-- 0 0 0 1569 2016-11-28 05:16:27.000000 debian/patches/0038-Fix-another-crash-in-pnm-and-xpm-parser.patch
│ │ │ +-rw-r--r-- 0 0 0 883 2016-10-30 01:07:54.000000 debian/patches/0101-Avoid-a-buffer-overflow-in-bmp-file-reader.patch
│ │ │ +-rw-r--r-- 0 0 0 699 2016-10-30 02:56:46.000000 debian/patches/0100-Prevent-buffer-overflow-in-properties-reading.patch
│ │ │ +-rw-r--r-- 0 0 0 2816 2016-10-29 23:54:25.000000 debian/patches/0094-Prevent-buffer-overflow-in-magick-draw.c.patch
│ │ │ +-rw-r--r-- 0 0 0 523 2016-11-28 05:17:25.000000 debian/patches/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
│ │ │ +-rw-r--r-- 0 0 0 2172 2016-09-27 16:01:11.000000 debian/patches/0048-Avoid-a-crash-in-png-coder.patch
│ │ │ +-rw-r--r-- 0 0 0 421 2016-11-06 00:18:49.000000 debian/patches/0123-Prevent-buffer-overflow-in-draw.c.patch
│ │ │ +-rw-r--r-- 0 0 0 3700 2016-10-30 00:21:04.000000 debian/patches/0097-Fix-out-of-bound-access-for-corrupted-WPG-file.patch
│ │ │ +-rw-r--r-- 0 0 0 8697 2016-09-27 16:01:11.000000 debian/patches/0015-Fix-a-SEGV-with-corrupted-viff-image.patch
│ │ │ -rw-r--r-- 0 0 0 1796 2014-03-08 22:48:48.000000 debian/patches/0011-Prevent-buffer-overflow-in-messaging-system-CVE-2014.patch
│ │ │ +-rw-r--r-- 0 0 0 948 2016-11-04 03:58:18.000000 debian/patches/0114-Fix-a-pbd-file-out-of-bound-access.patch
│ │ │ +-rw-r--r-- 0 0 0 605 2016-11-05 23:37:23.000000 debian/patches/0116-Fix-a-wpg-file-out-of-bound-for-corrupted-file.patch
│ │ │ +-rw-r--r-- 0 0 0 894 2016-09-27 16:01:11.000000 debian/patches/0044-Impose-a-limit-of-10-million-columns-or-rows-in-an-i.patch
│ │ │ +-rw-r--r-- 0 0 0 1660 2016-10-28 02:47:57.000000 debian/patches/0086-RLE-check-for-pixel-offset-less-than-0.patch
│ │ │ +-rw-r--r-- 0 0 0 2936 2016-09-27 16:01:11.000000 debian/patches/0042-Fix-crash-due-to-corrupted-dib-file.patch
│ │ │ -rw-r--r-- 0 0 0 2834 2014-03-08 22:48:48.000000 debian/patches/0009-Fixing-a-buffer-overflow-in-psd-file-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 624 2016-11-06 00:00:53.000000 debian/patches/0120-Fix-an-out-of-bound-access-for-corrupted-pdb-file.patch
│ │ │ -rw-r--r-- 0 0 0 4090 2014-03-08 22:48:47.000000 debian/patches/0001-Fix-CVE-2012-3437-ImageMagick-Magick_png_malloc-size.patch
│ │ │ +-rw-r--r-- 0 0 0 1816 2016-09-27 16:01:11.000000 debian/patches/0019-Avoid-a-heap-buffer-overflow-in-pdb-file-handling.patch
│ │ │ -rw-r--r-- 0 0 0 1156 2014-03-08 22:48:48.000000 debian/patches/0006-Fix-a-memory-leak-in-webp-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 5077 2016-10-29 23:12:28.000000 debian/patches/0092-Avoid-a-SIGABRT-in-sun-file-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 1530 2016-11-28 05:16:28.000000 debian/patches/0117-Fix-an-out-of-bound-access-in-generic-decoder.patch
│ │ │ +-rw-r--r-- 0 0 0 4050 2016-10-30 02:17:50.000000 debian/patches/0088-Avoid-a-memory-leak-in-rle-file-handling.patch
│ │ │ +-rw-r--r-- 0 0 0 7619 2016-09-27 16:01:11.000000 debian/patches/0012-Avoid-SEGV-in-malformed-xwd-file.patch
│ │ │ -rw-r--r-- 0 0 0 1281 2016-06-13 22:02:31.000000 debian/patches/CVE-2016-4563.patch
│ │ │ -rw-r--r-- 0 0 0 2823 2016-03-08 02:56:04.000000 debian/patches/0072-Fixed-out-of-bounds-error-in-SpliceImage.patch
│ │ │ +-rw-r--r-- 0 0 0 4226 2016-10-30 02:45:06.000000 debian/patches/0105-Fix-multiple-out-of-bounds-problems-in-rle,-pict,-viff-and-sun-files.patch
│ │ │ +-rw-r--r-- 0 0 0 1062 2016-09-27 16:01:11.000000 debian/patches/0034-Detect-allocation-error-earlier.patch
│ │ │ +-rw-r--r-- 0 0 0 4280 2016-09-27 16:01:11.000000 debian/patches/0033-Robustify-xmp-and-pnm-reader.patch
│ │ │ +-rw-r--r-- 0 0 0 1058 2016-09-27 16:01:11.000000 debian/patches/0036-Avoid-an-overflow-in-ConstrainColormapIndex.patch
│ │ │ -rw-r--r-- 0 0 0 27 2014-03-02 17:24:19.000000 debian/libmagick++5.install
│ │ │ --rw-r--r-- 0 0 0 100931 2016-06-13 22:05:53.000000 debian/changelog
│ │ │ +-rw-r--r-- 0 0 0 106329 2016-11-28 05:50:15.000000 debian/changelog
│ │ │ -rw-r--r-- 0 0 0 29 2014-03-02 17:24:19.000000 debian/libmagickwand5.install
│ │ │ -rw-r--r-- 0 0 0 238 2014-03-02 17:24:19.000000 debian/libmagick++-dev.install
│ │ │ -rw-r--r-- 0 0 0 606 2014-03-02 17:24:19.000000 debian/libmagickcore5-extra.install
│ │ │ -rwxr-xr-x 0 0 0 7852 2016-06-01 17:24:10.000000 debian/rules
│ │ │ -rw-r--r-- 0 0 0 302 2014-03-02 17:24:19.000000 debian/libmagickcore-dev.install
│ │ │ -rw-r--r-- 0 0 0 11 2014-03-02 17:24:19.000000 debian/imagemagick.docs
│ │ │ -rw-r--r-- 0 0 0 390 2014-03-02 17:24:19.000000 debian/imagemagick.prerm
│ │ ├── debian/patches/0071-Prevent-null-pointer-access-in-magick-constitute.c.patch
│ │ │ @@ -4,19 +4,17 @@
│ │ │ Subject: [PATCH] Prevent null pointer access in magick/constitute.c
│ │ │
│ │ │ Bug: https://github.com/ImageMagick/ImageMagick/pull/34
│ │ │ ---
│ │ │ magick/constitute.c | 10 +++++++++-
│ │ │ 1 file changed, 9 insertions(+), 1 deletion(-)
│ │ │
│ │ │ -diff --git a/magick/constitute.c b/magick/constitute.c
│ │ │ -index ff339ee..820f632 100644
│ │ │ ---- a/magick/constitute.c
│ │ │ -+++ b/magick/constitute.c
│ │ │ -@@ -1299,7 +1299,14 @@ MagickExport MagickBooleanType WriteImages(const ImageInfo *image_info,
│ │ │ +--- imagemagick-6.7.7.10.orig/magick/constitute.c
│ │ │ ++++ imagemagick-6.7.7.10/magick/constitute.c
│ │ │ +@@ -1347,7 +1347,14 @@
│ │ │ sans_exception=DestroyExceptionInfo(sans_exception);
│ │ │ p=images;
│ │ │ for ( ; GetNextImageInList(p) != (Image *) NULL; p=GetNextImageInList(p))
│ │ │ - if (p->scene >= GetNextImageInList(p)->scene)
│ │ │ + {
│ │ │ + register Image
│ │ │ + *next;
│ │ │ @@ -24,15 +22,15 @@
│ │ │ + next=GetNextImageInList(p);
│ │ │ + if (next == (Image *) NULL)
│ │ │ + break;
│ │ │ + if (p->scene >= next->scene)
│ │ │ {
│ │ │ register ssize_t
│ │ │ i;
│ │ │ -@@ -1312,6 +1319,7 @@ MagickExport MagickBooleanType WriteImages(const ImageInfo *image_info,
│ │ │ +@@ -1360,6 +1367,7 @@
│ │ │ p->scene=(size_t) i++;
│ │ │ break;
│ │ │ }
│ │ │ + }
│ │ │ /*
│ │ │ Write images.
│ │ │ */
│ │ ├── debian/patches/0079-Indirect-filename-must-be-authorized-by-policy.patch
│ │ │ @@ -1,25 +1,25 @@
│ │ │ Description: Indirect filename must be authorized by policy
│ │ │ Origin: upstream, https://github.com/ImageMagick/ImageMagick/commit/89ce096de81428c1b15b44ec97eb5a7c7d4e0f8b, https://github.com/ImageMagick/ImageMagick/commit/58a2ce1638c7cca4db9c9a70ea841b34c8932490
│ │ │ Bug: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
│ │ │ Bug-CVE: CVE-2016-3714
│ │ │ Bug-Debian: https://bugs.debian.org/823542
│ │ │ Last-Update: 2016-05-15
│ │ │ ---
│ │ │ ---- a/magick/property.c
│ │ │ -+++ b/magick/property.c
│ │ │ +--- imagemagick-6.7.7.10.orig/magick/property.c
│ │ │ ++++ imagemagick-6.7.7.10/magick/property.c
│ │ │ @@ -66,6 +66,7 @@
│ │ │ #include "magick/monitor.h"
│ │ │ #include "magick/montage.h"
│ │ │ #include "magick/option.h"
│ │ │ +#include "magick/policy.h"
│ │ │ #include "magick/profile.h"
│ │ │ #include "magick/property.h"
│ │ │ #include "magick/quantum.h"
│ │ │ -@@ -2941,19 +2942,28 @@
│ │ │ +@@ -2961,19 +2962,28 @@
│ │ │ (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
│ │ │
│ │ │ if ((embed_text == (const char *) NULL) || (*embed_text == '\0'))
│ │ │ - return((char *) NULL);
│ │ │ + return(ConstantString(""));
│ │ │ p=embed_text;
│ │ │
│ │ ├── debian/patches/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
│ │ │ @@ -31,16 +31,16 @@
│ │ │ -
│ │ │ +
│ │ │
│ │ │
│ │ │
│ │ │ --- a/magick/property.c
│ │ │ +++ b/magick/property.c
│ │ │ -@@ -3534,6 +3534,26 @@
│ │ │ - ConstantString(property),ConstantString(value));
│ │ │ +@@ -2357,6 +2357,26 @@ static const char *GetMagickPropertyLett
│ │ │ + CommandOptionToMnemonic(MagickDisposeOptions,(ssize_t) image->dispose));
│ │ │ break;
│ │ │ }
│ │ │ + case 'F': /* Magick filename (sanitized) - filename given incl. coder & read mods */
│ │ │ + {
│ │ │ + const char
│ │ │ + *q;
│ │ │ +
│ │ │ @@ -55,10 +55,10 @@
│ │ │ + (void) CopyMagickString(value,image->magick_filename,MaxTextExtent);
│ │ │ + p=value;
│ │ │ + q=value+strlen(value);
│ │ │ + for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
│ │ │ + *p='_';
│ │ │ + break;
│ │ │ + }
│ │ │ - case 'G':
│ │ │ - case 'g':
│ │ │ + case 'G': /* Image size as geometry = "%wx%h" */
│ │ │ {
│ │ │ + (void) FormatLocaleString(value,MaxTextExtent,"%.20gx%.20g",(double)
│ │ ├── debian/patches/series
│ │ │ @@ -18,7 +18,88 @@
│ │ │ 0077-Remove-PLT-Gnuplot-decoder.patch
│ │ │ 0078-Sanitize-input-filename-for-http-and-https-delegates.patch
│ │ │ 0079-Indirect-filename-must-be-authorized-by-policy.patch
│ │ │ 0080-Prevent-indirect-reads-with-label-at.patch
│ │ │ 0081-Less-secure-coders-require-explicit-reference.patch
│ │ │ 0082-Disable-MAGICKCORE_HAVE_POPEN.patch
│ │ │ CVE-2016-4563.patch
│ │ │ +0007-Quit-earlier-in-case-of-corrupted-pnm-image.patch
│ │ │ +0008-Added-missing-calls-to-RelinquishUniqueFileResource.patch
│ │ │ +0009-Fix-a-double-free-in-pdb-coder.patch
│ │ │ +0010-Fix-handling-of-corrupted-dpc-and-xwd-image.patch
│ │ │ +0011-Bail-out-early-in-case-of-malformed-dpx-file.patch
│ │ │ +0012-Avoid-SEGV-in-malformed-xwd-file.patch
│ │ │ +0013-Avoid-a-NULL-dereference-in-ps-handling.patch
│ │ │ +0014-Avoid-out-of-bound-access-in-xwd-file-handling.patch
│ │ │ +0015-Fix-a-SEGV-with-corrupted-viff-image.patch
│ │ │ +0016-Fix-a-null-pointer-dereference-in-wpg-file-handling.patch
│ │ │ +0017-Do-not-continue-on-corrupted-wpg-file.patch
│ │ │ +0018-Avoid-a-out-of-bound-acess-in-viff-image.patch
│ │ │ +0019-Avoid-a-heap-buffer-overflow-in-pdb-file-handling.patch
│ │ │ +0020-Avoid-an-out-of-bound-acess-on-malformed-sun-file.patch
│ │ │ +0021-Avoid-heap-overflow-in-palm-pnm-and-xpm-files.patch
│ │ │ +0022-Fix-heap-overflow-in-quantum.c-palm-image-handling-a.patch
│ │ │ +0023-Fix-compile-problem-due-to-previous-patch.patch
│ │ │ +0024-Do-not-try-to-read-corrupted-sun-image.patch
│ │ │ +0026-Fix-corrupted-too-many-colors-psd-file.patch
│ │ │ +0027-Fix-out-of-bound-access-in-sun-image-handling.patch
│ │ │ +0029-Fix-handling-of-corrupted-sun-and-wpg-file.patch
│ │ │ +0030-Fix-heap-overflow-in-pcx-file-psd-pict-and-wpf-files.patch
│ │ │ +0031-Fix-compile-error-in-previous-fix-of-sun-file.patch
│ │ │ +0032-Additional-PNM-sanity-checks.patch
│ │ │ +0033-Robustify-xmp-and-pnm-reader.patch
│ │ │ +0034-Detect-allocation-error-earlier.patch
│ │ │ +0035-Avoid-a-crash-in-coders-rle.c.patch
│ │ │ +0036-Avoid-an-overflow-in-ConstrainColormapIndex.patch
│ │ │ +0037-Avoid-an-out-of-bound-access-in-palm-file.patch
│ │ │ +0038-Fix-another-crash-in-pnm-and-xpm-parser.patch
│ │ │ +0040-Fixed-boundary-checks-in-DecodePSDPixels.patch
│ │ │ +0041-Fix-another-out-of-bound-problem-in-rle-file.patch
│ │ │ +0042-Fix-crash-due-to-corrupted-dib-file.patch
│ │ │ +0043-Added-checks-to-prevent-overflow-in-rle-file.patch
│ │ │ +0044-Impose-a-limit-of-10-million-columns-or-rows-in-an-i.patch
│ │ │ +0045-Avoid-heap-overflow-in-rle-file.patch
│ │ │ +0046-Don-t-try-to-handle-a-previous-image-in-the-JNG-deco.patch
│ │ │ +0047-Avoid-a-memory-leak-in-quantum-management.patch
│ │ │ +0048-Avoid-a-crash-in-png-coder.patch
│ │ │ +0083-Prevent-buffer-overflow-in-PDB-MAP-and-CALS-coders.patch
│ │ │ +0084-Avoid-out-of-bound-for-malformed-jpeg-files.patch
│ │ │ +0085-Prevent-memory-use-after-free.patch
│ │ │ +0086-RLE-check-for-pixel-offset-less-than-0.patch
│ │ │ +0087-In-psd-file-handling-fixed-parsing-resource-block-and-avoid-a-crash.patch
│ │ │ +0088-Avoid-a-memory-leak-in-rle-file-handling.patch
│ │ │ +0089-During-identification-of-image-do-not-fill-memory.patch
│ │ │ +0090-Fix-DOS-due-to-corrupted-DDS-files.patch
│ │ │ +0091-Fix-a-SEGV-and-a-buffer-overflow-in-sun-file-handling.patch
│ │ │ +0092-Avoid-a-SIGABRT-in-sun-file-handling.patch
│ │ │ +0093-Fix-a-DOS-for-corrupted-DDS-file.patch
│ │ │ +0094-Prevent-buffer-overflow-in-magick-draw.c.patch
│ │ │ +0095-Prevent-possible-buffer-overflow-when-reading-TIFF-images.patch
│ │ │ +0096-Fix-out-of-bounds-memory-read-for-DDS-files.patch
│ │ │ +0097-Fix-out-of-bound-access-for-corrupted-WPG-file.patch
│ │ │ +0098-Add-additional-checks-to-DCM-reader-to-prevent-data-driven-faults.patch
│ │ │ +0099-Improve-checking-of-EXIF-profile-to-prevent-integer-overflow.patch
│ │ │ +0100-Prevent-buffer-overflow-in-properties-reading.patch
│ │ │ +0101-Avoid-a-buffer-overflow-in-bmp-file-reader.patch
│ │ │ +0102-Fix-SGI-file-buffer-overflow.patch
│ │ │ +0103-Fix-an-out-of-bounds-read-in-coders-psd.c.patch
│ │ │ +0104-Fix-rle-file-handling-for-corrupted-file.patch
│ │ │ +0105-Fix-multiple-out-of-bounds-problems-in-rle,-pict,-viff-and-sun-files.patch
│ │ │ +0106-Fix-a-heap-overflow-in-hdr-file-handling.patch
│ │ │ +0107-Fix-a-heap-buffer-overflow-in-psd-file-handling.patch
│ │ │ +0108-Fix-an-out-of-bound-access-for-malformed-psd-file.patch
│ │ │ +0109-Fix-a-meta-file-out-of-bounds-access.patch
│ │ │ +0110-Fix-an-out-of-bound-access-in-wpg-file-coder.patch
│ │ │ +0111-Fix-out-of-bound-access-for-viff-file-coder.patch
│ │ │ +0112-Fix-an-out-of-bound-access-in-xcf-file-coder.patch
│ │ │ +0113-Fix-out-of-bound-in-quantum-handling.patch
│ │ │ +0114-Fix-a-pbd-file-out-of-bound-access.patch
│ │ │ +0115-Fix-handling-of-corrupted-psd-file.patch
│ │ │ +0116-Fix-a-wpg-file-out-of-bound-for-corrupted-file.patch
│ │ │ +0117-Fix-an-out-of-bound-access-in-generic-decoder.patch
│ │ │ +0118-Fix-an-out-of-bound-access-for-corrupted-psd-file.patch
│ │ │ +0119-Fix-a-SEGV-reported-in-corrupted-profile-handling.patch
│ │ │ +0120-Fix-an-out-of-bound-access-for-corrupted-pdb-file.patch
│ │ │ +0121-Fix-a-SIGABRT-for-corrupted-pdb-file.patch
│ │ │ +0122-Fix-potential-DOS-by-not-releasing-memory.patch
│ │ │ +0123-Prevent-buffer-overflow-in-draw.c.patch
│ │ │ +0124-Fix-loading-arbitrary-module-from-user-side.patch
│ │ ├── debian/patches/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
│ │ │ @@ -2,17 +2,17 @@
│ │ │ This removes support for the pipe (|) prefix for
│ │ │ reading/writing from/to a shell command.
│ │ │ Origin: http://www.openwall.com/lists/oss-security/2016/05/29/7
│ │ │ Bug-CVE: CVE-2016-5118
│ │ │ Bug-Debian: https://bugs.debian.org/825799
│ │ │ Last-Update: 2016-05-31
│ │ │ ---
│ │ │ ---- a/magick/blob.c
│ │ │ -+++ b/magick/blob.c
│ │ │ -@@ -86,6 +86,9 @@
│ │ │ +--- imagemagick-6.7.7.10.orig/magick/blob.c
│ │ │ ++++ imagemagick-6.7.7.10/magick/blob.c
│ │ │ +@@ -91,6 +91,9 @@
│ │ │ #define _O_BINARY O_BINARY
│ │ │ #endif
│ │ │
│ │ │
│ │ │ +
│ │ │ +#undef MAGICKCORE_HAVE_POPEN // CVE-2016-5118
│ │ │ +
│ │ │ /*
│ │ ├── debian/changelog
│ │ │ @@ -1,7 +1,103 @@
│ │ │ +imagemagick (8:6.7.7.10-5+deb7u8) unstable; urgency=high
│ │ │ +
│ │ │ + [ Ben Hutchings ]
│ │ │ + * Non-maintainer upload by the LTS Team
│ │ │ + * Avoid a SEGV due to a corrupted pnm file (CVE-2014-9805)
│ │ │ + * Added missing calls to RelinquishUniqueFileResource (CVE-2014-9806)
│ │ │ + * Fix a double free in pdb coder (CVE-2014-9807)
│ │ │ + * Fix handling of corrupted dpc and xwd image (CVE-2014-9808, CVE-2014-9809)
│ │ │ + * Bail out early in case of malformed dpx file (CVE-2014-9810)
│ │ │ + * Avoid SEGV in malformed xwd file (CVE-2014-9811)
│ │ │ + * Avoid a NULL dereference in ps handling (CVE-2014-9812)
│ │ │ + * Avoid out of bound access in xwd file handling
│ │ │ + * Fix a SEGV with corrupted viff image (CVE-2014-9813)
│ │ │ + * Fix a null pointer dereference in wpg file handling (CVE-2014-9814)
│ │ │ + * Do not continue on corrupted wpg file (CVE-2014-9815)
│ │ │ + * Avoid a out of bound acess in viff image (CVE-2014-9816)
│ │ │ + * Avoid a heap buffer overflow in pdb file handling (CVE-2014-9817)
│ │ │ + * Avoid an out of bound acess on malformed sun file (CVE-2014-9818)
│ │ │ + * Avoid heap overflow in palm and xpm files (CVE-2014-9819, CVE-2014-9821)
│ │ │ + * Fix heap overflow in quantum.c, palm image handling and psd image handling
│ │ │ + (CVE-2014-9822, CVE-2014-9823, CVE-2014-9824)
│ │ │ + * Do not try to read corrupted sun image
│ │ │ + * Fix corrupted (too many colors) psd file (CVE-2014-9828)
│ │ │ + * Fix out of bound access in sun image handling (CVE-2014-9829)
│ │ │ + * Fix handling of corrupted sun and wpg file (CVE-2014-9830, CVE-2014-9831)
│ │ │ + * Fix heap overflow in pcx file, psd, pict and wpf files and DOS in xpm file
│ │ │ + (CVE-2014-9832, CVE-2014-9833, CVE-2014-9834, CVE-2014-9835, CVE-2014-9836)
│ │ │ + * Additional PNM sanity checks (CVE-2014-9837)
│ │ │ + * Robustify xmp and pnm reader
│ │ │ + * Detect allocation error earlier (CVE-2014-9838)
│ │ │ + * Avoid a crash in coders/rle.c
│ │ │ + * Avoid an overflow in ConstrainColormapIndex
│ │ │ + * Avoid an out of bound access in palm file (CVE-2014-9840)
│ │ │ + * Fix another crash in xpm parser
│ │ │ + * Fixed boundary checks in DecodePSDPixels (CVE-2014-9843)
│ │ │ + * Fix another out of bound problem in rle file (CVE-2014-9844)
│ │ │ + * Fix crash due to corrupted dib file (CVE-2014-9845)
│ │ │ + * Added checks to prevent overflow in rle file (CVE-2014-9846)
│ │ │ + * Impose a limit of 10 million columns or rows in an input PNG
│ │ │ + * Avoid heap overflow in rle file
│ │ │ + * Don't try to handle a "previous" image in the JNG decoder (CVE-2014-9847)
│ │ │ + * Avoid a memory leak in quantum management (CVE-2014-9848)
│ │ │ + * Avoid a crash in png coder (CVE-2014-9849)
│ │ │ + * Fix mis-applied patch for CVE-2016-3714
│ │ │ +
│ │ │ + [ Roberto C. Sanchez ]
│ │ │ + * Prevent buffer overflow in PDB, MAP, and CALS coders
│ │ │ + * Avoid out of bound for malformed jpeg files
│ │ │ + * Prevent memory use after free
│ │ │ + * RLE check for pixel offset less than 0
│ │ │ + * In psd file handling fixed parsing resource block and
│ │ │ + avoid a crash (CVE-2014-9851)
│ │ │ + * Avoid a memory leak in rle file handling (CVE-2014-9853)
│ │ │ + * During identification of image do not fill memory (CVE-2014-9854)
│ │ │ + * Fix DOS due to corrupted DDS files (CVE-2014-9907)
│ │ │ + * Fix a buffer overflow and a SEGV in sun file handling (CVE-2015-8957)
│ │ │ + * Avoid a SIGABRT in sun file handling (CVE-2015-8958)
│ │ │ + * Fix a DOS for corrupted DDS file (CVE-2015-8959)
│ │ │ + * Prevent buffer overflow in magick/draw.c (CVE-2016-4562, CVE-2016-4564)
│ │ │ + * Prevent possible buffer overflow when reading TIFF images (CVE-2016-5010)
│ │ │ + * Fix out of bounds memory read for DDS files (CVE-2016-5687)
│ │ │ + * Fix out of bound access for corrupted WPG file (CVE-2016-5688)
│ │ │ + * Add additional checks to DCM reader to prevent data-driven faults
│ │ │ + (CVE-2016-5689, CVE-2016-5690, CVE-2016-5691)
│ │ │ + * Improve checking of EXIF profile to prevent integer overflow
│ │ │ + (CVE-2016-5841, CVE-2016-5842)
│ │ │ + * Prevent buffer overflow in properties reading (CVE-2016-6491)
│ │ │ + * Avoid a buffer overflow in bmp file reader (CVE-2016-6823)
│ │ │ + * Fix SGI file buffer overflow (CVE-2016-7101)
│ │ │ + * Fix an out-of-bounds read in coders/psd.c (CVE-2016-7514)
│ │ │ + * Fix rle file handling for corrupted file (CVE-2016-7515)
│ │ │ + * Fix multiple out of bounds problems in rle, pict, viff and sun
│ │ │ + files (CVE-2016-7516, CVE-2016-7517, CVE-2016-7518, CVE-2016-7519)
│ │ │ + * Fix a heap overflow in hdr file handling (CVE-2016-7520)
│ │ │ + * Fix a heap buffer overflow in psd file handling (CVE-2016-7521)
│ │ │ + * Fix an out of bound access for malformed psd file (CVE-2016-7522)
│ │ │ + * Fix a meta file out of bounds access (CVE-2016-7523, CVE-2016-7524)
│ │ │ + * Fix an out of bound access in wpg file coder
│ │ │ + (CVE-2016-7526, CVE-2016-7527)
│ │ │ + * Fix out of bound access for viff file coder (CVE-2016-7528)
│ │ │ + * Fix an out of bound access in xcf file coder (CVE-2016-7529)
│ │ │ + * Fix out of bound in quantum handling (CVE-2016-7530)
│ │ │ + * Fix a pbd file out of bound access (CVE-2016-7531)
│ │ │ + * Fix handling of corrupted psd file (CVE-2016-7532)
│ │ │ + * Fix a wpg file out of bound for corrupted file (CVE-2016-7533)
│ │ │ + * Fix an out of bound access in generic decoder (CVE-2016-7534)
│ │ │ + * Fix an out of bound access for corrupted psd file (CVE-2016-7535)
│ │ │ + * Fix a SEGV reported in corrupted profile handling (CVE-2016-7536)
│ │ │ + * Fix an out of bound access for corrupted pdb file (CVE-2016-7537)
│ │ │ + * Fix a SIGABRT for corrupted pdb file (CVE-2016-7538)
│ │ │ + * Fix potential DOS by not releasing memory (CVE-2016-7539)
│ │ │ + * Prevent buffer overflow in draw.c
│ │ │ + * Fix loading arbitrary module from user side
│ │ │ +
│ │ │ + -- Roberto C. Sanchez Mon, 28 Nov 2016 00:30:16 -0500
│ │ │ +
│ │ │ imagemagick (8:6.7.7.10-5+deb7u7) wheezy-security; urgency=high
│ │ │
│ │ │ * Non-maintainer upload by the LTS Team.
│ │ │ * Add patch for CVE-2016-4563: Ensure integer does not overflow calculating
│ │ │ new buffer size for storing paths.
│ │ │
│ │ │ -- Brian May Tue, 14 Jun 2016 08:02:46 +1000
│ │ ╵
│ ╵
╵