imagemagick (8:6.8.9.9-7ubuntu5.3) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      8:6.8.9.9-5+deb8u6 release. Once again, thanks to Bastien Roucariès
      for the excellent work this update is based on!
    - CVE-2016-7799, CVE-2016-7906, CVE-2016-8677, CVE-2016-8862,
      CVE-2016-9556
  * debian/patches/0070-Fix-PixelColor-off-by-one-on-i386.patch: add back
    changes from 8:6.8.9.9-7ubuntu1 lost during the previous update.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 29 Nov 2016 07:51:53 -0500

imagemagick (8:6.8.9.9-7ubuntu5.2) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize large quantity of security fixes with
      Debian's 8:6.8.9.9-5+deb8u5 release. Thanks to Bastien Roucariès for
      the excellent work this update is based on!
    - CVE-2014-9907, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959,
      CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010,
      CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690,
      CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491,
      CVE-2016-6823, CVE-2016-7101, CVE-2016-7513, CVE-2016-7514,
      CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518,
      CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522,
      CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526,
      CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530,
      CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534,
      CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538,
      CVE-2016-7539, CVE-2016-7540

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 10 Nov 2016 11:00:17 -0500

imagemagick (8:6.8.9.9-7ubuntu5.1) xenial-security; urgency=medium

  * SECURITY UPDATE: ImageTragick remote code execution
    - d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
    - d/p/0077-Remove-PLT-Gnuplot-decoder.patch
    - d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
    - d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
    - d/p/0080-Prevent-indirect-reads-with-label-at.patch
    - d/p/0081-Less-secure-coders-require-explicit-reference.patch
    - debian/rules: build with --with-rsvg.
    - CVE-2016-3714
    - CVE-2016-3715
    - CVE-2016-3716
    - CVE-2016-3717
    - CVE-2016-3718
  * SECURITY UPDATE: popen() shell vulnerability
    - d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
    - CVE-2016-5118

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 01 Jun 2016 13:02:37 -0400

imagemagick (8:6.8.9.9-7ubuntu5) xenial; urgency=medium

  * debian/rules: Use LCQUANTUMDEPTH when generating display-im6.desktop too.
    Fixes broken icon in .desktop file. (LP: #1558409)

 -- Iain Lane <iain@orangesquash.org.uk>  Mon, 18 Apr 2016 13:29:50 +0100

imagemagick (8:6.8.9.9-7ubuntu4) xenial; urgency=medium

  * Fix backport of d6054824 to include dropped parentheses
    (LP: #1549942).

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Wed, 16 Mar 2016 09:44:09 -0700

imagemagick (8:6.8.9.9-7ubuntu3) xenial; urgency=medium

  * Add backport of 54b752c3 to fix color behavior (LP: #1549942).

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Tue, 08 Mar 2016 09:22:10 -0800

imagemagick (8:6.8.9.9-7ubuntu2) xenial; urgency=medium

  * Add backport of a54fe0e8 to fix segmentation faults during
    php-imagick tests (LP: #1549942).

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Wed, 02 Mar 2016 15:45:35 -0800

imagemagick (8:6.8.9.9-7ubuntu1) xenial; urgency=medium

  * Add backports of d6054824, 95c8394e and 68c6a7d to
    0070-Fix-PixelColor-off-by-one-on-i386.patch (LP: #1549942)
    which were missed in "PixelColor off by one on i386
    (closes: #811308)
    https://github.com/ImageMagick/ImageMagick/issues/54".

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 25 Feb 2016 09:11:02 -0800

imagemagick (8:6.8.9.9-7) unstable; urgency=low

  * Fix various minor security issues 
    - Fix an integer overflow that can lead to a buffer overrun
      in the icon parsing code (LP: #1459747, closes: #806441)
    - Fix an integer overflow that can lead to a double free in
      pict parsing (LP: #1448803, closes: #806441).
    - Memory Leak while handle psd file (closes: #811308)
      http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
    - IM 6.9.2 crash with some PNG (closes: #811308, LP: #1492881)
      http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
    - Null pointer access in magick/constitute.c (closes: #811308)
      https://github.com/ImageMagick/ImageMagick/pull/34
    - PixelColor off by one on i386 (closes: #811308)
      https://github.com/ImageMagick/ImageMagick/issues/54
    - Fixed other memory leaks (closes: #811308)

 -- Vincent Fourmond <fourmond@debian.org>  Sun, 17 Jan 2016 21:18:19 +0100

imagemagick (8:6.8.9.9-6) unstable; urgency=high

  * Fix build on mips by printing progress (Closes: #770009).
  * Fix a few security bugs: (closes: #799524)
    - A DOS on specially crafted MIFF file (TEMP-0000000-FDAC72).
    - A DOS on specially crafted Vicar file (TEMP-0000000-EEF23C).
    - A DOS on specially crafted HDR file (TEMP-0000000-7C079F).
    - A DOS on specially crafted PDB file (TEMP-0000000-2FC21E).
    - Avoid a null pointer dereference in JNG decoder.
    - Avoid a DOS for RLE file.
    - Avoid double free on TGA file.
    - Avoid a bufer overflow by using field limit in sprintf.
    - Avoid a stack overflow in fx handling.
  * Replace density of 1 for JPEG by unknown working around
    a TeX bug (Closes: #763799).

 -- Bastien Roucariès <roucaries.bastien+debian@gmail.com>  Sat, 12 Sep 2015 23:06:08 +0200

# For older changelog entries, run 'apt-get changelog imagemagick-common'