-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 31 Aug 2017 18:06:45 +0200 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.16-1.1+deb7u9 Distribution: wheezy-security Urgency: high Maintainer: Daniel Kobras <kobras@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick++3 - format-independent image processing - C++ shared library libgraphicsmagick1-dev - format-independent image processing - C development files libgraphicsmagick3 - format-independent image processing - C shared library Changes: graphicsmagick (1.3.16-1.1+deb7u9) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2017-13776 and CVE-2017-13777 denial of service issue in ReadXBMImage() * CVE-2017-12935 The ReadMNGImage function in coders/png.c mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. * CVE-2017-12936 The ReadWMFImage function in coders/wmf.c has a use-after-free issue for data associated with exception reporting. * CVE-2017-12937 The ReadSUNImage function in coders/sun.c has a colormap heap-based buffer over-read. * CVE-2017-13063 and CVE-2017-13064 heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c * CVE-2017-13065 NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c Checksums-Sha1: 0bf6386bae67469e3ae836729ecebc26ef0f6c0e 2841 graphicsmagick_1.3.16-1.1+deb7u9.dsc f2ec0392d7a7d5cbe0d5bdff2931edbacedd73e9 8736761 graphicsmagick_1.3.16.orig.tar.gz 65bfd476315a9bf3ce4c855d427857872c012bed 196019 graphicsmagick_1.3.16-1.1+deb7u9.debian.tar.gz ce1956762674bef1aae496c3744a793e242fcaf3 1034266 graphicsmagick_1.3.16-1.1+deb7u9_amd64.deb bcc71e2cf11c94346c6bff8f7b5868782510dc1d 1325954 libgraphicsmagick3_1.3.16-1.1+deb7u9_amd64.deb d02bc7f8637ed904644447bbb0cd4b4747eda814 1821852 libgraphicsmagick1-dev_1.3.16-1.1+deb7u9_amd64.deb dff8100c5c79a1212bd8164542e87778837ac165 154932 libgraphicsmagick++3_1.3.16-1.1+deb7u9_amd64.deb d26d48344ef352a68dba354b82a61cbaea812333 406448 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u9_amd64.deb a9239d343e99f6818a6712141e9f3db53a2027e1 83774 libgraphics-magick-perl_1.3.16-1.1+deb7u9_amd64.deb 659e485932b2a46b3cfa66b7c982fef806af8d8e 3268912 graphicsmagick-dbg_1.3.16-1.1+deb7u9_amd64.deb 743277539bd3ff42e1a5ce0e8c34045353c9a5c1 18414 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u9_all.deb cdc5e024f17184178b9caaaeb80a30c25f937d1b 21922 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u9_all.deb Checksums-Sha256: 22f0740bdba984695d7bc3633934cb078a1f6624f00e67ab9c1c3aa62f3a82e8 2841 graphicsmagick_1.3.16-1.1+deb7u9.dsc ae2229370926dea6c2423cc1adaf551d33f38102677332294439365aaac1514b 8736761 graphicsmagick_1.3.16.orig.tar.gz 25fa73c7e59eef78d9ce5eb8d877e6a48fbf56514c97ffb32b651e986db9b07b 196019 graphicsmagick_1.3.16-1.1+deb7u9.debian.tar.gz ec1c2d2b11cfdae1e956dc09199289bc5bd3c0704e9b2f7c5986279664a099e4 1034266 graphicsmagick_1.3.16-1.1+deb7u9_amd64.deb 28efc8dcb97fe26f81439d9aabe3ca8493bec5ac858b2a156319b136537868a5 1325954 libgraphicsmagick3_1.3.16-1.1+deb7u9_amd64.deb a23101e414f358e33ce8a56de4aa853ab1e068df8ae34859c06da5446df83287 1821852 libgraphicsmagick1-dev_1.3.16-1.1+deb7u9_amd64.deb 32fd3bed94bb8a96c493df29f8a61d52162ae18a3ffd8930ee01a3a7cbd41a42 154932 libgraphicsmagick++3_1.3.16-1.1+deb7u9_amd64.deb ece3b5b5081fdfae0d94bcfc9df0fb9aa49ac6681a5ef1b3fba8e58ea77cd78f 406448 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u9_amd64.deb b29305e6edc53c3ebccf3a296be228ad4dc8cdf1e29b6af99471e72a7fb279bc 83774 libgraphics-magick-perl_1.3.16-1.1+deb7u9_amd64.deb 211c775699dd571150002cb0ce0d8588328c6aced12bc38cb8ffe6460ea8fc5d 3268912 graphicsmagick-dbg_1.3.16-1.1+deb7u9_amd64.deb d8e1a6b00997631727f0266289fde935bbc8f835bdd73c5352e1daf2942c7ff2 18414 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u9_all.deb 70c3a70dc2090c5607e8c179327054b113d1afdb82d49cc74c1b37f87e139b7f 21922 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u9_all.deb Files: 75cd4a2f24736a394a14c7232d29f998 2841 graphics optional graphicsmagick_1.3.16-1.1+deb7u9.dsc 66a4b9c7af6165b5d293fed6ebe04e36 8736761 graphics optional graphicsmagick_1.3.16.orig.tar.gz 7c9f0c7577d055c7a8c9a0ec43cbb44c 196019 graphics optional graphicsmagick_1.3.16-1.1+deb7u9.debian.tar.gz 4809ea6ec48879f90209b33587f21fee 1034266 graphics optional graphicsmagick_1.3.16-1.1+deb7u9_amd64.deb 85d101c27e00858c721a5af26cd0eed4 1325954 libs optional libgraphicsmagick3_1.3.16-1.1+deb7u9_amd64.deb f073c30fdce50d67787094d1a4c462cd 1821852 libdevel optional libgraphicsmagick1-dev_1.3.16-1.1+deb7u9_amd64.deb b5b5199c825b03c7733707418887df80 154932 libs optional libgraphicsmagick++3_1.3.16-1.1+deb7u9_amd64.deb 2f0cd27cad79738d1cbd7b439b6f8589 406448 libdevel optional libgraphicsmagick++1-dev_1.3.16-1.1+deb7u9_amd64.deb e4dafcc47efacf033b5351898d827c6f 83774 perl optional libgraphics-magick-perl_1.3.16-1.1+deb7u9_amd64.deb 67a8811de5f06d019e3818bdf531ce03 3268912 debug extra graphicsmagick-dbg_1.3.16-1.1+deb7u9_amd64.deb 94bac1033c20720f0a55f118daaa3a51 18414 graphics extra graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u9_all.deb eed1e644b5aa11ac40b8da86f05b2c09 21922 graphics extra graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u9_all.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlmoUdhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR3MfD/0eMBZ5XhDlZzH1BYpKBDTiT6jLc+na xqsds0AkpctJAcmuLI8waROIe2oyHltiE4LN3/aYH3DyDxOrGRdtZeiDzOaA1ZtD 6Qfi25RCNNsJD7KMNO09Rq09LZXQBkEclCr83kL+jPm16cqcic6ldeWWHlupPhYu nRxqzB5LyGXppSeClXE1CH8T+Ps+G07czsubYvDreUHk3QjPLjJOUPSgPCxEYPCy E+wTNIPu8LDakS5MxwpdayKaxGE2NIrvVDq+G0eYNwkIF7er9gvODKC95UyDwmND mgy6hdDpHuo5bk95VYOyY2yay1EqHUy8eSDje3sIsuJ/YVFtcH1SrKntoww2NRj4 HfNXgp/f1JvHNZghSUU9uotbVTLhQAIOxwIn5cGAKF7dk2ZJbNSxLs8P9Gd7Ew1M bTT/3ek6Oq6xRWt8izZVlhgVtnCNJxkv/+L8Sxd0c/Oxe6APkFz/NMfE9ZSnPa24 /m3dNjCp2ZaJYOZB6OfyyIBFYZpChDVyVOznH8nL9Ckcgsf1PD7VFqkiOxr6v7s+ ELOM9dM4iCKs+ztim/mhSeTw9ywi5DQ7P40Jo3NtVbbZ5TEL6CPsbijc+ph+8XKQ P8ImGPC19a/jd0iLGXaP/q5zpTENcMuwoRX2M4ZXn9O8nCI28nlzAZWUU2/kgU3p YV4RIlnHGv6u+A== =1hMG -----END PGP SIGNATURE-----