Accepted cimg 1.5.9+dfsg-1+deb8u1 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Sep 2019 19:03:02 +0200
Source: cimg
Binary: cimg-dev cimg-doc cimg-examples
Architecture: source all
Version: 1.5.9+dfsg-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Science Team <debian-science-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
cimg-dev - powerful image processing library
cimg-doc - documentation of cimg-dev imaging library
cimg-examples - examples for cimg-dev imaging library
Changes:
cimg (1.5.9+dfsg-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2019-1010174
Loading a special crafted image can lead to command injection, as
no string sanitization is done on the url.
* CVE-2018-7588, CVE-2018-7637, CVE-2018-7638,
CVE-2018-7639, CVE-2018-7640, CVE-2018-7641
A crafted bmp image can lead to a heap-based buffer over-read in load_bmp().
They are different CVEs as each occurs in different image types.
* CVE-2018-7589
A cafted bmp image can lead to a double free in load_bmp().
Checksums-Sha1:
7c29fbf90fa129a6fe6d873769a018e6fcc2ed3b 2418 cimg_1.5.9+dfsg-1+deb8u1.dsc
e56a8a3898d21e7a7a8b94495c5abdf4a1ec35b2 9764160 cimg_1.5.9+dfsg.orig.tar.xz
a908c011d96744592581bbaf83bccb150a690b65 44768 cimg_1.5.9+dfsg-1+deb8u1.debian.tar.xz
d71685b73caf6d3b8a372e396f43d75a449ad8bf 380722 cimg-dev_1.5.9+dfsg-1+deb8u1_all.deb
8e63c06991c9c15f2f7b464b19fa3543826d4044 7348202 cimg-doc_1.5.9+dfsg-1+deb8u1_all.deb
640a6c8a3ea3b3cb1fff00be660f671ce121ed8a 2085062 cimg-examples_1.5.9+dfsg-1+deb8u1_all.deb
Checksums-Sha256:
0f87f44684dea9ebc295a09077f171ec99f5064577e123e64680ab643151d849 2418 cimg_1.5.9+dfsg-1+deb8u1.dsc
d4184ab11c5c2525b87d5a680c578e6516f8a56a90cc8b577ac40e03239c36a6 9764160 cimg_1.5.9+dfsg.orig.tar.xz
b122642b751f927babf3eba315f2e69cbc1ce3a6b445d37f4c3cb366b48bb320 44768 cimg_1.5.9+dfsg-1+deb8u1.debian.tar.xz
237e5ad79dfafef71ce7b0a082a7d67cb9c0a868ab5ade0bbd4e640ae10ed7a5 380722 cimg-dev_1.5.9+dfsg-1+deb8u1_all.deb
e102c63495b8f22d5b9939cf101bbb74dd8b9abcdb7fd3291a1a7f884e1fc272 7348202 cimg-doc_1.5.9+dfsg-1+deb8u1_all.deb
0ca8bb902c5969f6bd4c97f2d672b802b69d7ab384810047dcab5041fe66d134 2085062 cimg-examples_1.5.9+dfsg-1+deb8u1_all.deb
Files:
c00f44df1a1dd53ec4c7341887343676 2418 math optional cimg_1.5.9+dfsg-1+deb8u1.dsc
2f9b2f1a26134347e611688433d01ad1 9764160 math optional cimg_1.5.9+dfsg.orig.tar.xz
9dbeca71d9db9e4f505dc48820c5bf84 44768 math optional cimg_1.5.9+dfsg-1+deb8u1.debian.tar.xz
51ae1faaff223ed41d13f9cf04396a47 380722 math optional cimg-dev_1.5.9+dfsg-1+deb8u1_all.deb
2929e44cd51de49524eb0b8e1ada8ce9 7348202 doc optional cimg-doc_1.5.9+dfsg-1+deb8u1_all.deb
4ed9d53613f15f1b31b929307bb858c5 2085062 doc optional cimg-examples_1.5.9+dfsg-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2PH91fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRyzSD/wNTD4WpEpGx+0BcQz9yEz88Y+coAcM
tjMvqfMTEJYPgfbJYqTjtwf32B2as+u8p+Ol09r/E+RFN+wjJt5RoSpsZCtj5ysW
YYBU4FdHLM/KhDerk7uwR9FXioEKWVlpGrEuo6NVVMsEidlhrmCwBXtgB09zQmwZ
5+T9x9SJKHCxAnafRdfwSJuB8ck6KNyLdWIyZBZxPPWoJi7qAIUMWCyTx5EO2p78
l5iY40S03PbOF+lKGu6vOHPP0k6mfCXonTz415Wptiqj2vX4t9jLh4BHHzPjqvMg
XmcDhcrwFC3tymGCTESFx1Q7c7qE/n1C0Q3Or+M5eyMG6Xjo8xgp83Ov0Fe9tK9r
OIlT4x3Phz+0r31QI3SSn+qc0CdaR66sLNxTNqy3MymvplP3ssrUMucipnLsAGJH
Yid4rU/H7IRTrTRxYOktp5lKMlbtk4VnRO4SMhelBTrz9rH+J4oXg9CTAGLql9eh
Yx0es804ZkhpydlPQaG8T0p+7z/fLwm4M2iwTB8AnVEKqx1ppw/6pwWi+2N0mgbO
bAzbpAk4+JD2up20hSod14Ch8C5Blq/EhoiV4Rhy7l2NOOzhuEb1yVUZb25YgFBj
05UDffBPTJeYuAYlaoAgRl03L0VPzz1+qvpT2Yy+PX1ZFZHKzyRs9LIRaXMeIZ0O
bQOs1puZ66whGw==
=QSA+
-----END PGP SIGNATURE-----