Fedora: 2017-08-27031C8F Moderate: Synfig Update on Security Fixes

Synfig is a powerful, industrial-strength vector-based 2D animation

software, designed from the ground-up for producing feature-film quality

animation with fewer people and resources. It is designed to be capable of

producing feature-film quality animation. It eliminates the need for

tweening, preventing the need to hand-draw each frame. Synfig features

spatial and temporal resolution independence (sharp and smoothat any

resolution or framerate), high dynamic range images, and a flexible plugin

system.

This package contains the command-line-based rendering backend.

Install synfigstudio package for GUI-based animation studio.

Many security fixes, bug fixes, and other changes from the previous version

6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages

are mostly straight rebuilds, a couple also include bugfix version updates.

[ 1 ] Bug #1471837 - CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1471837

[ 2 ] Bug #1471122 - CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1471122

[ 3 ] Bug #1470670 - CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1470670

[ 4 ] Bug #1465064 - CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1465064

[ 5 ] Bug #1455602 - CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1455602

[ 6 ] Bug #1453125 - CVE-2017-9098 ImageMagick: use of uninitialized memory in RLE decoder [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1453125

[ 7 ] Bug #1413898 - CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1413898

[ 8 ] Bug #1408404 - CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1408404

[ 9 ] Bug #1483575 - CVE-2017-12587 ImageMagick: Resource exhaustion in ReadPWPImage function in coders\pwp.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1483575

[ 10 ] Bug #1299275 - ImageMagick-7.0.6-9 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1299275

[ 11 ] Bug #1483132 - CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1483132

[ 12 ] Bug #1483117 - CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12666 ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1483117

[ 13 ] Bug #1482655 - CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12432 ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1482655

[ 14 ] Bug #1482626 - CVE-2017-12418 ImageMagick: Memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1482626

[ 15 ] Bug #1350462 - CVE-2016-5841 CVE-2016-5842 imagemagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1350462

[ 16 ] Bug #1361494 - CVE-2016-6491 ImageMagick: Out-of-bounds read in CopyMagickMemory [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1361494

[ 17 ] Bug #1378790 - CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1378790

[ 18 ] Bug #1361578 - CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1361578

[ 19 ] Bug #1477566 - CVE-2017-12140 ImageMagick: integer signedness error in ReadDCMImage function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1477566

[ 20 ] Bug #1477070 - CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-11753 CVE-2017-11754 CVE-2017-11755 ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1477070

[ 21 ] Bug #1475486 - CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1475486

[ 22 ] Bug #1475471 - CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1475471

[ 23 ] Bug #1475464 - CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1475464

[ 24 ] Bug #1474846 - CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1474846

[ 25 ] Bug #1474420 - CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1474420

[ 26 ] Bug #1473848 - CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1473848

[ 27 ] Bug #1473825 - CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1473825

[ 28 ] Bug #1473802 - CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1473802

[ 29 ] Bug #1473799 - CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1473799

[ 30 ] Bug #1473797 - CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1473797

[ 31 ] Bug #1473775 - CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1473775

[ 32 ] Bug #1473758 - CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1473758

[ 33 ] Bug #1473719 - CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1473719

[ 34 ] Bug #1410515 - ImageMagick: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1410515

[ 35 ] Bug #1479313 - synfigstudio doesn't start

https://bugzilla.redhat.com/show_bug.cgi?id=1479313

su -c 'dnf upgrade synfig' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org