-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 04 Sep 2017 18:50:34 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.26-8 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.26-8) unstable; urgency=high . * Fix CVE-2017-13775: denial of service issue in ReadJNXImage() . * Fix CVE-2017-13776 and CVE-2017-13777: denial of service issue in ReadXBMImage() . * Fix memory leak vulnerability in ReadJNGImage() which allow attackers to cause a denial of service via a crafted file. * Fix double-free after reading a malformed JNG. * Fix CVE-2017-14103: the ReadJNGImage() and ReadOneJNGImage() functions do not properly manage image pointers after certain error conditions, which allows remote use-after-free attacks via a crafted file, related to a ReadMNGImage() out-of-order CloseBlob() call. This vulnerability exists because of an incomplete fix for CVE-2017-11403 . * Fix CVE-2017-8350: crash while reading a malformed JNG file. Checksums-Sha1: 50fb5a48128f5c41ff9a9d6f93c5f3c93aa58ccd 2794 graphicsmagick_1.3.26-8.dsc a6f5ca28b1308b2991e8e34c2053cdaa089a860a 153676 graphicsmagick_1.3.26-8.debian.tar.xz b0ef35742a039935184404d363b60fc07629ff88 3175350 graphicsmagick-dbg_1.3.26-8_amd64.deb a25fbeaff3c1dbec3504fb7a80efd71e8226f4e2 24312 graphicsmagick-imagemagick-compat_1.3.26-8_all.deb bff6e0d295ad054c0a3863440638ede182083be8 27750 graphicsmagick-libmagick-dev-compat_1.3.26-8_all.deb bbea5dd061b978a7273841fbdca443a8dd191f9a 11562 graphicsmagick_1.3.26-8_amd64.buildinfo 9e8f84406697f0d12a89b9da352b9131b331a324 865976 graphicsmagick_1.3.26-8_amd64.deb 5842045201f7c423617d344140aa398d5be8384c 70992 libgraphics-magick-perl_1.3.26-8_amd64.deb f3971f328fb3583ffa3b0c1e8c4a4a9303a31d36 118560 libgraphicsmagick++-q16-12_1.3.26-8_amd64.deb aa98868a7503b352dfe68356a0e1254d06bf5ac4 303658 libgraphicsmagick++1-dev_1.3.26-8_amd64.deb a42e118f718f1728698ee9a71297371e531599f5 1114086 libgraphicsmagick-q16-3_1.3.26-8_amd64.deb bcf22b27075f34dbe961155533b30617591c0f1f 1336562 libgraphicsmagick1-dev_1.3.26-8_amd64.deb Checksums-Sha256: 3c8b6f9896fc10ccc03a52accf4a940034d968f7efe032f4e17c3adab974ca5a 2794 graphicsmagick_1.3.26-8.dsc 98165994725228f0e2d97f3d6afb697cdd6df7db1de4dd00836340bb82fcecd2 153676 graphicsmagick_1.3.26-8.debian.tar.xz 07a6ab572efdf08d6b0401f3b6e8e144b9e53cc15a9b0df53dedd7f8ae9eb634 3175350 graphicsmagick-dbg_1.3.26-8_amd64.deb d4fc3b28c3a5a4060be2a3b1c75f76b0aeeb21295fe68bcae522580b9566b0af 24312 graphicsmagick-imagemagick-compat_1.3.26-8_all.deb ba59aa2049a57809e5f1a5365a1c77680b34abf3936cd95cc0ab365ca2fa824a 27750 graphicsmagick-libmagick-dev-compat_1.3.26-8_all.deb d907f2e4f4f9d91f7c30e618cab14a550d8c720b639cefdcc59bf86f9c4b980b 11562 graphicsmagick_1.3.26-8_amd64.buildinfo e91f3c441ccb045db2488340b2dbe7a2dab060a4ee82c6e76318b3f92acc4872 865976 graphicsmagick_1.3.26-8_amd64.deb 27f296707720a1a5292b80fa5f862c0dbda5b533057172442ebbfda8340066e5 70992 libgraphics-magick-perl_1.3.26-8_amd64.deb 56183d2bcd2c81640d70aab713d38b0406692ef97525d1fa67bcdb73be724529 118560 libgraphicsmagick++-q16-12_1.3.26-8_amd64.deb 65a08271dd5618ffe634fba247301224838457bc1e5fc8d3fe2399ef745bf1cc 303658 libgraphicsmagick++1-dev_1.3.26-8_amd64.deb 0e5116f6bf32c17fb5960724a39af3cbab8e271040fbba448df093bf2eedde8c 1114086 libgraphicsmagick-q16-3_1.3.26-8_amd64.deb 20f4cd952fb496ebf847caf3fc876b96720a8f358c8c8e5ee1be2369bf24bfa6 1336562 libgraphicsmagick1-dev_1.3.26-8_amd64.deb Files: 262f5c6e137c1df298da2a9134cf5583 2794 graphics optional graphicsmagick_1.3.26-8.dsc 7289a258f38219858a0d29955f0fc478 153676 graphics optional graphicsmagick_1.3.26-8.debian.tar.xz b3809b24cd67c18eff29138703b0f158 3175350 debug extra graphicsmagick-dbg_1.3.26-8_amd64.deb 7023758a64ed322c6a52f60c8681dca7 24312 graphics optional graphicsmagick-imagemagick-compat_1.3.26-8_all.deb d27206d6498e73eb991cc96ef2724660 27750 graphics optional graphicsmagick-libmagick-dev-compat_1.3.26-8_all.deb daa8a2e1cb6a66e861b22d0341476bba 11562 graphics optional graphicsmagick_1.3.26-8_amd64.buildinfo c8dbf7b73f8381eb59d49ca097610a6e 865976 graphics optional graphicsmagick_1.3.26-8_amd64.deb 150e50922b908f3ec222b431e28c3bad 70992 perl optional libgraphics-magick-perl_1.3.26-8_amd64.deb fef2eadf6747108745b23d12fee2a430 118560 libs optional libgraphicsmagick++-q16-12_1.3.26-8_amd64.deb 0c178632f43aabe0eb61f176b970d2cf 303658 libdevel optional libgraphicsmagick++1-dev_1.3.26-8_amd64.deb b3471b155031b9aadbb99a14f4d4fdc4 1114086 libs optional libgraphicsmagick-q16-3_1.3.26-8_amd64.deb 83209f0a96c72d73a17b7bd48353bcd6 1336562 libdevel optional libgraphicsmagick1-dev_1.3.26-8_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlmuxWEACgkQ3OMQ54ZM yL+E4g//dX/Xwbmif95ozHeLUekIxI7BBoTBSbm71Ww5ukfRAk6blg+T+B6J0WNx NDIoyNmR0qebueyFAq88Ufd1yJD8NJ2kIIQhgwcLaPJuSyGzfgdInw9t7XwptA36 yyQ95hQz5YQFrL7vsQ+Hh9kt2Ro3SLnClxjrxzJkB/xHIFCUWterDwivM62AAKY8 9MiODJwc90XpAW88AgSAsGtmg+qr3vsUIr/uUc3zdRk9/A2fQGdRpHNT7LCGKY3c p+NDHe13dyyIRjNDlNleJHCoanWhV1S9t6COQui58irw4E4mrLxY5N8z/5YjGQq5 FvBXX7aYd0REb/eIDNO6lXCNW79LjTxrs5tR+7t17KL03Us3/MYrzsCJeo+JVCvg 9Gq1pUE6QqJODf24yDuuz0ei+UfimsV6OUiaBYVGEb01rG99WTTQm8PjFtR/KgFc zs7wmOqzUt+/46T4a3GWaoEP+VL0QxaXSJg/crxOG0jspwzXX9hGwUEIebzjymxX LsGQMuJJ78H5CKk9izramnfEtiISSs0nT6a3JoE1OTsRSo5bpjNBvdboFH3RxL22 O48GlCBQy2Wf1mfVdvjBSgOR6SrCM97YqCTZ/UDRpkmanmVlAeJkODd01CJ2bNgG AWae30atDcVixz1ylZNFMqXn3E7BznC4/LCf6UyMatt6BHbruQQ= =asU6 -----END PGP SIGNATURE-----