Accepted graphicsmagick 1.3.20-3+deb8u4 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 02 Aug 2018 08:13:00 -0400
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source all
Version: 1.3.20-3+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick++3 - format-independent image processing - C++ shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
libgraphicsmagick3 - format-independent image processing - C shared library
Closes: 862967 867746 870153 870154 870155 870156 872575 872576 878511 878578 879999
Changes:
graphicsmagick (1.3.20-3+deb8u4) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Fix CVE-2016-5239: remove delegates support for Gnuplot and various other
file types (additional fix beyond CVE-2016-3714).
* Fix CVE-2017-11102: denial of service (application crash) via crafted PNG
file. (Closes: #867746)
* Fix CVE-2017-11140: denial of service (resource consumption) via crafted
JPEG file.
* Fix CVE-2017-11403, CVE-2017-18220: use-after-free vulnerability via a
crafted file.
* Fix CVE-2017-11637: NULL pointer dereference via crafted file.
(Closes: #870153)
* Fix CVE-2017-11638, CVE-2017-11642: NULL pointer dereference and
segmentation violation via a crafted file. (Closes: #870154, #870156)
* Fix CVE-2017-11641: memory leak during writing of Magick Persistent Cache
(MPC) files. (Closes: #870155)
* Fix CVE-2017-12935: invalid memory read during processing of large MNG
image files. (Closes: #872576)
* Fix CVE-2017-12936: use-after-free of data associated with error and
exception reporting. (Closes: #872575)
* Fix CVE-2017-13737: remote denial of service resulting from defective
calculation of number of objects in an array. (Closes: #878511)
* Fix CVE-2017-13775: denial of service (resource consumption) via crafted
JNX file.
* Fix CVE-2017-13776, CVE-2017-13777: denial of service (resource
consumption) via crafted XMB file.
* Fix CVE-2017-14504: denial of service (application crash) resulting from a
NULL pointer dereference triggered by a crafted PNM file.
* Fix CVE-2017-14994: denial of service (NULL pointer dereference) via a
crafted DICOM file.
* Fix CVE-2017-14997: denial of service (excessive memory allocation)
resulting from an integer underflow triggered by a crafted PICT file.
* Fix CVE-2017-15277: information disclosure via crafted GIF file with
neither global nor local palette. (Closes: #878578)
* Fix CVE-2017-6335: denial of service (out-of-bounds read and application
crash) via a crafted TIFF file with small samples per pixel value.
* Fix CVE-2017-9098: Fix information leak resulting from uninitialized
memory in the RLE decoder. (Closes: #862967)
* Fix CVE-2017-15930: NULL pointer dereference and segmentation violation
via crafted JPEG file. (Closes: #879999)
* Fix CVE-2017-16352: heap-based buffer overflow found in the "Display
visual image directory" feature.
* Fix CVE-2017-16547: denial of service (negative strncpy and application
crash) or possible other unspecified impact via a crafted file.
* Fix CVE-2017-18219: denial of service via a crafted file that triggers an
attempt at excessive memory allocation.
* Fix CVE-2017-18229: denial of service (memory exhaustion) via a crafted
TIFF file.
* Fix CVE-2017-18230: NULL pointer dereference and denial of service via a
crafted CINEON file.
* Fix CVE-2017-18231: NULL pointer dereference and denial of service via a
crafted EMF file.
* Fix CVE-2018-5685: denial of service (infinite loop and application hang)
via a crafted BMP image file with a crafted bit-field mask value.
* Fix CVE-2018-6799: denial of service (heap overwrite) or possibly have
unspecified other impact via a crafted image file, because a pixel staging
area is not used.
* Fix CVE-2018-9018: denial of service (divide-by-zero and application
crash) via crafted MNG file.
* Note: CVE-2017-16545 was fixed in version 1.3.20-3+deb8u3 by the same
patch that fixed CVE-2017-16669.
Checksums-Sha1:
741649a364ec7561ee9b30bd015acfb82f16300c 2802 graphicsmagick_1.3.20-3+deb8u4.dsc
ca9423b5ea1284f61b8fdceee2cffbbd37a1b836 208888 graphicsmagick_1.3.20-3+deb8u4.debian.tar.xz
2186fe9dfc564a20d387b0a0d8481290f0664344 29222 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u4_all.deb
b1d2dbe93712ce3c845cf260c19ea795706e6fcf 32728 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u4_all.deb
Checksums-Sha256:
a519d8b851eb519957c5b225fdd893368335634316a73871c525200ecfd2a4c0 2802 graphicsmagick_1.3.20-3+deb8u4.dsc
1bf7507511310dae1ad25feb31f5109223d07a3051649544142ede8901c69099 208888 graphicsmagick_1.3.20-3+deb8u4.debian.tar.xz
42741e97f144677826cb788239442ab5b356ec499cdb6264fcef60f647a1b264 29222 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u4_all.deb
1c328b091ce008c293e58d7220b39d00c14d8bac037b1935feca2dc05c8ef00d 32728 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u4_all.deb
Files:
d73d7c3589972f975ebcac1558560b7b 2802 graphics optional graphicsmagick_1.3.20-3+deb8u4.dsc
8e1fc636a51513d2d10d446d9717eb0f 208888 graphics optional graphicsmagick_1.3.20-3+deb8u4.debian.tar.xz
2921624b8a3ea7757fead7413da9201e 29222 graphics extra graphicsmagick-imagemagick-compat_1.3.20-3+deb8u4_all.deb
303b53fc547a2e7f30f6c2ee03c32412 32728 graphics extra graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u4_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAltjDO0ACgkQLNd4Xt2n
sg+qNRAAiakkK9EwktPnwsi9lBH75CNjs/hWmEmaH45EuAv1dGub60t9rCOx/SY1
4DfYZyA4CQkAn2791jThGvYcFHyJa7DHL3lPBX+PoBOoIE2ztMAlnq6PJhcz+clf
thz9Rr41Zu8AKpxi6s1HwFroQimPzuJR3ofJ7VoSpdIhTLOHtcvl9KtZ7+i/HrU8
asux67J+tLV9CmRRnyBsW5hvO+9KZ7IGEC5N9IJpIrWCcHH5LNkZPOajPg6csMTb
SUwfneOhGaXc7cYJc3m9Y6/Jc9uIdXXmLvNMZUAc8FGqrE2I8IxZ5Es5U+VUZk1R
Ud87yBlwVxOBV8HfTM8kqsk1i6U7agxlXu+5byooC1pRokUp68pWiqohDZNX/nsD
6we4fz+4C/qxQi5zMyydz3gWYmv+1HrFE6RpyOCSvS+VMFBrrKCfFiRfI8qp40LM
fvWcQHzvh/6nleWtu8rKAbFw0VaW/w3FWpBqkaZch52VOWC3SaY+fEQXqo5ByVIo
Q814r288HZ6TUpkSn3USxCQt5sNfA/zRGTTAMM1McyD2d924SZRWu16AqwyQtSFR
NUdn2rDE4gYUxsvwZTsr8zdvPuYsR7RnFdnwv9XGhZKCezJ6LjdlqpvJkmOiVzPG
HbBhaiNwF6GKviYgwD/9qYf4ww+fiXWcWwmFgFzfMkHpA+ZEkJc=
=l9UG
-----END PGP SIGNATURE-----