-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Apr 2019 23:25:51 +0200 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.20-3+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick++3 - format-independent image processing - C++ shared library libgraphicsmagick1-dev - format-independent image processing - C development files libgraphicsmagick3 - format-independent image processing - C shared library Changes: graphicsmagick (1.3.20-3+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2017-10799: When GraphicsMagick processes a DPX image (with metadata indicating a large width), a denial of service (OOM) can occur in ReadDPXImage(). * CVE-2019-11006: In GraphicsMagick exists a heap-based buffer over-read in the function ReadMIFFImage which allows attackers to cause a denial of service or information disclosure via an RLE packet. * CVE-2019-11007: In GraphicsMagick there is a heap-based buffer over-read in the ReadMNGImage function which allows attackers to cause a denial of service or information disclosure via an image colormap. * CVE-2019-11008: In GraphicsMagick there is a heap-based buffer overflow in the function WriteXWDImage which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. * CVE-2019-11009: In GraphicsMagick there is a heap-based buffer over-read in the function ReadXWDImage which allows attackers to cause a denial of service or information disclosure via a crafted image file. * CVE-2019-11010: In GraphicsMagick there is a memory leak in the function ReadMPCImage which allows attackers to cause a denial of service via a crafted image file. Checksums-Sha1: 4045df98b71cfc8795fbc35d4a119cda29f35219 2985 graphicsmagick_1.3.20-3+deb8u6.dsc 9e81850b3c7a56ddff4a007f61aebf9e8f398718 215852 graphicsmagick_1.3.20-3+deb8u6.debian.tar.xz 23a27de02707dadbcd316cc222358f2b1e659d93 796868 graphicsmagick_1.3.20-3+deb8u6_amd64.deb 70ac4618418292a2c22ad95d955d3f3a8df13577 1108746 libgraphicsmagick3_1.3.20-3+deb8u6_amd64.deb 3f61b44d7feba893ed74c7c5826510f14884c167 1295518 libgraphicsmagick1-dev_1.3.20-3+deb8u6_amd64.deb 28fb3f5782c6b940c2ed3de6e110e9a7e5e7e153 119590 libgraphicsmagick++3_1.3.20-3+deb8u6_amd64.deb 7e35d833fa772c914c4c8424faf12b2fdebb6243 302090 libgraphicsmagick++1-dev_1.3.20-3+deb8u6_amd64.deb badf73e85eef99b0714d61f40cd5f86a4e70b111 77458 libgraphics-magick-perl_1.3.20-3+deb8u6_amd64.deb 1de9fa4444c831083f7bee4fe1d721cd17dbf881 2224266 graphicsmagick-dbg_1.3.20-3+deb8u6_amd64.deb 60304117bc6285ed1cee3f35ab4f6aae8cabed30 29606 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u6_all.deb f7336ae41719396af7a957ecee2cabb36efec31f 33056 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u6_all.deb Checksums-Sha256: 195a0d7c4d0e21d0d2e8f556af06403217698bab08e0c00d7c63de0d4cad1d52 2985 graphicsmagick_1.3.20-3+deb8u6.dsc 299065d2f01dd3547f4e7202df13079daa33cba0ab6c570a56b6cc538d9d4372 215852 graphicsmagick_1.3.20-3+deb8u6.debian.tar.xz 29b0ccb014cc023722686e1bb6d639a51421ecb56a9711265effd0dd5b509891 796868 graphicsmagick_1.3.20-3+deb8u6_amd64.deb 794dcbb227cff2b7b5e56c30a5c14fb417b7daea403dccb57f3e43a7a0c8664e 1108746 libgraphicsmagick3_1.3.20-3+deb8u6_amd64.deb 1bba03b2cc2b1557f3cf74667b2df8a952dceb29df665229de1909a444cd2260 1295518 libgraphicsmagick1-dev_1.3.20-3+deb8u6_amd64.deb 6f686829a3b9a5137865e04132467d3709914447fdfa108c0e003744e359b904 119590 libgraphicsmagick++3_1.3.20-3+deb8u6_amd64.deb f1b2a1e0ecfd7605bd42d9b60d14c7cdf6f8623d9698cd0f696354fe0e1eb442 302090 libgraphicsmagick++1-dev_1.3.20-3+deb8u6_amd64.deb b50279d6cadbef90fe67430a86736b14daaa03f3b5877f0a241caf5b32b07542 77458 libgraphics-magick-perl_1.3.20-3+deb8u6_amd64.deb 8bf419c06c9cc13df3c889c42d0e24347259e23f4884f9e4ff622e295a425b41 2224266 graphicsmagick-dbg_1.3.20-3+deb8u6_amd64.deb 2eb131de490bf9807b6579228c3609f099fbd09f93cafdaefa5abb2bed55772b 29606 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u6_all.deb 5c1f16c6de6c7d616d192b72236b40689f48920cf792b24eb2b4a9ed0d4777b8 33056 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u6_all.deb Files: c44f7a36c7c6cfda44a426acb5243730 2985 graphics optional graphicsmagick_1.3.20-3+deb8u6.dsc f536b12736f7a78edea71a121a94975d 215852 graphics optional graphicsmagick_1.3.20-3+deb8u6.debian.tar.xz df7139ec569cb8b7a49b311dbf0e465c 796868 graphics optional graphicsmagick_1.3.20-3+deb8u6_amd64.deb 5fef3d62e86dee95cd04c0f254bd2fa6 1108746 libs optional libgraphicsmagick3_1.3.20-3+deb8u6_amd64.deb 812b89b2d2ad0a7b480eb451d2048178 1295518 libdevel optional libgraphicsmagick1-dev_1.3.20-3+deb8u6_amd64.deb 135480073a334cd5bb95c139af564fa8 119590 libs optional libgraphicsmagick++3_1.3.20-3+deb8u6_amd64.deb ab77d0924c2b0209a54ff80ad0c2acd1 302090 libdevel optional libgraphicsmagick++1-dev_1.3.20-3+deb8u6_amd64.deb e22588eddf2a9fcfefa1472262dabfa1 77458 perl optional libgraphics-magick-perl_1.3.20-3+deb8u6_amd64.deb 9dcf4c288e6c75ae6c6407999f83690f 2224266 debug extra graphicsmagick-dbg_1.3.20-3+deb8u6_amd64.deb 1c8e653a647966ef79fcad14af4cf416 29606 graphics extra graphicsmagick-imagemagick-compat_1.3.20-3+deb8u6_all.deb b74de558c79166e243fbf3edc98f14ad 33056 graphics extra graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u6_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyyVihfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk30EP/R6lcDhSawmqIdKdhtIQJh2OTimXQdAjZJJD awl87DG41UWbnUbgp20MYBmyqlJv7+YpoK7WJ2BxmuC0Y/r3OX7I9atE3HNPB2Vi 0EtBSQO0txAfp7g2LpwHNYSUsy4W4byjJPVIzd5ofG5LLSDgI8uJm/VxwmWLRJwh Fwx6GcF116lSVxAUNuLNbukZs4USol90moZrEU6HN8gY+o2Bjgcjb31rUxbu+9PQ UEUoy+RK04ZjLjiEAP7kj+XhDH6gEuZhvVcOMCP4mrZUrUurhhkV6JtnMmGUvQ7S pBYe150RQ6vhhAcSRYtNUD99QM+TkWneFexFVO4R6JwS8dtFQQvxM2odcKr7l+N/ LHKR7G9CGpLr45Kx24qpwuLpk85MhY73H2lck5h7ysZyKHLoKPz6kRRV90jwPOJ+ o11hJjeSrB9RuY2EuvsRya+oo1vdEHzp/vmdLVhpOTVnGpgHZR7LpdYOCmTcKO3n VP/1WNwN0qRknhCmaEu/+yOWlZDbkI7Xl4878B5H2eFaEtJV1YWso7kM7YBVkY3E 725hIx4A/Z4c8eNxL2Zek0OTPfZ/72ddOvTrLdPMno+iwdz9+dlbWzscrxHS4Nkv yfgSMfl7OJnM3e2Vd6+p2oprIIz0eNBw/C47oPLh31kBZnunmSGH8D4D7R/f2LLC IZzgPel0 =qwV+ -----END PGP SIGNATURE-----