Upgrade ImageMagick

### Description

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9098
https://scarybeastsecurity.blogspot.com.au/2017/05/bleed-continues-18-byte-file-14k-bounty.html
https://vuldb.com/?id.101520

### From upstream Debian
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-9

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <email address hidden> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 May 2017 15:54:06 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-9
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <email address hidden>
Changed-By: Bastien Roucariès <email address hidden>
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
 libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
 libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
 libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
 libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
 libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
 libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 862967 863123 863124 863125 863126
Changes:
 imagemagick (8:6.9.7.4+dfsg-9) unstable; urgency=high
 .
   * Security fixes assertion failure and memory leaks:
     + Check for EOF conditions for RLE image format. (Closes: #863126).
       Fix CVE-2017-9144.
     + A crafted file revealed an assertion failure in blob.c.
       (Closes: #863125).
       Fix CVE-2017-9142.
     + A crafted file revealed an assertion failure in profile.c.
       (Closes: #863124). Fix CVE-2017-9142.
     + Specially crafted arts file could lead to memory leak.
       (Closes: #863123). Fix CVE-2017-9143.
   * Fix an information leak due to the use of uninitialized memory
     in RLE decoder. (Closes: #862967). Fix CVE-2017-9098.
Checksums-Sha1:
 d5ee008ec87b0c41d84cf0caa104c35fe274c0ac 5133 imagemagick_6.9.7.4+dfsg-9.dsc
 1a013f2ebc77be28abfde50aafdfbd8eecfc7f48 220784 imagemagick_6.9.7.4+dfsg-9.debian.tar.xz
 00c2c54305eb79ef256392f5ac1d4d5a352ed841 12926 imagemagick_6.9.7.4+dfsg-9_source.buildinfo
Checksums-Sha256:
 17f6830385b5d1142e14d83dc59afd77458322799767885d84e61bb0807891a4 5133 imagemagick_6.9.7.4+dfsg-9.dsc
 5e2102ff814d8264bc5fcdaec25b4af0a981c2a13c95708579abbba52dacd46a 220784 imagemagick_6.9.7.4+dfsg-9.debian.tar.xz
 d8e9d2dd1b0e5253b284c5f9556e5bb69420b62e975ff550d4b503830fa82d76 12926 imagemagick_6.9.7.4+dfsg-9_source.buildinfo
Files:
 1c8abbfa57e9eea291ef1e37a9e80b80 5133 graphics optional imagemagick_6.9.7.4+dfsg-9.dsc
 701f056ef775efd089b5fea56de5d0a5 220784 graphics optional imagemagick_6.9.7.4+dfsg-9.debian.tar.xz
 1aef615a1acbee60da14cbd704f2996f 12926 graphics optional imagemagick_6.9.7.4+dfsg-9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlkpmZ4ACgkQADoaLapB
CF9r1Q/9GWf3pKfndHD43RpQ8UmWKjWcT8dTQtQ+FUTU/Fyno0KpUFav6+rejVp3
GwBnQEVe4rBQmoAoa012bCuKmEebiBOT9xHWMAlQ3T70P+fxXK0O6Xsc6OTGZGvh
XofKaKVqe7t3RQcq+2443Gw5q8qbMYTEWY7dngPNHAJi+/Es0elAhyz5lnMQyDck
QV0bULq3CfaEkZhAd/DXs0B92MMahA3YkHQsCoGJ4NFglLc/pqEEBtQWiyzFDNn5
i4YApbGrzaVVD7oP04l8nK/JKJRK1AJ+5sXGhJPdg01g0eHfnMfOFyGVvmP/0w9y
DsWxb2r2pF6MMSkix6asGWUF1ZbZ0nWdFV4R8W6DEU0mHYhNroz7Li4nfiVAiG/D
wzFMqzIhvS6VhRkgrmzUOeNMe/VtaFmMaYjFiovAfuIcu2eq3IPe96QC04TtQ2jr
fDLgxQUypzdLO3h/IWHE045k1tszvODqv2NJsgw6WTxth1DsROm09Rmn+xtGwzgb
+MHU+k/vy8VgGnyvHOADvAyVkJtufbvTb8+WKwKTOLuEzu3RmxIzRHb6EaTYebpw
zmH5xK/RXqz0Cag7jLhJ0nwVV/+lJKju1V6J2iRy1Hj+NqkjXyULaBhNcotX2sDa
S+3qsLP8h1arUzU5w/rYGJtETzga9wZ4pRu3Qm9ao9SKGvzd9YM=
=CEJo
-----END PGP SIGNATURE-----