Format: 1.8 Date: Thu, 25 Oct 2018 15:23:55 -0300 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: armhf Version: 1.3.18-1ubuntu3.1 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Eduardo Barretto Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick++3 - format-independent image processing - C++ shared library libgraphicsmagick1-dev - format-independent image processing - C development files libgraphicsmagick3 - format-independent image processing - C shared library Changes: graphicsmagick (1.3.18-1ubuntu3.1) trusty-security; urgency=medium . * SECURITY UPDATE: DoS (out-of-bounds read) in PCX parser code - debian/patches/CVE-2014-8355.patch: fix in coders/pcx.c - CVE-2014-8355 * SECURITY UPDATE: DoS (uninitialized memory access) via a crafted GIF file. - debian/patches/CVE-2015-8808.patch: Assure that GIF decoder does not use unitialized data. - CVE-2015-8808 * SECURITY UPDATE: DoS (crash) via a crafted SVG file. - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation - CVE-2016-2317 * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG file. - debian/patches/CVE-2016-2318.patch: Make SVG path and other primitive parsing more robust - CVE-2016-2318 * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in a crafted image file. - debian/patches/CVE-2016-3714.patch: Remove delegates support for reading gnuplot files. - CVE-2016-3714 * SECURITY UPDATE: Remote attackers are able to delete arbitrary files via a crafted image. - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic prefix. - CVE-2016-3715 * SECURITY UPDATE: Remote attackers can move arbitrary files via a crafted image. - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension on MSL files. - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG format based on file extension. - CVE-2016-3716 * SECURITY UPDATE: Remote attackers can read arbitrary files via a crafted image. - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in - CVE-2016-3717 * SECURITY UPDATE: Remote attackers can conduct server-side request forgery (SSRF) attacks via a crafted image. - debian/patches/CVE-2016-3718.patch: fix in render.c - CVE-2016-3718 * SECURITY UPDATE: Remote attackers can execute arbitrary files via a pipe character at the start of a filename. - debian/patches/CVE-2016-5118.patch: remove support for reading input from a shell command or writing output to a shell command - CVE-2016-5118 * SECURITY UPDATE: Remote attackers can execute arbitrary commands via unspecified vectors. - debian/patches/CVE-2016-5239.patch: remove delegates support for Gnuplot and varios other file types. - CVE-2016-5239 * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by converting a circularly defined SVG file. - debian/patches/CVE-2016-5240.patch: endless loop problem caused by negative stroke-dasharray arguments - CVE-2016-5240 * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception and application crash) via a crafted svg file. - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if fill or stroke pattern image has zero columns or rows - CVE-2016-5241 * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code. - debian/patches/CVE-2016-7446.patch: fix in svg.c - CVE-2016-7446 * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis. - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of EscapeParenthesis() in annotate.c - CVE-2016-7447 * SECURITY UPDATE: DoS (CPU consumption or large memory allocations) via vectors involving the header information and the file size. - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c - CVE-2016-7448 * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing an "unterminated" string. - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun if buffer not null terminated - CVE-2016-7449 * SECURITY UPDATE: Integer underflow in the parse8BIM function. - debian/patches/CVE-2016-7800.patch: fix unsigned underflow. - CVE-2016-7800 * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format reader. - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c - CVE-2016-7996 - CVE-2016-7997 * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header. - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow while reading SCT file header. - CVE-2016-8682 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted PCX image. - debian/patches/CVE-2016-8683.patch: check that filesize is reasonable given header. - CVE-2016-8683 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted SGI image. - debian/patches/CVE-2016-8684.patch: Check that filesize is reasonable given header. - CVE-2016-8684 * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image. - debian/patches/CVE-2016-9830.patch: enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions. - CVE-2016-9830 Checksums-Sha1: b712e7d75d70ca2bab87391589577975264ec16e 523738 graphicsmagick_1.3.18-1ubuntu3.1_armhf.deb fe0124e3bdc7fa69042d563721c028b208a0f5f5 969678 libgraphicsmagick3_1.3.18-1ubuntu3.1_armhf.deb abb00a3e684ed5cbd532129457247461da67fb78 1218936 libgraphicsmagick1-dev_1.3.18-1ubuntu3.1_armhf.deb 32de2358245475dbaeb213fa51e0e47daa2a360d 82250 libgraphicsmagick++3_1.3.18-1ubuntu3.1_armhf.deb e7d716c8ef091e39e920851428107697bddd5b05 247580 libgraphicsmagick++1-dev_1.3.18-1ubuntu3.1_armhf.deb cdf0bf37176fb84da96239f30e6314ef83c012a7 49546 libgraphics-magick-perl_1.3.18-1ubuntu3.1_armhf.deb 9347eb29a67518ec5bc2318928273e408290c212 2907790 graphicsmagick-dbg_1.3.18-1ubuntu3.1_armhf.deb 0891cebac5a244f601c309c186e1e1bf1ceb04c9 1256 graphicsmagick-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 8563a2a1a304a5a0fa52cf121db743c6b9aac12f 1206 libgraphicsmagick3-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 908cc8db0c85b41ec39f47461aed79c20984bc06 1218 libgraphicsmagick1-dev-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 5bf3c136290a695042ca620b2d24940792e83a14 1212 libgraphicsmagick++3-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 1f9d949e156f9944953b9895a2aebce48c1fe88c 1228 libgraphicsmagick++1-dev-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb bee8dcfe4463f83dba997bd8f77539e16fe38625 1252 libgraphics-magick-perl-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb Checksums-Sha256: 18056890981b5996e00db12edebea94df95658e722230033f51ff055b06b9f18 523738 graphicsmagick_1.3.18-1ubuntu3.1_armhf.deb 9e784d42aa2411dfb1dba3b74f30e33e65742dde07e04137e69ac57fd062aca8 969678 libgraphicsmagick3_1.3.18-1ubuntu3.1_armhf.deb 027400b8cd5fa6c30b3deab646d5b7497119f41e675a9d1f128c06547cd03299 1218936 libgraphicsmagick1-dev_1.3.18-1ubuntu3.1_armhf.deb 120692ff7be2d906829fa79f7089523c8494878ce3504ffa1b3a63ab55f3455b 82250 libgraphicsmagick++3_1.3.18-1ubuntu3.1_armhf.deb ff299be6a9e93d88e320677255b6f83d89d1f652031fc4571fc99e82f664914b 247580 libgraphicsmagick++1-dev_1.3.18-1ubuntu3.1_armhf.deb b6585b795f7537fe7ebaeaebfa08d8e037cefd0c6657fb232b434bbed2d02df2 49546 libgraphics-magick-perl_1.3.18-1ubuntu3.1_armhf.deb ef5e62cce1b042b86a041284525fa019e3da161d5ff285cc447818cad593657d 2907790 graphicsmagick-dbg_1.3.18-1ubuntu3.1_armhf.deb 7bd14392ba5bd3750cf89fca3d19af5c861983c750104a7a729ecf091f93a56b 1256 graphicsmagick-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb a83cf20e2e50a50aa7c4b141f4454d22a3e28d201d09a680154341da53e26bb4 1206 libgraphicsmagick3-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 116165ed8897ebf7328f69d77fa235345df0c41c6c13853a7a4d538c3837f1d8 1218 libgraphicsmagick1-dev-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb b138a3d9b84ce61a51c5623e4be86fc7382543a84cc23dba4107eb9dc562404c 1212 libgraphicsmagick++3-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 91c5ace1af32fc9050ba5262cde2339225828a4bd33a7cc2df369e28a3b04cab 1228 libgraphicsmagick++1-dev-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb f3b47a59605b91c9f65ee173001cadd4779d07756ee2f23f8a3a238b706560c5 1252 libgraphics-magick-perl-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb Files: 38e269c8922ffe0632cfa51f6ae03972 523738 graphics optional graphicsmagick_1.3.18-1ubuntu3.1_armhf.deb 2650bfef63aef6f8f1d3903e48a6619e 969678 libs optional libgraphicsmagick3_1.3.18-1ubuntu3.1_armhf.deb 981d470efeeeaa0a3575ac23193762cb 1218936 libdevel optional libgraphicsmagick1-dev_1.3.18-1ubuntu3.1_armhf.deb c3e17ba5a6eea53626641e86e0e99824 82250 libs optional libgraphicsmagick++3_1.3.18-1ubuntu3.1_armhf.deb b035a7eccebb40568b6672cdeafbab7b 247580 libdevel optional libgraphicsmagick++1-dev_1.3.18-1ubuntu3.1_armhf.deb aaae38da3390e6bff58881356e24af4c 49546 perl optional libgraphics-magick-perl_1.3.18-1ubuntu3.1_armhf.deb 1cc41370c4a6b5b8c31f1499ac136443 2907790 debug extra graphicsmagick-dbg_1.3.18-1ubuntu3.1_armhf.deb 284a5249f8f27a8d4d28117be8e135aa 1256 graphics extra graphicsmagick-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 06e25f85e1f06ee7727bf787e7e40379 1206 libs extra libgraphicsmagick3-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 60c19b93d01bb1fbe2164b9d486e5760 1218 libdevel extra libgraphicsmagick1-dev-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb f3504082426f7aeaf91b1f49b826f154 1212 libs extra libgraphicsmagick++3-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb cc3d238b7ac15f3dd1b0de5a130c6f98 1228 libdevel extra libgraphicsmagick++1-dev-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb 9381989d146d880311c3e6b5e55a0998 1252 perl extra libgraphics-magick-perl-dbgsym_1.3.18-1ubuntu3.1_armhf.ddeb Original-Maintainer: Daniel Kobras