Accepted graphicsmagick 1.3.30+hg15796-1~deb9u4 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Apr 2020 21:51:48 -0400
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source
Version: 1.3.30+hg15796-1~deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
Changes:
graphicsmagick (1.3.30+hg15796-1~deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix CVE-2019-12921: remote information disclosure (attacker can read
arbitrary files) via a crafted image; fix is to remove support for reading
from a file using '@filename' syntax
* Fix CVE-2020-10938: Fix signed overflow on range check in
HuffmanDecodeImage function which leads to heap overflow in 32-bit
applications.
Checksums-Sha1:
acda2743ba7a9faad68fa3bdbb8a1ca552930a03 2870 graphicsmagick_1.3.30+hg15796-1~deb9u4.dsc
f72ebef82e97cc2ee833f3ab7b3321f295ce1807 159288 graphicsmagick_1.3.30+hg15796-1~deb9u4.debian.tar.xz
f3e0bc465d120f397930af878853f67338341930 11894 graphicsmagick_1.3.30+hg15796-1~deb9u4_amd64.buildinfo
Checksums-Sha256:
d6f865cc2aacea195741a5d1662d3a6bf9bb5649f93eb195529062b19ccb4bc3 2870 graphicsmagick_1.3.30+hg15796-1~deb9u4.dsc
7d08470c70acccb2e8bc2eacc93f58fe450e551dc06deb53b04e9d7a4c178054 159288 graphicsmagick_1.3.30+hg15796-1~deb9u4.debian.tar.xz
1da4099f293e304e43ec9ae50f124908cb65386124a4979a761cdd85c1bbc428 11894 graphicsmagick_1.3.30+hg15796-1~deb9u4_amd64.buildinfo
Files:
b3154bf48fa5eb4c3e3336679453ae1d 2870 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u4.dsc
aeada91555b0d30de9bf2856ab80d9b6 159288 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u4.debian.tar.xz
a29f3324e2f75c49af791acb929d71c9 11894 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl6WbYkACgkQldFmTdL1
kULInA//XxOz+4kyw9fCr33atoazdeWZ4PgUxKc98yOI3gl3ebS18W9O3B3mOcIP
RQNioIEIx7iWy713dfH/pjFyQIu/RtINXd2ZN0plLEytrAlIMyAqREvjTPcvu1yh
s7a93Cp4w7cG9Qfc7eFl+5+hanKmPpXIcfDX0ZpqEKI+oDbkY2WDQHy2r1MAlD0k
NNSFiX3cSjwuLLa2GOofsZOz1Vd0QR0snwt++w9tKIffTNalFWVC+fPZCMQwzKOj
2Trm1+Pltlzna08Oi/AD2+AK+71QQqsaylEDvi/6bklRDjr3D5RVSL+mT60F+jMb
RLNwE0F0NONzwUqD5FBkWE5K3K0DDJqTLaTnIdJG7OwBpneyrhv4Q/aOeaXGUxpO
X8JpiIpqq9jCOr2JsGhTy8jYckBMaONVf+vlD+M4qbi8nD9ivxbzDya4tMD5Eiuo
q8iLl/RbPVtcM3Q6U5Ug2LIRFmlUX9LOdyI17kNdfiIaMC3V0z8s45kyKAO7Nmfs
0m0WvXffeLkezxfb54FOiMD/eLDwRejQx/UkfpXs+ZsyhgjtwvlCFDcU67mxXGVM
zmfKKa+VLC3Ipsmoqou9PZQzOUkE0AYSdwkhGWE9le8izGvkdG7Ogsu/K6JOoyZQ
2mYQfDejg4o+oT0YePwbbSDUAWLVxhpIxnufPe8STksQg3/vNNc=
=tEYG
-----END PGP SIGNATURE-----