-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Mar 2018 22:41:15 +0200 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.16-1.1+deb7u19 Distribution: wheezy-security Urgency: high Maintainer: Daniel Kobras <kobras@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick++3 - format-independent image processing - C++ shared library libgraphicsmagick1-dev - format-independent image processing - C development files libgraphicsmagick3 - format-independent image processing - C shared library Changes: graphicsmagick (1.3.16-1.1+deb7u19) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-18219: An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. * Fix CVE-2017-18220: The ReadOneJNGImage and ReadJNGImage functions in coders/png.c allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403 * Fix CVE-2017-18229: An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. * Fix CVE-2017-18230: A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-18231: A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2018-9018: There is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. Checksums-Sha1: 1485cbff3ce055a2765d766b4b577a5877f131f9 2914 graphicsmagick_1.3.16-1.1+deb7u19.dsc 1c51dd1d469f9c17f37ad1bfc7dd63c52fb40b50 181468 graphicsmagick_1.3.16-1.1+deb7u19.debian.tar.xz a8c612b278ad63d9285ca2f13e2127209bfecd65 1037384 graphicsmagick_1.3.16-1.1+deb7u19_amd64.deb a0d7c611ec79913476c40d1a922268ddc005dbcb 1328446 libgraphicsmagick3_1.3.16-1.1+deb7u19_amd64.deb 8ffde2c4101f02b4f626a4c3c23fd8999fccf421 1825788 libgraphicsmagick1-dev_1.3.16-1.1+deb7u19_amd64.deb 56d72a049bf2ac8af4401ad411b329825f2dfa02 156028 libgraphicsmagick++3_1.3.16-1.1+deb7u19_amd64.deb 166f1f65d286255b23ece9624a326247a2f531a6 410382 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u19_amd64.deb 320dda50982e7b81ebbcacab426844342c84f0e8 85214 libgraphics-magick-perl_1.3.16-1.1+deb7u19_amd64.deb 6800b17636f02ac3477ba709f2d4e827969ab7ef 3272714 graphicsmagick-dbg_1.3.16-1.1+deb7u19_amd64.deb d34b7715082b7aa784e6a10f86d53b0bda663205 19940 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u19_all.deb 4d74d51065d1aedf42c0c6317adae32832bd9626 22878 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u19_all.deb Checksums-Sha256: 957961a90ea9ddc652a5dcf2b0c3514b72bf09d1a3bf839d4ca81f61306dc81b 2914 graphicsmagick_1.3.16-1.1+deb7u19.dsc df51655f60bcae71ffaa252f1d2c1a20219441079abf8d5f28d281ae2ad9a200 181468 graphicsmagick_1.3.16-1.1+deb7u19.debian.tar.xz cd1e3e53605586bc638eb6a702605018620a6ee08167f283fe361dfca9fa6bc3 1037384 graphicsmagick_1.3.16-1.1+deb7u19_amd64.deb 95fc053127e57ae7cd53ed169f62fd74b8173a6fc4a5c66177b4c1a36f264987 1328446 libgraphicsmagick3_1.3.16-1.1+deb7u19_amd64.deb 862244c2e137217ab5df9acbde5370baea18287b0d291f845bee7388790dbd4f 1825788 libgraphicsmagick1-dev_1.3.16-1.1+deb7u19_amd64.deb df7612f8e2f14846de50e231ca9ecbed071d58c4ad6d4d1ce99f2935c894743e 156028 libgraphicsmagick++3_1.3.16-1.1+deb7u19_amd64.deb c3f3b7d9199059632d88d904df77d9a719399246930d95ec2c9ee61b6cd97f6a 410382 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u19_amd64.deb b57c56c742a4aac63751eeb57c7e0d9391e825e1f94178fd9c92fcb535be48c6 85214 libgraphics-magick-perl_1.3.16-1.1+deb7u19_amd64.deb cd2bce2498e11982ef8d70b8b55fe72dc8db6f60bdba87af5f4998fd31fd0baa 3272714 graphicsmagick-dbg_1.3.16-1.1+deb7u19_amd64.deb 104b80ddac53a7a0bd4ef1b44fe362db823a139b75a927f84305e77a831c1be3 19940 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u19_all.deb 50bbdbe2a9a500cc3bf02efacbb46b555fab8402f4554ca3eceeab04c0806f43 22878 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u19_all.deb Files: df5ef202c676e4ed1b26e4ed74b07e3f 2914 graphics optional graphicsmagick_1.3.16-1.1+deb7u19.dsc 6af61075430df2efd426f601db638734 181468 graphics optional graphicsmagick_1.3.16-1.1+deb7u19.debian.tar.xz 6dba5160676ecca7eb70a099916b376c 1037384 graphics optional graphicsmagick_1.3.16-1.1+deb7u19_amd64.deb 911391fedd69d842b798c1b81c75ee5b 1328446 libs optional libgraphicsmagick3_1.3.16-1.1+deb7u19_amd64.deb e95989091fece658ffb5edc33f50155c 1825788 libdevel optional libgraphicsmagick1-dev_1.3.16-1.1+deb7u19_amd64.deb 9b2621a267f86ba7e38d115ea1f0d64e 156028 libs optional libgraphicsmagick++3_1.3.16-1.1+deb7u19_amd64.deb 1d5dd38e127fff18d71333378e3ca5f6 410382 libdevel optional libgraphicsmagick++1-dev_1.3.16-1.1+deb7u19_amd64.deb 580dc181ee9c950ca6f434416b2becde 85214 perl optional libgraphics-magick-perl_1.3.16-1.1+deb7u19_amd64.deb 129e2ebf9f973e5863b9035f125da8d2 3272714 debug extra graphicsmagick-dbg_1.3.16-1.1+deb7u19_amd64.deb 88c32ab19f0506d3caaa8466bf835ef1 19940 graphics extra graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u19_all.deb ec987a19a2c58fe41914fd602cb4f31b 22878 graphics extra graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u19_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlq7pUpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk1iUQAMHEymDpz+QdUP94alN8S1PbrnYw7pyTuZx1 BpWm2M183e5GR2WPyI6QBEksYq+TcdVjmmpHeiSpRw20h/CUuG/KZxAIvg+nBriQ w3qFml5josNMWOKcgfZsiIjZ7L0p3B1lgv4+If5dBlOAeuue/wpjqnZqirqWzk6i Xxsv8rILq4QX3RnV7fjtPABE2faHo709WRD0XwreBcavsIEnsm+Hhb+AYT7E8+7U zu3CnxbmG5EfDfMA8TNj1LD9KuCQRO+MTLBwQI2SfdvcQHwRmtyCInMb1sopDM+N 4dd35DoWW2TjALHttuAmI/BraDYW/mXl9YywJBm2+oaD9HirW/6R4hKgsJtKakdR ENCUjKXlPuHEh9rtB00z72p7lku2YsdOAE2O+VC2r9QnkhXAZtq3Aj/DeX0h7SPo MFl+cSv7KsQn6RHSE29D03z3ld9VBJniQovYxr6f/B00Y5JR03a/d7yvjAOkijcU 2P0O1YGe2hOqb9YQHUSGXort/KGngYC1cJ0tiAtJBKqJvpOb2Y+unDxCKx/jZg+A TPNNLeFt/7BfBbcgYbW92R0JBq/U3huvbemXhglMxjPmW8YQQvVFUEsqIjOMdwyk FW1q4lk9DpjEjFupBjvzRWNENssMDggcU5c7dIXop6cTehxqf/92nZ7lgYUe07aX XymCjgMP =HgeV -----END PGP SIGNATURE-----
