-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Oct 2020 19:03:02 +0200 Source: cimg Binary: cimg-dev cimg-doc cimg-examples Architecture: source all Version: 1.7.9+dfsg-1+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Science Team <debian-science-maintainers@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: cimg-dev - powerful image processing library cimg-doc - documentation of cimg-dev imaging library cimg-examples - examples for cimg-dev imaging library Changes: cimg (1.7.9+dfsg-1+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-1010174 Loading a special crafted image can lead to command injection, as no string sanitization is done on the url. * CVE-2018-7637, CVE-2018-7638, CVE-2018-7639, CVE-2018-7640, CVE-2018-7641 A crafted bmp image can lead to a heap-based buffer over-read in load_bmp(). They are different CVEs as each occurs in different image types. * CVE-2018-7588, CVE-2018-7589 A cafted bmp image can lead to a double free in load_bmp(). Checksums-Sha1: adb34c161c4a2794619b4d7398cf3f0c710ebace 2530 cimg_1.7.9+dfsg-1+deb9u1.dsc 973beadd86054c6d7a0d1c59c4516a9ecbce7882 8944172 cimg_1.7.9+dfsg.orig.tar.xz 5f9e742d04b2badfe1d27c03f7254cbafe082fc0 18748 cimg_1.7.9+dfsg-1+deb9u1.debian.tar.xz a99079b6ff9d581f2a87200bc814bad68141200e 435988 cimg-dev_1.7.9+dfsg-1+deb9u1_all.deb 4e1262a41734790222f38c1d8d180bac3d1a492f 7808672 cimg-doc_1.7.9+dfsg-1+deb9u1_all.deb d0f07cadda2d870a3a306b6a5d26614d203f85d5 1981276 cimg-examples_1.7.9+dfsg-1+deb9u1_all.deb f74a571f55205b514d7bfebcae228d85e2734d1c 18547 cimg_1.7.9+dfsg-1+deb9u1_amd64.buildinfo Checksums-Sha256: c4423132f3ab9e70cf6c2bb59837f588527265fe31cb3356294e89870e22a592 2530 cimg_1.7.9+dfsg-1+deb9u1.dsc e8f49f4c30a9bc6fb21c9c06b2f8fc403b71098df7add29f1a6fa34b423fe8ff 8944172 cimg_1.7.9+dfsg.orig.tar.xz 1ab80c86c79d1806bf2c738ba5baa13de27497c5a303386fd7fd552fa7780931 18748 cimg_1.7.9+dfsg-1+deb9u1.debian.tar.xz 6d468f7c2040ebebb0d8cdffa1fc70446c47111648c126d8c49d91e7a917bdf2 435988 cimg-dev_1.7.9+dfsg-1+deb9u1_all.deb 05a0a6ae7d29897a67b10d472e30a7ed589395f3bad3c63e18b1b28163e16b4d 7808672 cimg-doc_1.7.9+dfsg-1+deb9u1_all.deb 47c2011e01387c1b59d26e94a2f4b34e482ecc92eb0dc61ec5a7ae6a824f9e4d 1981276 cimg-examples_1.7.9+dfsg-1+deb9u1_all.deb 35a713a6e9bb60724c8dba21113799414f5ce75b731b647e4f54f403d0e65b6b 18547 cimg_1.7.9+dfsg-1+deb9u1_amd64.buildinfo Files: e64b0cdcd6e7e3dd51e1ca6de42d8776 2530 math optional cimg_1.7.9+dfsg-1+deb9u1.dsc b9998f41833b827bc2d901fd399cb0eb 8944172 math optional cimg_1.7.9+dfsg.orig.tar.xz 80d9afc28ae0ab238bfcf71d6fc4f08a 18748 math optional cimg_1.7.9+dfsg-1+deb9u1.debian.tar.xz a0e829e0bd982ac2d27d2307843c7f7a 435988 math optional cimg-dev_1.7.9+dfsg-1+deb9u1_all.deb a150fdd9552dd3464ba2b3c119a49e00 7808672 doc optional cimg-doc_1.7.9+dfsg-1+deb9u1_all.deb a54ef6049054205e0199e6c806e87257 1981276 doc optional cimg-examples_1.7.9+dfsg-1+deb9u1_all.deb 26cc2b0e928672c8240b898a7714f5b7 18547 math optional cimg_1.7.9+dfsg-1+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl+cLr9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR7oxD/wPebZAM9FDILfRdaFTSga3Z9eQGfdC gZxjHc0M+gd9IZ+1lc0mkWMIdj4g2kuQDU3MMT6BQGC/KX5FgdoIdp+EWFl3GTcF +nuQ7ZwJMUaxMuYPmpvZB0XIGkLCwPLsftQRJ7rGMOwp24Dj4Y57M4WbF43yop+8 /IwKxc8f8P4H+lXq8u1BU4PonGnh5FcMhpfEqAWNDgxtK7+/2W/JbccEa+BqNB5Y MBrGLK/vbEAYwnmur35fXYnTGOwyd+lZanrNSbSbS/6mnpXmDRmHIp6xlncImOyB 4sFlhjz0Bm9JSR64H74MLyYwFGdVu8F0kxGGgTeoe3EWtws3G0390Asqiph1OBET E7ufhbkbQEpswgKWAaoMZfwtVZ1nbt0OaJXtfL/L+sn5T9SEfuZh4U5BQSyQ0IKq eDMRojomM0B0Z5fIDB+cLq/kfV5YbqFyBVP2RO7m4lRvZLUaV35QIEow2w9uINbW Tz9L5QZFnBnnyhSfSKAEZYkHLURGzrBzidlFbGRiSKY2dR7uX0yD5gtvgVla5ZAX h93atsgxAosxeSHAL/zu05lBgf1Q24m2XKkV+WQ/rrOqpR0y21aj/7PUgRGMElEn KDkeCEDoTwMfLzXi6CgrqzF4NUTZKo8qXeFS4apk0GfGTO5e8NPVJBUIMKNxi458 lv6hug0nC4BJ8A== =5c/s -----END PGP SIGNATURE-----
