``` [neodymium:~/debdeploy] $ cat 2016-12-01-imagemagick.yaml source: imagemagick comment: DSA-3726-1 security update update_type: tool fixes: precise: jessie: 8:6.8.9.9-5+deb8u6+wmf1 trusty: --- [neodymium:~/debdeploy] $ sudo debdeploy -u 2016-12-01-imagemagick.yaml -s imagescaler-eqiad status-deploy mw1296.eqiad.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw1298.eqiad.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw1293.eqiad.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5 -> 8:6.8.9.9-5+deb8u6+wmf1 mw1295.eqiad.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw1297.eqiad.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw1294.eqiad.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 Deployment summary: Number of hosts in this deployment run: 6 No packages were added No packages were removed Updated packages: imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 5 hosts imagemagick-common: 8:6.8.9.9-5+deb8u5 -> 8:6.8.9.9-5+deb8u6+wmf1 on 1 hosts imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 5 hosts imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 5 hosts libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5 -> 8:6.8.9.9-5+deb8u6+wmf1 on 1 hosts libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 5 hosts libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5 -> 8:6.8.9.9-5+deb8u6+wmf1 on 1 hosts libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 5 hosts No restarts are needed Error summary: No errors found --- [neodymium:~/debdeploy] $ sudo debdeploy -u 2016-12-01-imagemagick.yaml -s imagescaler-codfw status-deploy mw2086.codfw.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw2087.codfw.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw2148.codfw.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u6 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u6 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u6 -> 8:6.8.9.9-5+deb8u6+wmf1 mw2089.codfw.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw2149.codfw.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw2150.codfw.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw2088.codfw.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 mw2151.codfw.wmnet: Updated packages: imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 Deployment summary: Number of hosts in this deployment run: 8 No packages were added No packages were removed Updated packages: imagemagick-6.q16: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 7 hosts imagemagick-common: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 7 hosts imagemagick-common: 8:6.8.9.9-5+deb8u6 -> 8:6.8.9.9-5+deb8u6+wmf1 on 1 hosts imagemagick: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 7 hosts libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 7 hosts libmagickcore-6.q16-2: 8:6.8.9.9-5+deb8u6 -> 8:6.8.9.9-5+deb8u6+wmf1 on 1 hosts libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u5+wmf1 -> 8:6.8.9.9-5+deb8u6+wmf1 on 7 hosts libmagickwand-6.q16-2: 8:6.8.9.9-5+deb8u6 -> 8:6.8.9.9-5+deb8u6+wmf1 on 1 hosts No restarts are needed Error summary: No errors found --- neodymium:~/debdeploy] $ sudo debdeploy -u 2016-12-01-imagemagick.yaml -s thumbor status-deploy thumbor1002.eqiad.wmnet: No change thumbor1001.eqiad.wmnet: No change Deployment summary: Number of hosts in this deployment run: 2 No packages were added No packages were removed No packages were updated No restarts are needed Error summary: No errors found -- imagemagick (8:6.8.9.9-5+deb8u6+wmf1) jessie-security; urgency=medium * Fix convert -sharpen with CYMK images (Bug: T141739) -- Daniel Zahn Thu, 1 Dec 2016 18:33:33 -0800 imagemagick (8:6.8.9.9-5+deb8u6) jessie-security; urgency=medium * Fix CVE-2016-7799: global buffer overflow. (Closes: #840437). * Fix CVE-2016-7906: use after free. (Closes: #840435). * Fix a TIFF file buffer overflow. (Closes: #845195). * Check return of fputc during TIFF file writing. (Closes: #845196). * Prevent buffer overflow by checking image extend for TIFF (Closes: #845198). * Avoid a out of bound read in VIFF file handler. (Closes: #845212 and LP: #1545183). * Avoid a DOS by not allowing too deep nested exception. (Closes: #845213). * Better check for buffer overflow in TIFF files handling. (Closes: #845202). * Fix CVE-2016-8677: memory allocate failure in AcquireQuantumPixels (Closes: #845206). * Prevent fault in MSL interpreter. (Closes: #845242). * Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray (Closes: #845242) * Fix null pointer dereference in TIFF file handling. (Closes: #845243). * Added check for invalid number of frames in mat file (Closes: #845244). * Fix an out of bound read in mat file due to insuffisant allocation. (Closes: #845246). * Fix CVE-2016-8862: memory allocation failure in AcquireMagickMemory (Closes: #845634). -- root@carbon:~# reprepro ls imagemagick imagemagick | 8:6.8.9.9-5+deb8u6+wmf1 | jessie-wikimedia | amd64, source --- Format: 1.8 Date: Thu, 1 Dec 2016 18:33:33 -0800 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u6+wmf1 Distribution: jessie-wikimedia Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Daniel Zahn Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Changes: imagemagick (8:6.8.9.9-5+deb8u6+wmf1) jessie-security; urgency=medium . * Fix convert -sharpen with CYMK images (Bug: T141739) Checksums-Sha1: 273388417e80f2e2753c09aa9b35496d89e9c866 3379 imagemagick_6.8.9.9-5+deb8u6+wmf1.dsc ``` https://www.debian.org/security/2016/dsa-3726