Back to graphicsmagick PTS page

Accepted graphicsmagick 1.3.20-3+deb8u4 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted graphicsmagick 1.3.20-3+deb8u4 (source all) into oldstable
From: roberto@debian.org (Roberto C. Sanchez)
Date: Fri, 03 Aug 2018 00:30:25 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1flNz7-0002in-Dt@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 02 Aug 2018 08:13:00 -0400
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source all
Version: 1.3.20-3+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick++3 - format-independent image processing - C++ shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
 libgraphicsmagick3 - format-independent image processing - C shared library
Closes: 862967 867746 870153 870154 870155 870156 872575 872576 878511 878578 879999
Changes:
 graphicsmagick (1.3.20-3+deb8u4) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2016-5239: remove delegates support for Gnuplot and various other
     file types (additional fix beyond CVE-2016-3714).
   * Fix CVE-2017-11102: denial of service (application crash) via crafted PNG
     file. (Closes: #867746)
   * Fix CVE-2017-11140: denial of service (resource consumption) via crafted
     JPEG file.
   * Fix CVE-2017-11403, CVE-2017-18220: use-after-free vulnerability via a
     crafted file.
   * Fix CVE-2017-11637: NULL pointer dereference via crafted file.
    (Closes: #870153)
   * Fix CVE-2017-11638, CVE-2017-11642: NULL pointer dereference and
     segmentation violation via a crafted file. (Closes: #870154, #870156)
   * Fix CVE-2017-11641: memory leak during writing of Magick Persistent Cache
     (MPC) files. (Closes: #870155)
   * Fix CVE-2017-12935: invalid memory read during processing of large MNG
     image files. (Closes: #872576)
   * Fix CVE-2017-12936: use-after-free of data associated with error and
     exception reporting. (Closes: #872575)
   * Fix CVE-2017-13737: remote denial of service resulting from defective
     calculation of number of objects in an array. (Closes: #878511)
   * Fix CVE-2017-13775: denial of service (resource consumption) via crafted
     JNX file.
   * Fix CVE-2017-13776, CVE-2017-13777: denial of service (resource
     consumption) via crafted XMB file.
   * Fix CVE-2017-14504: denial of service (application crash) resulting from a
     NULL pointer dereference triggered by a crafted PNM file.
   * Fix CVE-2017-14994: denial of service (NULL pointer dereference) via a
     crafted DICOM file.
   * Fix CVE-2017-14997: denial of service (excessive memory allocation)
     resulting from an integer underflow triggered by a crafted PICT file.
   * Fix CVE-2017-15277: information disclosure via crafted GIF file with
     neither global nor local palette. (Closes: #878578)
   * Fix CVE-2017-6335: denial of service (out-of-bounds read and application
     crash) via a crafted TIFF file with small samples per pixel value.
   * Fix CVE-2017-9098: Fix information leak resulting from uninitialized
     memory in the RLE decoder. (Closes: #862967)
   * Fix CVE-2017-15930: NULL pointer dereference and segmentation violation
     via crafted JPEG file. (Closes: #879999)
   * Fix CVE-2017-16352: heap-based buffer overflow found in the "Display
     visual image directory" feature.
   * Fix CVE-2017-16547: denial of service (negative strncpy and application
     crash) or possible other unspecified impact via a crafted file.
   * Fix CVE-2017-18219: denial of service via a crafted file that triggers an
     attempt at excessive memory allocation.
   * Fix CVE-2017-18229: denial of service (memory exhaustion) via a crafted
     TIFF file.
   * Fix CVE-2017-18230: NULL pointer dereference and denial of service via a
     crafted CINEON file.
   * Fix CVE-2017-18231: NULL pointer dereference and denial of service via a
     crafted EMF file.
   * Fix CVE-2018-5685: denial of service (infinite loop and application hang)
     via a crafted BMP image file with a crafted bit-field mask value.
   * Fix CVE-2018-6799: denial of service (heap overwrite) or possibly have
     unspecified other impact via a crafted image file, because a pixel staging
     area is not used.
   * Fix CVE-2018-9018: denial of service (divide-by-zero and application
     crash) via crafted MNG file.
   * Note: CVE-2017-16545 was fixed in version 1.3.20-3+deb8u3 by the same
     patch that fixed CVE-2017-16669.
Checksums-Sha1:
 741649a364ec7561ee9b30bd015acfb82f16300c 2802 graphicsmagick_1.3.20-3+deb8u4.dsc
 ca9423b5ea1284f61b8fdceee2cffbbd37a1b836 208888 graphicsmagick_1.3.20-3+deb8u4.debian.tar.xz
 2186fe9dfc564a20d387b0a0d8481290f0664344 29222 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u4_all.deb
 b1d2dbe93712ce3c845cf260c19ea795706e6fcf 32728 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u4_all.deb
Checksums-Sha256:
 a519d8b851eb519957c5b225fdd893368335634316a73871c525200ecfd2a4c0 2802 graphicsmagick_1.3.20-3+deb8u4.dsc
 1bf7507511310dae1ad25feb31f5109223d07a3051649544142ede8901c69099 208888 graphicsmagick_1.3.20-3+deb8u4.debian.tar.xz
 42741e97f144677826cb788239442ab5b356ec499cdb6264fcef60f647a1b264 29222 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u4_all.deb
 1c328b091ce008c293e58d7220b39d00c14d8bac037b1935feca2dc05c8ef00d 32728 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u4_all.deb
Files:
 d73d7c3589972f975ebcac1558560b7b 2802 graphics optional graphicsmagick_1.3.20-3+deb8u4.dsc
 8e1fc636a51513d2d10d446d9717eb0f 208888 graphics optional graphicsmagick_1.3.20-3+deb8u4.debian.tar.xz
 2921624b8a3ea7757fead7413da9201e 29222 graphics extra graphicsmagick-imagemagick-compat_1.3.20-3+deb8u4_all.deb
 303b53fc547a2e7f30f6c2ee03c32412 32728 graphics extra graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAltjDO0ACgkQLNd4Xt2n
sg+qNRAAiakkK9EwktPnwsi9lBH75CNjs/hWmEmaH45EuAv1dGub60t9rCOx/SY1
4DfYZyA4CQkAn2791jThGvYcFHyJa7DHL3lPBX+PoBOoIE2ztMAlnq6PJhcz+clf
thz9Rr41Zu8AKpxi6s1HwFroQimPzuJR3ofJ7VoSpdIhTLOHtcvl9KtZ7+i/HrU8
asux67J+tLV9CmRRnyBsW5hvO+9KZ7IGEC5N9IJpIrWCcHH5LNkZPOajPg6csMTb
SUwfneOhGaXc7cYJc3m9Y6/Jc9uIdXXmLvNMZUAc8FGqrE2I8IxZ5Es5U+VUZk1R
Ud87yBlwVxOBV8HfTM8kqsk1i6U7agxlXu+5byooC1pRokUp68pWiqohDZNX/nsD
6we4fz+4C/qxQi5zMyydz3gWYmv+1HrFE6RpyOCSvS+VMFBrrKCfFiRfI8qp40LM
fvWcQHzvh/6nleWtu8rKAbFw0VaW/w3FWpBqkaZch52VOWC3SaY+fEQXqo5ByVIo
Q814r288HZ6TUpkSn3USxCQt5sNfA/zRGTTAMM1McyD2d924SZRWu16AqwyQtSFR
NUdn2rDE4gYUxsvwZTsr8zdvPuYsR7RnFdnwv9XGhZKCezJ6LjdlqpvJkmOiVzPG
HbBhaiNwF6GKviYgwD/9qYf4ww+fiXWcWwmFgFzfMkHpA+ZEkJc=
=l9UG
-----END PGP SIGNATURE-----