Format: 1.8 Date: Mon, 03 Feb 2020 16:47:01 -0300 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: amd64 all Version: 1.3.23-1ubuntu0.6 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Eduardo Barretto Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium . * SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile() - debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing reading heap data beyond the allocated size. - CVE-2017-17912 * SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage() - debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that the image pointer provided by libwebp is valid. - debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp 0.5.0+ by disabling progress indication. - CVE-2017-17913 * SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage() - debian/patches/CVE-2017-17915.patch: Check range limit before accessing byte to avoid minor heap read overflow. - CVE-2017-17915 * SECURITY UPDATE: Allocation failure in ReadOnePNGImage() - debian/patches/CVE-2017-18219.patch: check MemoryResource before attempting to allocate ping_pixels array. - CVE-2017-18219 * SECURITY UPDATE: Allocation failure in ReadTIFFImage() - debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and tile memory allocation requests based on file size. - CVE-2017-18229 * SECURITY UPDATE: Null pointer dereference in ReadCINEONImage() - debian/patches/CVE-2017-18230.patch: Validate scandata allocation. - CVE-2017-18230 * SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile() - debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation. - CVE-2017-18231 Checksums-Sha1: 412dac1080e041ed34942b9f0febfdf8387ee132 3119186 graphicsmagick-dbg_1.3.23-1ubuntu0.6_amd64.deb 8fee74e1d27419ab757276fb5b669f666744fb39 1290 graphicsmagick-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 85c26a74a76cfcacdeb8fb6fdbb812d08176b427 5816 graphicsmagick-imagemagick-compat_1.3.23-1ubuntu0.6_all.deb 0c91b3243195b4b9b60692226964562cc3fc681c 9216 graphicsmagick-libmagick-dev-compat_1.3.23-1ubuntu0.6_all.deb 29d92b924d73a575256505e79f4fbfc9664b6ebc 589762 graphicsmagick_1.3.23-1ubuntu0.6_amd64.deb 0cd3a1aa52919a82f6eca98c48077af1156e2133 1288 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 376baf6373a574df6fa350efbe86ea04fa91db44 53458 libgraphics-magick-perl_1.3.23-1ubuntu0.6_amd64.deb 8c33c20e7a286f2053b07af51a54decdf564db81 1256 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 55be8d146b7e40493626fea61119b0d43a71a680 101002 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.6_amd64.deb 20e5df5b5d02c6a6d7481be1bca622887707241c 1266 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 52c92894910c36a2e10dc2157e76a64b4ad7d118 265954 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.6_amd64.deb 6bee840a96e3e0d8e6b907d8cc0b449c048adbd0 1250 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 3c2b153145452150ed30f2923a6ced8f0eccf5a2 1113804 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.6_amd64.deb 242f8323da70b9ea86dcc86da496920d816d5fab 1260 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb b92bd0e3947a7919da0b88b9cb2d302b48995242 1298126 libgraphicsmagick1-dev_1.3.23-1ubuntu0.6_amd64.deb Checksums-Sha256: ad5a082e6b45abc9fdc4724e86228d7fa46cf09d73bd1dd33264f67419903e4d 3119186 graphicsmagick-dbg_1.3.23-1ubuntu0.6_amd64.deb d7299a4aa9a44159900a82e56890c6138e45462a519956ca8a466c2295e9bf4c 1290 graphicsmagick-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb fb22d98edb6026e5c3787f19f3d10d87e1e5487cdf2ad96ff6633726f17cd4e9 5816 graphicsmagick-imagemagick-compat_1.3.23-1ubuntu0.6_all.deb 6eff63bd44326597cfe8418bc2616ac209bf7996ebdd1ce5c61d9271fa26f920 9216 graphicsmagick-libmagick-dev-compat_1.3.23-1ubuntu0.6_all.deb 00508a87e54f225273d4ef3b5bc10100f63e2553e20cf76d111eb6b696fbd3ef 589762 graphicsmagick_1.3.23-1ubuntu0.6_amd64.deb e375d679ec9a7d01b5bea25687d43d0c4838787439801cd72941110cbc62ef9e 1288 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb e8b2ac9007c4ced3c1da2453d8cbf2b13881f09ebd1a1c27784f3ea907e0cf5e 53458 libgraphics-magick-perl_1.3.23-1ubuntu0.6_amd64.deb 7755da31bf0cc64fcb4f5f8786ba5e6fd87a614d3ddaebd1bbe9374d2b03a4f4 1256 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 9cbd6798dd4da0b15ba9fd5a9d029c87a261fbb1ae67a3fc88c157fcd6b6d446 101002 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.6_amd64.deb 3db3ed97cdf232f0b3397268ce3fa84ef69d115088a49a2f85e952d42fe1092f 1266 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 079ff03e804e04526192597d3b55147270c8b91f7d36c5890f3699c4b990fdbc 265954 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.6_amd64.deb 23765265d34ccb2f9f1d9caf43a03665b997764b829b7b36ed338f8dfe904b5d 1250 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 5163c09992f30a06ea8cf79546a5dc410ac3b3c5e47b10cb4d2e05dfecc3a087 1113804 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.6_amd64.deb d66c14d248c025c7aebdff7d2e176447f77d739eb88ded826426d3b4926f72ab 1260 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 00a76fcd4cd29ad9f9132a20d494fee0cb1d53d62665b94143dcb3acf7babb1a 1298126 libgraphicsmagick1-dev_1.3.23-1ubuntu0.6_amd64.deb Files: a81a63d2e0cd780600c249e534e70976 3119186 debug extra graphicsmagick-dbg_1.3.23-1ubuntu0.6_amd64.deb 0caa7497bc4a24f12a4b15f980ab10b8 1290 graphics extra graphicsmagick-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb dd72b1a1ef85f10974d0ff0d1221f879 5816 graphics extra graphicsmagick-imagemagick-compat_1.3.23-1ubuntu0.6_all.deb 080d6e5864633dd2ec50f325706b5533 9216 graphics extra graphicsmagick-libmagick-dev-compat_1.3.23-1ubuntu0.6_all.deb f8ebd7b384eecf2ce074298103b54045 589762 graphics optional graphicsmagick_1.3.23-1ubuntu0.6_amd64.deb 2fe670ac122b133e7fde5678edd1fdba 1288 perl extra libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb fc6eefdcac50a139b738ffbd859b7663 53458 perl optional libgraphics-magick-perl_1.3.23-1ubuntu0.6_amd64.deb bbac8079835eca893372d47d2152bebc 1256 libs extra libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb c52de6712bc976968e4873560cc04d05 101002 libs optional libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.6_amd64.deb 5c7e055cc476452557bb8dd5f143548b 1266 libdevel extra libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb c7fa0a2525b29de585db9c7aab29ac8a 265954 libdevel optional libgraphicsmagick++1-dev_1.3.23-1ubuntu0.6_amd64.deb 3a9cf695944dd94b526687488d1fa1de 1250 libs extra libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb 94fa18d06dc05caf7f671514f309c2e5 1113804 libs optional libgraphicsmagick-q16-3_1.3.23-1ubuntu0.6_amd64.deb 02823aab0c7a58543e90315e2790706c 1260 libdevel extra libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.6_amd64.ddeb daeaf61c7696465742f77a9cf18a8849 1298126 libdevel optional libgraphicsmagick1-dev_1.3.23-1ubuntu0.6_amd64.deb Original-Maintainer: Laszlo Boszormenyi (GCS)