Comment 12 for bug 27767

tag 344997 + fixed
tag 345238 + fixed
tag 345595 + fixed
tag 345876 + fixed
tag 347486 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 17 Jan 2006 18:33:58 +0100
Source: imagemagick
Binary: perlmagick libmagick9 libmagick9-dev imagemagick libmagick++9-dev libmagick++9c2a
Architecture: source i386
Version: 6:6.2.4.5-0.6
Distribution: unstable
Urgency: high
Maintainer: Daniel Kobras <email address hidden>
Changed-By: Daniel Kobras <email address hidden>
Description:
 imagemagick - Image manipulation programs
 libmagick++9-dev - The object-oriented C++ API to the ImageMagick library--developme
 libmagick++9c2a - The object-oriented C++ API to the ImageMagick library
 libmagick9 - Image manipulation library
 libmagick9-dev - Image manipulation library -- development
 perlmagick - A perl interface to the libMagick graphics routines
Closes: 344997 345238 345595 345876 347486
Changes:
 imagemagick (6:6.2.4.5-0.6) unstable; urgency=high
 .
   * Non-maintainer upload.
   * magick/display.c: In DisplayImageCommand(), expand command line before
     allocating ressources based on argc. Patch and analysis thanks to
     Eero Häkkinen. Closes: #345595
   * magick/{animate.c,blob.c,display.c,image.c,log.c,montage.c,string.c,
     string_.h}: Implement new utility function FormatMagickStringNumeric()
     to securely expand a user-supplied format string with a single numeric
     argument. Adjust code to use this function where appropriate.
     (CVE-2006-0082) Closes: #345876
   * coders/pdf.c,coders/ps.c,magick/delegate.c,magick/delegate.h,
     magick/methods.h: Do not call external delegates with user-supplied
     filename, but with securely named symlinks only to prevent shell command
     injection (CVE-2005-4601). Closes: #345238
   * debian/rules: Make sure to include trailing spaces in multi-line
     commands to keep recent make happy. Cures problems with ghostscript
     font path. Fix thanks to Jeff Lessem. Closes: #347486
   * debian/imagemagick.mime: Rather than autodetect the type of an image,
     derive it from the mime type. As a side effect, this change allows to
     use arbitrary filenames with the 'see' command, even if they have
     special meaning to imagemagick internally. Also clean up some typos
     and superfluous entries once we're at it. Closes: #344997
Files:
 30814283b7a2257d49bc44b0b1b0de97 893 graphics optional imagemagick_6.2.4.5-0.6.dsc
 ea4efd97b724dc512db2a5a9d8fd4581 32179 graphics optional imagemagick_6.2.4.5-0.6.diff.gz
 f611cd8c9f58f199a610b17d1fd6c7dc 1614628 graphics optional imagemagick_6.2.4.5-0.6_i386.deb
 ac0eeefb70766c3ea21eed536e26b7ef 1309702 libs optional libmagick9_6.2.4.5-0.6_i386.deb
 574ca13393d8d0807b11ac4ca6fcf1e6 1662360 libdevel optional libmagick9-dev_6.2.4.5-0.6_i386.deb
 44f050ec89912e6fc5ba42216dc9784b 167724 libs optional libmagick++9c2a_6.2.4.5-0.6_i386.deb
 02a57c2d5427de29e293c99294e5da32 226508 libdevel optional libmagick++9-dev_6.2.4.5-0.6_i386.deb
 bcb5b44c1a9d0f56ef9cc1d9a3acd41c 170192 perl optional perlmagick_6.2.4.5-0.6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iD8DBQFDzUFapOKIA4m/fisRAn48AKDHo79ubr8Px5l5vmKoAFjybTYyTgCg0Hlv
wE0xxuBn2PJAXx7cahzjUTc=
=dtjH
-----END PGP SIGNATURE-----