Format: 1.8 Date: Mon, 06 Jan 2020 15:39:05 -0300 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: armhf Version: 1.3.23-1ubuntu0.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Eduardo Barretto Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium . * SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage() - debian/patches/CVE-2017-14165.patch: Verify that file header data length, and file length are sufficient for claimed image dimensions. - CVE-2017-14165 * SECURITY UPDATE: Heap-based buffer over-read in DrawImage() - debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in DrawDashPolygon(). - CVE-2017-14314 * SECURITY UPDATE: Null pointer dereference in ReadPNMImage() - debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256 colors. - CVE-2017-14504 * SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c - debian/patches/CVE-2017-14649.patch: Validate JNG data properly. - CVE-2017-14649 * SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage() - debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha flag is present. - CVE-2017-14733 * SECURITY UPDATE: Null pointer dereference in ReadDCMImage() - debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce image list with no frames, resulting in null image pointer. - CVE-2017-14994 * SECURITY UPDATE: Integer underflow in ReadPICTImage() - debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to astonishingly large allocation request. - CVE-2017-14997 * SECURITY UPDATE: Resource leak in ReadGIFImage() - debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully initialized. - CVE-2017-15277 * SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage() - debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer when transferring JPEG scanlines. - debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null PixelPacket pointer. - debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable dimensions given the file size. - debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception gets reported on read failure. - CVE-2017-15930 * SECURITY UPDATE: Heap-based buffer overflow in DescribeImage() - debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow while describing visual image directory. - CVE-2017-16352 * SECURITY UPDATE: Memory information disclosure in DescribeImage() - debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the IPTC profile. - CVE-2017-16353 Checksums-Sha1: 83ca3a2529d69884fef67f3ae6ed2bbef4fac4c6 3003996 graphicsmagick-dbg_1.3.23-1ubuntu0.4_armhf.deb 81733de3892b457233df8fcdd8015798b364bc1d 1292 graphicsmagick-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb b5bd99626d93050fa57b8c179e1cc78c4615de2b 590458 graphicsmagick_1.3.23-1ubuntu0.4_armhf.deb 2c40d8689d5be9b26b31e0f8a062b52ad4adb76f 1290 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 725d4e800355f1f07e403d644ff28befc14dfb33 49712 libgraphics-magick-perl_1.3.23-1ubuntu0.4_armhf.deb 9a0d1b254a1e2965140b9a13b7d3dfc35caf39e4 1252 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 7b627afd26c9ce0068d4ba99dcb74aa232a63699 87702 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.4_armhf.deb 7923280f96c17bd3bc2a86a9ed1730cab82886d9 1266 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb b5345b1c3ac7984a32b786a811a788252b585d7b 250568 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.4_armhf.deb d2891c1fba896c60045717cfdfb6ee0eb257b605 1248 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 727ce5373a1846b3d4a9599150a92443e33d24e5 1006998 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.4_armhf.deb c0b35de48530ef52122aefd914a287ab4032ceab 1256 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 172fa2cf6157046182daf5aae9e6367e329cf475 1223312 libgraphicsmagick1-dev_1.3.23-1ubuntu0.4_armhf.deb Checksums-Sha256: ff403fff1bccee7ab9eceab5acfcc2c3ca8cfecd70eb5b79be3ae9543bb49262 3003996 graphicsmagick-dbg_1.3.23-1ubuntu0.4_armhf.deb 6951f0188f6960e4297c20a98639e5d28da71dfdf192afd8792b918f3825d7fb 1292 graphicsmagick-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb e2fd92a6c88fbd527c2623b45590e9f4d1766bb83be54730603c7c109d94c4cc 590458 graphicsmagick_1.3.23-1ubuntu0.4_armhf.deb bfc1214c28001cd8d10024511e688f375fdbf7410aacaebe9409311d695c1b70 1290 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 3650a8b048447cb0e957a07b28b996a39942a0298bb3adf5a06194bae640034f 49712 libgraphics-magick-perl_1.3.23-1ubuntu0.4_armhf.deb 04203b29603c8382b3c47c39f1ba8330ca69050e69cd58ec97ec98c61f15d3b3 1252 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 3e086e2757f5dc984229984f3676bf79e83b193b8db5eb8863c35b5f0ecfbbb8 87702 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.4_armhf.deb e68a4fcbc40da0d6b4465e2e11d40b1a71d40d38109e2f2ea434a7f74913d48a 1266 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb aab1fe847aac060a956c4739e9505acdbbd47b80070652131bd6dbef274aa67d 250568 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.4_armhf.deb a78a533875fd49fd2243263a33ce7e577703eb8bd4472946997be0e5be76cbda 1248 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 5d0a06dbaabaf0fe549f8d30164b81449a0b0e4869b2404f1496a36140c06d46 1006998 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.4_armhf.deb be994b448cd773c63d313b1a3f2a2615a33cd9b3419f1f06b3ff79fdf8130446 1256 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 8a8df61b2e1de378355b3b2ca8ad8d3be357c769fb7c9efc12bba5281730f7e1 1223312 libgraphicsmagick1-dev_1.3.23-1ubuntu0.4_armhf.deb Files: 9c5dcda79406c5cf1d36d2f8503e5f9b 3003996 debug extra graphicsmagick-dbg_1.3.23-1ubuntu0.4_armhf.deb 649b7ef7b5e668367980504e3a1a729c 1292 graphics extra graphicsmagick-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb ff0b96ea4af5c07696384b75ebc11df6 590458 graphics optional graphicsmagick_1.3.23-1ubuntu0.4_armhf.deb 0219c18d2d2286457ad6ffcd48a739ca 1290 perl extra libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb ef7a45a44540354c326d4890fda9f113 49712 perl optional libgraphics-magick-perl_1.3.23-1ubuntu0.4_armhf.deb 47ab966feb741eb9a7043b4e89f731ea 1252 libs extra libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb f0368b4196a3d2a032037fe9477f8a11 87702 libs optional libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.4_armhf.deb 84629ccc0bf24d4bbf675649718dea6b 1266 libdevel extra libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb e4bb87581bb8ec455cd227b75a160211 250568 libdevel optional libgraphicsmagick++1-dev_1.3.23-1ubuntu0.4_armhf.deb 59d98d63f2af8298b61cb86ba7e31e28 1248 libs extra libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb 83540932a3e9a04b46277fb279d5726d 1006998 libs optional libgraphicsmagick-q16-3_1.3.23-1ubuntu0.4_armhf.deb 741a2b63ebf9a0447667a2b24191482e 1256 libdevel extra libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.4_armhf.ddeb b5873655f0aebb9f56a2404c4133619d 1223312 libdevel optional libgraphicsmagick1-dev_1.3.23-1ubuntu0.4_armhf.deb Original-Maintainer: Laszlo Boszormenyi (GCS)