Format: 1.8 Date: Thu, 01 Nov 2018 15:03:05 -0300 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: arm64 Version: 1.3.23-1ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Eduardo Barretto Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.23-1ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: DoS (crash) via a crafted SVG file. - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation - CVE-2016-2317 * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG file. - debian/patches/CVE-2016-2318.patch: Make SVG path and other primitive parsing more robust - CVE-2016-2318 * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in a crafted image file. - debian/patches/CVE-2016-3714.patch: Remove delegates support for reading gnuplot files. - CVE-2016-3714 * SECURITY UPDATE: Remote attackers are able to delete arbitrary files via a crafted image. - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic prefix. - CVE-2016-3715 * SECURITY UPDATE: Remote attackers can move arbitrary files via a crafted image. - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension on MSL files. - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG format based on file extension. - CVE-2016-3716 * SECURITY UPDATE: Remote attackers can read arbitrary files via a crafted image. - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in - CVE-2016-3717 * SECURITY UPDATE: Remote attackers can conduct server-side request forgery (SSRF) attacks via a crafted image. - debian/patches/CVE-2016-3718.patch: fix in render.c - CVE-2016-3718 * SECURITY UPDATE: Remote attackers can execute arbitrary files via a pipe character at the start of a filename. - debian/patches/CVE-2016-5118.patch: remove support for reading input from a shell command or writing output to a shell command - CVE-2016-5118 * SECURITY UPDATE: Remote attackers can execute arbitrary commands via unspecified vectors. - debian/patches/CVE-2016-5239.patch: remove delegates support for Gnuplot and varios other file types. - CVE-2016-5239 * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by converting a circularly defined SVG file. - debian/patches/CVE-2016-5240.patch: endless loop problem caused by negative stroke-dasharray arguments - CVE-2016-5240 * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception and application crash) via a crafted svg file. - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if fill or stroke pattern image has zero columns or rows - CVE-2016-5241 * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code. - debian/patches/CVE-2016-7446.patch: fix in svg.c - CVE-2016-7446 * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis. - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of EscapeParenthesis() in annotate.c - CVE-2016-7447 * SECURITY UPDATE: DoS (CPU consumption or large memory allocations) via vectors involving the header information and the file size. - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c - CVE-2016-7448 * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing an "unterminated" string. - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun if buffer not null terminated - CVE-2016-7449 * SECURITY UPDATE: Integer underflow in the parse8BIM function. - debian/patches/CVE-2016-7800.patch: fix unsigned underflow. - CVE-2016-7800 * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format reader. - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c - CVE-2016-7996 - CVE-2016-7997 * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header. - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow while reading SCT file header. - CVE-2016-8682 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted PCX image. - debian/patches/CVE-2016-8683.patch: check that filesize is reasonable given header. - CVE-2016-8683 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted SGI image. - debian/patches/CVE-2016-8684.patch: Check that filesize is reasonable given header. - CVE-2016-8684 * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image. - debian/patches/CVE-2016-9830.patch: enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions. - CVE-2016-9830 Checksums-Sha1: 0191295b94eeb4b9e797feaf8104eea979f27a29 3089740 graphicsmagick-dbg_1.3.23-1ubuntu0.1_arm64.deb 41dfff60f82db6d64db6eb62a55c2abbc7c1cb61 1290 graphicsmagick-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 93fa6671148194f3eba485ff5d2b71cdfe850138 591634 graphicsmagick_1.3.23-1ubuntu0.1_arm64.deb 57d428ccddaabb969f27f7a001c06601a89aac70 1288 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 214857c8c0a30735eae18c33e48c4f0443896fbc 45224 libgraphics-magick-perl_1.3.23-1ubuntu0.1_arm64.deb 849ada941bdef4cf0f2ff3dba9ba0f68475946fe 1254 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb d5a913182aab003dbb5851a55aa41005076dbd65 95750 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.1_arm64.deb bc1b518fb65fa31db26331b7f9520086c25b2fc2 1264 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb cc9a7f0dc90d7c5cb9739e229edc4c3f15105559 266492 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.1_arm64.deb 856c999fb1173b4b8670395cc999dfc6a0ed9aab 1246 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb e027cff1810485f20c4d3fb0d2bcbbf482f5c75f 884778 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.1_arm64.deb bd1fae11ccec7f8ff220d0fb7ad5e09f3cd6e334 1256 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 9e03e14aa07eb86f6903700ba14170cb52d6004f 1178682 libgraphicsmagick1-dev_1.3.23-1ubuntu0.1_arm64.deb Checksums-Sha256: e4256b6cccaaf859219221183553b0448ef7d1c0f7785edec61fa0dd053961be 3089740 graphicsmagick-dbg_1.3.23-1ubuntu0.1_arm64.deb c85b383b0bde89def572b911fa08b0ba89ab0df0501d733fb69efdf527186449 1290 graphicsmagick-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb c8eb3f84a3d6ae170b03326cffbd82ab3a28854b75c90f26131db255713523e6 591634 graphicsmagick_1.3.23-1ubuntu0.1_arm64.deb 869102f0827cb3e57ef73126a485e088bc1b6e0837fd2437ba96f917a37c046d 1288 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 14bce19a26a7c7d064c34e10bbaade25ff9aa1c6a6909e45198321fc6e9c1ef6 45224 libgraphics-magick-perl_1.3.23-1ubuntu0.1_arm64.deb 372ab50a72c5e4cf98b6e0f1a5b44e39a70423948eaa356f23bd78beb006c8a0 1254 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 0da913fd4784f79b7a75a09881d7b8352236b82a30bb3dfb910182fa6d6c7da4 95750 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.1_arm64.deb d56d243f93630a40682659b7a5fb23443a86228479feb7139e4115903a5c6be4 1264 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 26368d78a2aa3ef5d7e9e574777dc35f276e64a1df6e203749216d36f10f9f07 266492 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.1_arm64.deb 3af4f9a3d4dba561be7bfae265660b43e482c0921ad952d9488a90daf0c7fa59 1246 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb b941e466198df0f73331c19984fc8b0c5dbb198a746c72a0007bd436cc337c2f 884778 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.1_arm64.deb b34b9ee0c63b4d8b9afcd95016b2bb938f072bad8b1641d6f30e276b368e4ae3 1256 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb e687dae6c1b55c794cffa21011d213afca9ce9b9069f3aa2aa674f959b9c40d4 1178682 libgraphicsmagick1-dev_1.3.23-1ubuntu0.1_arm64.deb Files: 1c66247d9de39f2df3a2d7ea64600a76 3089740 debug extra graphicsmagick-dbg_1.3.23-1ubuntu0.1_arm64.deb 39e5dfd8cd807e6de884349415c7ba44 1290 graphics extra graphicsmagick-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 7cafb128ef03e3d0fc345c0ede56adda 591634 graphics optional graphicsmagick_1.3.23-1ubuntu0.1_arm64.deb 9c9e075256b45bce473f488eb4bd6eca 1288 perl extra libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 6659175958e4fb0e469d9598e23d1494 45224 perl optional libgraphics-magick-perl_1.3.23-1ubuntu0.1_arm64.deb d90606805e102b2f36533ba85ace9f06 1254 libs extra libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 1d63263028435cd7657be96f40c60e83 95750 libs optional libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.1_arm64.deb e9cf7ebaac191e2b99412576810e6ac7 1264 libdevel extra libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb efbadb1eb99a2118a66c71b446e12489 266492 libdevel optional libgraphicsmagick++1-dev_1.3.23-1ubuntu0.1_arm64.deb f4210eb2f1081726bdb3edd427f2d962 1246 libs extra libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb 50aa2b090e45b78cb0e5ad947fb44137 884778 libs optional libgraphicsmagick-q16-3_1.3.23-1ubuntu0.1_arm64.deb fcfa1d50e84327dbe42a7a4f92b439bb 1256 libdevel extra libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.1_arm64.ddeb a05f881bfca4140a958ebb6ad4a25b8c 1178682 libdevel optional libgraphicsmagick1-dev_1.3.23-1ubuntu0.1_arm64.deb Original-Maintainer: Laszlo Boszormenyi (GCS)