Format: 1.8 Date: Mon, 06 Jan 2020 15:39:05 -0300 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: i386 Version: 1.3.23-1ubuntu0.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Eduardo Barretto Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium . * SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage() - debian/patches/CVE-2017-14165.patch: Verify that file header data length, and file length are sufficient for claimed image dimensions. - CVE-2017-14165 * SECURITY UPDATE: Heap-based buffer over-read in DrawImage() - debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in DrawDashPolygon(). - CVE-2017-14314 * SECURITY UPDATE: Null pointer dereference in ReadPNMImage() - debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256 colors. - CVE-2017-14504 * SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c - debian/patches/CVE-2017-14649.patch: Validate JNG data properly. - CVE-2017-14649 * SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage() - debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha flag is present. - CVE-2017-14733 * SECURITY UPDATE: Null pointer dereference in ReadDCMImage() - debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce image list with no frames, resulting in null image pointer. - CVE-2017-14994 * SECURITY UPDATE: Integer underflow in ReadPICTImage() - debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to astonishingly large allocation request. - CVE-2017-14997 * SECURITY UPDATE: Resource leak in ReadGIFImage() - debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully initialized. - CVE-2017-15277 * SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage() - debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer when transferring JPEG scanlines. - debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null PixelPacket pointer. - debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable dimensions given the file size. - debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception gets reported on read failure. - CVE-2017-15930 * SECURITY UPDATE: Heap-based buffer overflow in DescribeImage() - debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow while describing visual image directory. - CVE-2017-16352 * SECURITY UPDATE: Memory information disclosure in DescribeImage() - debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the IPTC profile. - CVE-2017-16353 Checksums-Sha1: a1ad9f0b46d7086be1084872ba0f15a54a92fbde 2615646 graphicsmagick-dbg_1.3.23-1ubuntu0.4_i386.deb 7a95aefd7a58f52b00f7e0cd261d0b6152b77ed9 1294 graphicsmagick-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb c5e4794196551622300fe5cba1ac467d359e84da 591698 graphicsmagick_1.3.23-1ubuntu0.4_i386.deb 56f5344d29e5d4dc6aa6379f35467e2c1be17a51 1292 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 1597f404669795164aead8443022e24976548657 55684 libgraphics-magick-perl_1.3.23-1ubuntu0.4_i386.deb c8f66ecdb0d7b234e431444440cacaa889a4193e 1258 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb e25afff548f0b9980d24d07fa55423106c5121bb 110300 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.4_i386.deb 249fe1d21caaed051b3bfa5abd5fea7f89348e3b 1268 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 56fd89d927b067f9127f74d1fb5eca982a83cb1f 266614 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.4_i386.deb c8ff333b18d2a923da7d1e4e32ade38ee2b0ac02 1250 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb b2721835b9fa0bd49f7ad31ff93125c1aa1b74ae 1162266 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.4_i386.deb 5c24a1d5659c3c7dd5ba22d5ef502664163e98ff 1260 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 7d442309f76dc78b9dfd85838e1a0139ad951670 1342278 libgraphicsmagick1-dev_1.3.23-1ubuntu0.4_i386.deb Checksums-Sha256: c97c1aa197afc99e151bd658799948c97489c35d0ef53b4cab5575601ddf43c8 2615646 graphicsmagick-dbg_1.3.23-1ubuntu0.4_i386.deb e64e22f479189293d1397b0ef9e2e2b05c322f970f125441f44fcfdb449f6a1a 1294 graphicsmagick-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 9bba7cb688593bd3ed0f3988e02c1714602626b4ecdbc60230be340b0d5607f2 591698 graphicsmagick_1.3.23-1ubuntu0.4_i386.deb 133a66dbfb06d2840e0fa75d2623b9b200a334fd40f444992a7764af51ed0458 1292 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 051296d30e5184dc15848ab2dcca42305b2bb0d66a9c0d79ba500eca3ae49e90 55684 libgraphics-magick-perl_1.3.23-1ubuntu0.4_i386.deb c005692f60de80f55ba2847a2d6a2884275a72a74d9afda4d03f244384a3b6c6 1258 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 8002c021c5a33a4099103a50b403e7faba911fdd8be24bbd333aa746dbbad15d 110300 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.4_i386.deb 1061a49b7eb004ee0685ea51575fa0972d40bad2194bf8d57c52dbd60d2b2b7a 1268 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 0297376430cccbb3b5ca2a84b13811c7d3636e3acede4def9fd2301795f8c2cb 266614 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.4_i386.deb 556599ec3e0fccee320f1d63dd67adceaf9e663c359c6ee29cf5b84b672fcddb 1250 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb cceb3795e8932e66fd2d0c0d40021ba71cb6f4ddf97627078764c0674477021a 1162266 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.4_i386.deb f82824686916ac88799893d352608438a71841874cb3e612bfe82f747854cb83 1260 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb ce5944fe1dcd3b46f5d73fbfa71043bffd3eeced2b9ed575c87f2b35508d37f4 1342278 libgraphicsmagick1-dev_1.3.23-1ubuntu0.4_i386.deb Files: abe27bf785e4f024be45e1ace41a0a68 2615646 debug extra graphicsmagick-dbg_1.3.23-1ubuntu0.4_i386.deb 2e4dc04402a1857d755d9df51ed14055 1294 graphics extra graphicsmagick-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 18ac099952f1babe8576166a54b19095 591698 graphics optional graphicsmagick_1.3.23-1ubuntu0.4_i386.deb 1b7a94354e9cab1fa2051a546dfe40e5 1292 perl extra libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 2bf3b5db4569c029e761485d68bd8684 55684 perl optional libgraphics-magick-perl_1.3.23-1ubuntu0.4_i386.deb 3a3109e5a081e1011b6c1f49f317db9b 1258 libs extra libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb a21b15a3103eb44c0025d85f09ba951f 110300 libs optional libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.4_i386.deb e3e141d29ffccdea2cdb728b81b8f687 1268 libdevel extra libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 23c58b3adf79d5578eaa69fab2a860d7 266614 libdevel optional libgraphicsmagick++1-dev_1.3.23-1ubuntu0.4_i386.deb 632a7f42b639c1651081e515b9ffd11b 1250 libs extra libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 730741beb93e04c4bb5279181b8dccab 1162266 libs optional libgraphicsmagick-q16-3_1.3.23-1ubuntu0.4_i386.deb 36add4aa4c722136e42b7d972444109f 1260 libdevel extra libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.4_i386.ddeb 5f8a391a42da56297addb9ed3b9ff7d8 1342278 libdevel optional libgraphicsmagick1-dev_1.3.23-1ubuntu0.4_i386.deb Original-Maintainer: Laszlo Boszormenyi (GCS)