-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 14 Apr 2020 21:51:48 -0400 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source Version: 1.3.30+hg15796-1~deb9u4 Distribution: stretch-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.30+hg15796-1~deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2019-12921: remote information disclosure (attacker can read arbitrary files) via a crafted image; fix is to remove support for reading from a file using '@filename' syntax * Fix CVE-2020-10938: Fix signed overflow on range check in HuffmanDecodeImage function which leads to heap overflow in 32-bit applications. Checksums-Sha1: acda2743ba7a9faad68fa3bdbb8a1ca552930a03 2870 graphicsmagick_1.3.30+hg15796-1~deb9u4.dsc f72ebef82e97cc2ee833f3ab7b3321f295ce1807 159288 graphicsmagick_1.3.30+hg15796-1~deb9u4.debian.tar.xz f3e0bc465d120f397930af878853f67338341930 11894 graphicsmagick_1.3.30+hg15796-1~deb9u4_amd64.buildinfo Checksums-Sha256: d6f865cc2aacea195741a5d1662d3a6bf9bb5649f93eb195529062b19ccb4bc3 2870 graphicsmagick_1.3.30+hg15796-1~deb9u4.dsc 7d08470c70acccb2e8bc2eacc93f58fe450e551dc06deb53b04e9d7a4c178054 159288 graphicsmagick_1.3.30+hg15796-1~deb9u4.debian.tar.xz 1da4099f293e304e43ec9ae50f124908cb65386124a4979a761cdd85c1bbc428 11894 graphicsmagick_1.3.30+hg15796-1~deb9u4_amd64.buildinfo Files: b3154bf48fa5eb4c3e3336679453ae1d 2870 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u4.dsc aeada91555b0d30de9bf2856ab80d9b6 159288 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u4.debian.tar.xz a29f3324e2f75c49af791acb929d71c9 11894 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl6WbYkACgkQldFmTdL1 kULInA//XxOz+4kyw9fCr33atoazdeWZ4PgUxKc98yOI3gl3ebS18W9O3B3mOcIP RQNioIEIx7iWy713dfH/pjFyQIu/RtINXd2ZN0plLEytrAlIMyAqREvjTPcvu1yh s7a93Cp4w7cG9Qfc7eFl+5+hanKmPpXIcfDX0ZpqEKI+oDbkY2WDQHy2r1MAlD0k NNSFiX3cSjwuLLa2GOofsZOz1Vd0QR0snwt++w9tKIffTNalFWVC+fPZCMQwzKOj 2Trm1+Pltlzna08Oi/AD2+AK+71QQqsaylEDvi/6bklRDjr3D5RVSL+mT60F+jMb RLNwE0F0NONzwUqD5FBkWE5K3K0DDJqTLaTnIdJG7OwBpneyrhv4Q/aOeaXGUxpO X8JpiIpqq9jCOr2JsGhTy8jYckBMaONVf+vlD+M4qbi8nD9ivxbzDya4tMD5Eiuo q8iLl/RbPVtcM3Q6U5Ug2LIRFmlUX9LOdyI17kNdfiIaMC3V0z8s45kyKAO7Nmfs 0m0WvXffeLkezxfb54FOiMD/eLDwRejQx/UkfpXs+ZsyhgjtwvlCFDcU67mxXGVM zmfKKa+VLC3Ipsmoqou9PZQzOUkE0AYSdwkhGWE9le8izGvkdG7Ogsu/K6JOoyZQ 2mYQfDejg4o+oT0YePwbbSDUAWLVxhpIxnufPe8STksQg3/vNNc= =tEYG -----END PGP SIGNATURE-----
