-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Sep 2019 19:03:02 +0200 Source: cimg Binary: cimg-dev cimg-doc cimg-examples Architecture: source all Version: 1.5.9+dfsg-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Science Team <debian-science-maintainers@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: cimg-dev - powerful image processing library cimg-doc - documentation of cimg-dev imaging library cimg-examples - examples for cimg-dev imaging library Changes: cimg (1.5.9+dfsg-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-1010174 Loading a special crafted image can lead to command injection, as no string sanitization is done on the url. * CVE-2018-7588, CVE-2018-7637, CVE-2018-7638, CVE-2018-7639, CVE-2018-7640, CVE-2018-7641 A crafted bmp image can lead to a heap-based buffer over-read in load_bmp(). They are different CVEs as each occurs in different image types. * CVE-2018-7589 A cafted bmp image can lead to a double free in load_bmp(). Checksums-Sha1: 7c29fbf90fa129a6fe6d873769a018e6fcc2ed3b 2418 cimg_1.5.9+dfsg-1+deb8u1.dsc e56a8a3898d21e7a7a8b94495c5abdf4a1ec35b2 9764160 cimg_1.5.9+dfsg.orig.tar.xz a908c011d96744592581bbaf83bccb150a690b65 44768 cimg_1.5.9+dfsg-1+deb8u1.debian.tar.xz d71685b73caf6d3b8a372e396f43d75a449ad8bf 380722 cimg-dev_1.5.9+dfsg-1+deb8u1_all.deb 8e63c06991c9c15f2f7b464b19fa3543826d4044 7348202 cimg-doc_1.5.9+dfsg-1+deb8u1_all.deb 640a6c8a3ea3b3cb1fff00be660f671ce121ed8a 2085062 cimg-examples_1.5.9+dfsg-1+deb8u1_all.deb Checksums-Sha256: 0f87f44684dea9ebc295a09077f171ec99f5064577e123e64680ab643151d849 2418 cimg_1.5.9+dfsg-1+deb8u1.dsc d4184ab11c5c2525b87d5a680c578e6516f8a56a90cc8b577ac40e03239c36a6 9764160 cimg_1.5.9+dfsg.orig.tar.xz b122642b751f927babf3eba315f2e69cbc1ce3a6b445d37f4c3cb366b48bb320 44768 cimg_1.5.9+dfsg-1+deb8u1.debian.tar.xz 237e5ad79dfafef71ce7b0a082a7d67cb9c0a868ab5ade0bbd4e640ae10ed7a5 380722 cimg-dev_1.5.9+dfsg-1+deb8u1_all.deb e102c63495b8f22d5b9939cf101bbb74dd8b9abcdb7fd3291a1a7f884e1fc272 7348202 cimg-doc_1.5.9+dfsg-1+deb8u1_all.deb 0ca8bb902c5969f6bd4c97f2d672b802b69d7ab384810047dcab5041fe66d134 2085062 cimg-examples_1.5.9+dfsg-1+deb8u1_all.deb Files: c00f44df1a1dd53ec4c7341887343676 2418 math optional cimg_1.5.9+dfsg-1+deb8u1.dsc 2f9b2f1a26134347e611688433d01ad1 9764160 math optional cimg_1.5.9+dfsg.orig.tar.xz 9dbeca71d9db9e4f505dc48820c5bf84 44768 math optional cimg_1.5.9+dfsg-1+deb8u1.debian.tar.xz 51ae1faaff223ed41d13f9cf04396a47 380722 math optional cimg-dev_1.5.9+dfsg-1+deb8u1_all.deb 2929e44cd51de49524eb0b8e1ada8ce9 7348202 doc optional cimg-doc_1.5.9+dfsg-1+deb8u1_all.deb 4ed9d53613f15f1b31b929307bb858c5 2085062 doc optional cimg-examples_1.5.9+dfsg-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2PH91fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRyzSD/wNTD4WpEpGx+0BcQz9yEz88Y+coAcM tjMvqfMTEJYPgfbJYqTjtwf32B2as+u8p+Ol09r/E+RFN+wjJt5RoSpsZCtj5ysW YYBU4FdHLM/KhDerk7uwR9FXioEKWVlpGrEuo6NVVMsEidlhrmCwBXtgB09zQmwZ 5+T9x9SJKHCxAnafRdfwSJuB8ck6KNyLdWIyZBZxPPWoJi7qAIUMWCyTx5EO2p78 l5iY40S03PbOF+lKGu6vOHPP0k6mfCXonTz415Wptiqj2vX4t9jLh4BHHzPjqvMg XmcDhcrwFC3tymGCTESFx1Q7c7qE/n1C0Q3Or+M5eyMG6Xjo8xgp83Ov0Fe9tK9r OIlT4x3Phz+0r31QI3SSn+qc0CdaR66sLNxTNqy3MymvplP3ssrUMucipnLsAGJH Yid4rU/H7IRTrTRxYOktp5lKMlbtk4VnRO4SMhelBTrz9rH+J4oXg9CTAGLql9eh Yx0es804ZkhpydlPQaG8T0p+7z/fLwm4M2iwTB8AnVEKqx1ppw/6pwWi+2N0mgbO bAzbpAk4+JD2up20hSod14Ch8C5Blq/EhoiV4Rhy7l2NOOzhuEb1yVUZb25YgFBj 05UDffBPTJeYuAYlaoAgRl03L0VPzz1+qvpT2Yy+PX1ZFZHKzyRs9LIRaXMeIZ0O bQOs1puZ66whGw== =QSA+ -----END PGP SIGNATURE-----