-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jan 2020 19:03:02 +0100 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.30+hg15796-1~deb9u3 Distribution: stretch-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.30+hg15796-1~deb9u3) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-19953 heap-based buffer over-read in the function EncodeImage * CVE-2019-19951 heap-based buffer overflow in the function ImportRLEPixels * CVE-2019-19950 use-after-free in ThrowException and ThrowLoggedException * CVE-2019-11474: floating-point exception in coders/xwd.c when processing crafted XWD images. * CVE-2019-11473: out-of-bounds read in coders/xwd.c when processing crafted XWD images. * CVE-2019-11506: missing error handling primitives causes heap-based buffer overflow in WriteMATLABImage (coders/mat.c) when processing crafted Matlab matrix data. * CVE-2019-11505: heap-based buffer overflow in WritePDBImage (coders/pdb.c) when processing crafted PDB images. * CVE-2019-11010: In GraphicsMagick there is a memory leak in the function ReadMPCImage which allows attackers to cause a denial of service via a crafted image file. * CVE-2019-11009: In GraphicsMagick there is a heap-based buffer over-read in the function ReadXWDImage which allows attackers to cause a denial of service or information disclosure via a crafted image file. * CVE-2019-11008: In GraphicsMagick there is a heap-based buffer overflow in the function WriteXWDImage which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. * CVE-2019-11007: In GraphicsMagick there is a heap-based buffer over-read in the ReadMNGImage function which allows attackers to cause a denial of service or information disclosure via an image colormap. * CVE-2019-11006: In GraphicsMagick exists a heap-based buffer over-read in the function ReadMIFFImage which allows attackers to cause a denial of service or information disclosure via an RLE packet. * CVE-2019-11005 stack buffer overflow while parsing quoted font family value * CVE-2018-20189 assertion failure in ReadDIBImage * CVE-2018-20185 heap-based buffer over-read in the ReadBMPImage * CVE-2018-20184 heap-based buffer overflow in the WriteTGAImage Checksums-Sha1: f809ca515ac2a8ad82e8e699e419828f1d730929 3029 graphicsmagick_1.3.30+hg15796-1~deb9u3.dsc e2a3a50bb3c609f4625b6a2a38de46357b881fe6 27390756 graphicsmagick_1.3.30+hg15796.orig.tar.xz b143eb3aa3df9cb59f2e0a147d95426cac7dff84 157384 graphicsmagick_1.3.30+hg15796-1~deb9u3.debian.tar.xz d49a1e1e895385dc9db565c75b7754367d34617f 3421820 graphicsmagick-dbg_1.3.30+hg15796-1~deb9u3_amd64.deb 7dc0d2418c5edbbe2b9ba621006c13be2e582f02 51096 graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u3_all.deb 3a343b894e9e35e3a31a48b6d4fbc3375236ac46 54532 graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u3_all.deb 23085e241040795a414d9966d14919644da2fa6c 11989 graphicsmagick_1.3.30+hg15796-1~deb9u3_amd64.buildinfo dbe0cb9d973793c7c7f3ee7e75501b9b23864a69 954098 graphicsmagick_1.3.30+hg15796-1~deb9u3_amd64.deb 60e6437310c1e6b11e6a94af25100b8b16042bc8 97866 libgraphics-magick-perl_1.3.30+hg15796-1~deb9u3_amd64.deb a457ae70e470e4e26688ec5f137105c9395e65bc 145506 libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u3_amd64.deb 6494ab9beff2c5135fb19fd9aedf39497b0c02f0 332130 libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u3_amd64.deb e8f98280f41bd11509028291d9664dc6672e2d26 1178578 libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u3_amd64.deb c831c20b21d572432d8ca20d9bd8f7bc33de1c21 1411878 libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u3_amd64.deb Checksums-Sha256: 59cf50337354c9c590161ec071ae1bcb1540200fb524edc317b0e66c7a9351e1 3029 graphicsmagick_1.3.30+hg15796-1~deb9u3.dsc b6748d7368f686c346c90b9077699568d1b60a25e820b7fe2d68168bad4c80b7 27390756 graphicsmagick_1.3.30+hg15796.orig.tar.xz 13f957e8f538aaa7a9dd86b12889cfbb0275eeb3a21d408acc77067a2c2256a0 157384 graphicsmagick_1.3.30+hg15796-1~deb9u3.debian.tar.xz ab22363b7f2131d55a7696dbef13488157c5d0da5571576802f25fd7bab168ea 3421820 graphicsmagick-dbg_1.3.30+hg15796-1~deb9u3_amd64.deb d39ebaa5450dd25f0651c82e5ead0d1c1fdac54fb3e3ff21802a8576573f1f43 51096 graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u3_all.deb 2daaefc03f9c4369978b383200e69e387274139f84e0fde67a779d6f71ae1fdc 54532 graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u3_all.deb 069edb7d8426f919940722fa241159af9b2710e6025169dcccebd1e798a8b325 11989 graphicsmagick_1.3.30+hg15796-1~deb9u3_amd64.buildinfo c5ec3f9822fe539b31e1474437340b128a78571de0f4d5c817f58b1e2bc6fe0d 954098 graphicsmagick_1.3.30+hg15796-1~deb9u3_amd64.deb 56d373d09eab76b6afd8cb92fc8d1f6d4a4bb0a8eb0ed91363ba87cae17649c8 97866 libgraphics-magick-perl_1.3.30+hg15796-1~deb9u3_amd64.deb 1e805eb6d7d792b714694834ad980ff68d339ef8476f4af01531f1d9faab8eb3 145506 libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u3_amd64.deb ccb34cf339d7465392112444c91867509571e7afa8ae64e42d08dfbe49301628 332130 libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u3_amd64.deb 46c93371aa69e80fe88f163144b07e80a77763a446d433872dbb6f9aaa1fc2d4 1178578 libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u3_amd64.deb c7e141a56acf0aa8759b2fc2521ee8ee9764a8bb53be1ede897f1a635d45aeee 1411878 libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u3_amd64.deb Files: 32b1d457fd5bcd3aa01dfa47bde33105 3029 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u3.dsc a03ab1fdd46b33ad7d45a56289ec7ba2 27390756 graphics optional graphicsmagick_1.3.30+hg15796.orig.tar.xz 0422fa81759b3b8b7bd7a72e25494b4b 157384 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u3.debian.tar.xz cd6dfcd1b030fe3fdfdc84283f92008b 3421820 debug optional graphicsmagick-dbg_1.3.30+hg15796-1~deb9u3_amd64.deb 46df9768d48ed9bb259ebfd248346694 51096 graphics optional graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u3_all.deb fdd0761bdac365ecf54b83c7f650450a 54532 graphics optional graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u3_all.deb d4702bce3eab1bce4fe78f0b4f285955 11989 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u3_amd64.buildinfo 9bd9737712144084a63d4a91a0835115 954098 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u3_amd64.deb f0490aa687d6e53ca276a22e7effec56 97866 perl optional libgraphics-magick-perl_1.3.30+hg15796-1~deb9u3_amd64.deb eeae7c092b8be73825b39da2720236d0 145506 libs optional libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u3_amd64.deb 5894be0e6f4386092bb23bdf2a1530f4 332130 libdevel optional libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u3_amd64.deb 3b9047fb6fdde2ed3a200d19febc3442 1178578 libs optional libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u3_amd64.deb 4fc4d4d7d7180bc04925f20c5dfd725d 1411878 libdevel optional libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl5mWUhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR5kzEACd2E7LfBXpRnFSxYbHPAmJ8l0pgCGv tl/iFZ0SeZviGFi6dKvc5zCUOpPOfJ8Dn8aamNnwIkt39dg9Ocl9Nc6zUnpwHRh8 hxJ7gSrT3uMrCkt2BlG7uYcDw24b8JSzJ/fphqT7siWvsUlEP+sjf/CW+YZZZ4qB ADYl8nXdKLQ7r5JU7G8JEYTL20BqhWTeFV4x1EtNXVNZbJqK8cR2lknJqFZ1GsDa wMzG3NK5NvAiYiJUFV2JFqmnCs6hRli6GVtbvtexrX1Pscz/pZJ7VQHi9nYFZAsE gXSSL2szFHO1EbMdQoAFr86tyTdJ1MxQsYhhFSx6cNTrQi3BdMtPFN1ypWDqEnKN pelVvGcFAZW9Okvy3ZOUB6AzsHjKv6SpZcxhimKAk4N2D2aqZ19ep7Rh7L1XeMPp IYciGhbCgDwsXDQmYcyH9VPEjReG56OCdEGqxK2wvCdtlDVO1TSZKQbqTpl2959E mJ2u9VjIj8XqA2RwRUHA4j2GmrS84JcSPvyxhijxn45QRkNiPhMgDamZjqkPXfNg jQYGSB+VBI0cXl6GFNtUW8L8mR/LznCtUN85keEpp7xpgmaxffXQSraOX2Du47hH A3gU6F+1mRU/9IZ0twWb/hn0rNkIvRbx9oFJsQheLJod4/M3WLdua4vJY3ME6U3j sSPpgj4ThLrO0g== =AG9L -----END PGP SIGNATURE-----